{"id":"apioo-fusio","name":"fusio","homepage":"https://www.fusio-project.org","repo_url":"https://github.com/apioo/fusio","category":"api-gateway","subcategories":[],"tags":["api-management","api-gateway","rest","openapi","sdk-generation","self-hosted","mcp","ai-agents","developer-portal","monetization","monitoring"],"what_it_does":"Fusio is a self-hosted API management platform that sits between data sources/microservices and API consumers. It provides routing and gateway functionality, authentication, documentation, and automated SDK generation; it also supports AI-agent tool integration via custom backend logic and native MCP support.","use_cases":["Expose legacy SQL/NoSQL databases as REST APIs","API gateway for microservices (routing/orchestration/load balancing)","Build reusable custom API logic in PHP or JavaScript","Expose APIs as tools for AI agents","Developer portal for third-party API consumers (docs/testing/keys)","Automate API documentation and client SDK generation","API monetization (plans/quotas/billing)","Monitor and track API usage/performance/errors","Use MCP to integrate APIs into AI ecosystems"],"not_for":["Serverless-only deployments without self-hosting capability","Use cases requiring an opinionated fully managed SaaS with vendor-managed uptime/SLA","Teams needing documented, fine-grained OAuth scope model from this README alone","Organizations that cannot operate and secure a full backend platform"],"best_when":"You want to run API management, authentication, docs, and SDK generation on your own infrastructure and integrate the resulting APIs with both human and AI-agent consumers.","avoid_when":"You cannot provide operational security/maintenance for a self-hosted PHP platform and its database connections, or you require a clearly documented, provider-hosted SaaS contract/SLA from the outset.","alternatives":["Kong (API gateway)","Tyk (API gateway)","Apigee / Google Cloud API management","Amazon API Gateway","Postman API Platform (focused on design/testing)","AWS AppSync (GraphQL-oriented)","OpenAPI-based custom gateway solutions","Self-hosted service meshes + custom auth/docs tooling"],"af_score":60.0,"security_score":55.0,"reliability_score":35.0,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:21:11.584230+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":true,"sdk_languages":["C#","Go","Java","JavaScript","PHP","Python"],"openapi_spec_url":"https://demo.fusio-project.org/system/generator/spec-openapi?filter=backend (and similar for consumer/system)","webhooks":false},"auth":{"methods":["Developer portal API keys/keys mentioned (via portal credentials)","Backend/admin login via configured credentials","Token-based access implied by API management context (not explicitly detailed in README)"],"oauth":false,"scopes":false,"notes":"README demonstrates login for backend using configured admin credentials and mentions 'keys' via the developer portal, but does not specify OAuth flows or scope granularity details."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Pricing for Fusio itself is not described in the provided README; it is presented as an open-source self-hosted platform."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":60.0,"security_score":55.0,"reliability_score":35.0,"mcp_server_quality":55.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":60.0,"rate_limit_clarity":20.0,"tls_enforcement":70.0,"auth_strength":65.0,"scope_granularity":35.0,"dependency_hygiene":45.0,"secret_handling":55.0,"security_notes":"README provides deployment examples with environment variables (including project key, DB credentials, and admin password) but does not describe secure secret storage practices, password handling, TLS enforcement, or authorization model details (scopes/least privilege). It does mention an API developer portal with keys, suggesting authenticated access, and provides an installation note about correct APP_URL/hosting paths. No explicit rate-limit or security headers guidance is present in the provided content.","uptime_documented":0.0,"version_stability":50.0,"breaking_changes_history":50.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["As a self-hosted platform, agents must be provisioned with correct base URLs, database connectivity, and initial app/user setup before API calls work.","README references multiple generated OpenAPI specs via a demo generator; actual behavior depends on local configuration and installed apps.","Pagination, idempotency, and retry semantics are not documented in the provided README, so agents may need to infer from endpoint specifics."]}}