| Vulnerabilities | |||||
|---|---|---|---|---|---|
| Version | Suggest | Low | Medium | High | Critical |
| 24.1.0 | 0 | 0 | 0 | 0 | 0 |
| 24.0.1 | 0 | 0 | 0 | 0 | 0 |
| 24.0.0 | 0 | 0 | 0 | 0 | 0 |
| 23.4.3 | 0 | 0 | 0 | 0 | 0 |
| 23.4.2 | 0 | 0 | 0 | 0 | 0 |
| 23.4.1 | 0 | 0 | 0 | 0 | 0 |
| 23.4.0 | 0 | 0 | 0 | 0 | 0 |
| 23.3.6 | 0 | 0 | 0 | 0 | 0 |
| 23.3.4 | 0 | 0 | 0 | 0 | 0 |
| 23.3.3 | 0 | 0 | 0 | 0 | 0 |
| 23.3.0 | 0 | 0 | 0 | 0 | 0 |
| 23.2.2 | 0 | 0 | 0 | 0 | 0 |
| 23.2.0 | 0 | 0 | 0 | 0 | 0 |
| 23.1.0 | 0 | 0 | 0 | 0 | 0 |
| 23.0.0 | 0 | 0 | 0 | 0 | 0 |
| 22.0.1 | 0 | 0 | 0 | 0 | 0 |
| 22.0.0 | 0 | 0 | 0 | 0 | 0 |
| 21.0.0 | 0 | 0 | 0 | 0 | 0 |
| 20.0.0 | 0 | 0 | 0 | 0 | 0 |
| 19.0.4 | 0 | 0 | 0 | 0 | 0 |
| 19.0.3 | 0 | 0 | 0 | 0 | 0 |
| 19.0.2 | 0 | 0 | 0 | 0 | 0 |
| 19.0.1 | 0 | 0 | 0 | 0 | 0 |
| 19.0.0 | 0 | 0 | 0 | 0 | 0 |
| 18.0.0 | 0 | 0 | 0 | 0 | 0 |
| 17.0.1 | 0 | 0 | 0 | 0 | 0 |
| 17.0.0 | 0 | 0 | 0 | 0 | 0 |
| 16.0.2 | 0 | 0 | 0 | 0 | 0 |
| 16.0.1 | 0 | 0 | 0 | 0 | 0 |
| 16.0.0 | 0 | 0 | 0 | 0 | 0 |
| 1.1.0 | 0 | 0 | 0 | 0 | 0 |
24.1.0 - This version is safe to use because it has no known security vulnerabilities at this time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform
Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.
MIT - MIT LicenseOcelot is a .NET API gateway. This project is aimed at people using .NET running a microservices (service-oriented) architecture that needs a unified point of entry into their system. However, it will work with anything that speaks HTTP(S) and runs on any platform that ASP.NET Core supports.
Ocelot consists of a series of ASP.NET Core middlewares arranged in a specific order.
Ocelot custom middlewares manipulate the HttpRequest object into a state specified by its configuration until it reaches a request builder middleware, where it creates a HttpRequestMessage object, which is used to make a request to a downstream service.
The middleware that makes the request is the last thing in the Ocelot pipeline. It does not call the next middleware.
The response from the downstream service is retrieved as the request goes back up the Ocelot pipeline.
There is a piece of middleware that maps the HttpResponseMessage onto the HttpResponse object, and that is returned to the client.
That is basically it, with a bunch of other features!
Ocelot is designed to work with ASP.NET Core and it targets net9.0 STS and net8.0, net10.0 LTS target framework monikers (TFMs). 1
Install Ocelot package and its dependencies using the .NET CLI:
dotnet add package OcelotAll versions are available on NuGet.
The primary featuresβConfiguration and Routingβare always utilized by users, even in a minimal app setup, without customizations or extra configurations. Ocelot's capabilities are categorized into three main groups of features: solid, hybrid, and feature-family groups, which are explained below.
| Group | Features |
|---|---|
| Primary | Configuration, Routing |
| Solid | Caching, Delegating Handlers, Quality of Service3, Rate Limiting |
| Hybrid | Administration, Aggregation4, Authentication, Configuration, Dependency Injection, Load Balancer |
| Family | Configuration, Routing, Logging, Transformations, Service Discovery5 |
Feature groups are explained in the table below
| Feature | Relationships and Notes |
|---|---|
| Administration | Administration heavily depends on Authentication, and Administration API methods are part of Authentication, Caching, and Configuration |
| Aggregation4 | Aggregation relies on Routing |
| Authentication | Authentication followed by Authorization |
| Configuration |
Configuration depends on Dependency Injection, including GET/POST operations via the Administration REST API, a specialized Websockets scheme/protocol, advanced Middleware Injection, and Metadata-based extensions |
| Routing | Routing offers specialized Websockets and Dynamic Routing modes but does not support GraphQL6 |
| Load Balancer | Load Balancer is a critical dependency for Service Discovery |
| Logging | Logging includes Error Handling and Tracing |
| Service Discovery5 | Service Discovery with the following discovery providers: Consul, Kubernetes, Eureka, and Service Fabric |
| Transformations | They provide transformations for Claims, Headers, and Method |
Ocelot customizations can be configured using Metadata, developed with Delegating Handlers, and in advanced scenarios, they can be developed and then configured with Middleware Injection. For further details, refer to the Documentation.
Welcome to Ocelot's minimalist folder organization! Our repository follows a clean, flat structure that makes it easy to navigate and contribute. Here's where everything lives:
Ocelot/
βββ π¦ src/ # Main library source code (Ocelot NuGet package)
β βββ Configuration/ # Configuration system & builders
β βββ DependencyInjection/ # IoC setup & extension methods
β βββ Authentication/ # Auth middleware & schemes
β βββ RateLimiting/ # Rate limiting policies
β βββ Routing/ # Core routing logic
β βββ ... # Other features (Caching, Load Balancing, etc.)
β
βββ π§ͺ unit/ # Unit tests (fast, isolated tests)
β βββ Ocelot.UnitTests.csproj # Component-level test suite
β
βββ β
acceptance/ # Integration tests (end-to-end scenarios)
β βββ Ocelot.Acceptance.csproj # Full pipeline test suite
β
βββ π benchmark/ # Performance benchmarking
β βββ Ocelot.Benchmarks.csproj # Using BenchmarkDotNet
β
βββ π manual/ # Manual testing & demo apps
β βββ Ocelot.ManualTest.csproj # Sample applications
β
βββ π οΈ testing/ # Shared test infrastructure (Ocelot.Testing NuGet package)
β βββ Ocelot.Testing.csproj # Common test utilities & helpers
β
βββ π docs/ # Documentation source files (https://ocelot.readthedocs.io website)
β βββ *.rst files # reStructuredText documentation
β βββ make.* scripts # Terminal build scripts for generating HTML docs
β
βββ π samples/ # Example projects & demonstrations
β
βββ βοΈ .config/ # Build & versioning configuration
β βββ dotnet-tools.json # CI and local building tools configuration
β
βββ π§ .github/ # GitHub-specific settings
β βββ steps/ # CI/CD terminal scripts for GitHub Actions steps
β βββ workflows/ # CI/CD pipelines (GitHub Actions)
β βββ *.md files # Markdown configuration supporting GitHub process
β
βββ π Root Configuration # Solution & project files
βββ Ocelot.slnx # Visual Studio 2026+ solution (Ocelot development)
βββ Ocelot.Samples.slnx # Visual Studio 2026+ solution (Ocelot samples)
βββ .editorconfig # Code style & formatting rules
βββ build.cake # Cake build automation (Release workflow only)
βββ ReleaseNotes.md # Template for release notes (used in GitHub Actions)
| Folder | Purpose | Who Uses It |
|---|---|---|
| src | Production source code for the Ocelot library | Core contributors, feature developers |
| unit | Fast unit tests for individual components | All test writers, feature developers |
| acceptance | Comprehensive integration & end-to-end tests | QA engineers, integration specialists |
| benchmark | Performance measurement projects | Performance engineers, optimization team |
| manual | Manual testing apps and code examples | QA team, demonstrations |
| testing | Shared test utilities, base classes, helpers | Everyone writing tests |
| docs | Documentation source (reStructuredText format) | Documentation maintainers |
| samples | Example projects showing Ocelot features in action | Developers learning Ocelot, solution architects |
| .config | Build scripts and version configuration | DevOps, release managers |
| .github | CI/CD workflows and GitHub settings | DevOps, automation engineers |
See examples?
samples/ for complete working projectsAdd a new feature
src/
unit/
acceptance/
docs/
Fix a bug
src/
unit/ or acceptance/)Write tests
unit/ (test individual methods/classes)acceptance/ (test workflows across components)acceptance/ (test complete user scenarios for HTTP conveyor)testing/ for available base classesImprove performance
benchmark/
Update documentation
.rst files in docs/
cd docs && make html
docs/_build/html/index.html
Configure CI/CD
.github/workflows/
.config/ and in build.cake
build.cake
Understand code layout
src/DependencyInjection/ConfigurationBuilderExtensions.cs
src/Routing/
src/Middleware/
New to Ocelot?
src/DependencyInjection/ to understand the startup flowdocs/ for architecture and feature documentationWant to run tests?
dotnet test unit/Ocelot.UnitTests.csproj --verbosity quiet
dotnet test acceptance/Ocelot.Acceptance.csproj
Need to benchmark?
cd benchmark && dotnet run -c Releasesrc/FeatureName/)unit/ or acceptance/
You can see what we are working on in the backlog.
We love to receive contributions from the community, so please keep them coming.
Pull requests, issues, and commentary welcome! ![]()
Please complete the relevant template for issues and pull requests.
Sometimes it's worth getting in touch with us to discuss changes before doing any work in case this is something we are already doing or it might not make sense.
We can also give advice on the easiest way to do things ![]()
Finally, we mark all existing issues as
.7
If you want to contribute for the first time, we suggest looking at a
![]()
Starting with version 21 and higher, the solution's code base supports Multitargeting as SDK-style projects. It should be easier for teams to migrate to the currently supported .NET 8, 9 and 10 frameworks. Also, new features will be available for all .NET SDKs that we support via multitargeting. Find out more here: Target frameworks in SDK-style projects β©
Ocelot Guru is an unofficial tool to get answers regarding Ocelot: please consider it an advanced search tool. Thus, we have an official Questions & Answers category in the Discussions space. β©
Retry policies only via Polly library referenced within the Ocelot.QualityOfService.Polly extension package, a former Ocelot.Provider.Polly package. β©
Previously, the Aggregation feature was called Request Aggregation in versions 23.4.3 and earlier. Internally, within the Ocelot team, this feature is referred to as Multiplexer. β© β©2
Ocelot supports the following service discovery providers: (1) Consul through the Ocelot.Discovery.Consul extension package, (2) Kubernetes via the Ocelot.Provider.Kubernetes extension package, and (3) Netflix Eureka, which utilizes the Steeltoe.Discovery.Eureka package referenced within the Ocelot.Discovery.Eureka extension package. Additionally, Ocelot supports (4) Azure Service Fabric for service discovery, along with special modes such as Dynamic Routing and Custom Providers. β© β©2
Ocelot does not directly support GraphQL. Developers can easily integrate the GraphQL for .NET library. β©
See all labels for the repository, which are useful for searching and filtering. β©