---
title: "Fabric Gateway: The Gateway for Your AI Traffic | Postman"
description: "Route, govern, and observe LLMs, MCP servers, agents, and internal APIs through one gateway, deployed inside your own cloud. Get early access to Postman Fabric Gateway."
url: https://www.postman.com/product/fabric-gateway/
---

# Fabric Gateway: The Gateway for Your AI Traffic | Postman

> Route, govern, and observe LLMs, MCP servers, agents, and internal APIs through one gateway, deployed inside your own cloud. Get early access to Postman Fabric Gateway.

*Fabric Gateway*

## Blazing fast AI-native agent gateway

LLMs, MCP servers, agents, and internal APIs, routed, governed, and observed through a single endpoint deployed inside your own cloud.

[Get early access](#early-access)

---

### How Fabric Gateway works

---

*CAPABILITIES*

Six capabilities. One control plane. Built for developers and designed for the enterprise.

### Universal Connectivity

**One endpoint. Every AI service.** Point your existing SDK at Fabric Gateway and you're connected to 1,000+ LLM providers, internal and external MCP servers, your APIs, A2A agents, and gRPC services, one control plane, same auth and governance on every route.

### Policy-Driven Governance

**Every call authenticated, authorized, and logged.** Fabric enforces auth at two levels. At the gateway edge, every inbound request is verified before it touches any upstream: JWT, OIDC, or API key. For outbound calls, the gateway brokers the right upstream credential (OAuth token, API key, or bearer token) injected transparently, never handled by the agent. RBAC, scope gates, and audit logging apply uniformly on top of both layers, across every route.

### Credential Brokering

**Your secrets never leave your cloud.** Agents authenticate with a scoped gateway token. The data plane running inside your VPC looks up the right upstream credential, injects it, and forwards the request. The agent never sees it. Neither does Postman. Credentials live exclusively inside your perimeter, encrypted at rest with keys you control.

### AI-Native Workload Support

**Built for LLMs and agents, not retrofitted.** Fabric sees the model, the token count, the streaming mode, and the tool invocations inside every LLM call. That's what makes token-based rate limits, per-team cost attribution, and per-chunk stream governance possible, with no instrumentation in your application code.

### Full-Stack Observability

**One trace across every agent hop.** Fabric instruments every call automatically, pushing data to the observability stack you use for day-to-day workflows.

### Zero-Trust Agent Security

**Every agent action traces back to a human identity.** Dual identity validation on every A2A request, RFC 8693 token exchange with execution-plan enforcement, cross-org trust federation that validates external agent tokens against their own JWKS, and fail-closed by default, no policy verification, no traffic.

---

*ZERO TRUST*

Fabric's zero-trust model anchors every agent action to the user that initiated it, and the upstream credentials those actions touch are brokered, never exposed.

### Dual identity validation

Every A2A request verifies both the agent token and the user context token.

### RFC 8693 delegation

Purpose-scoped tokens per hop; the original JWT never forwards.

### Fail-closed

If policy can't be verified, the request is denied, never passed through.

### Credentials never leave

Upstream secrets are injected by Fabric; agents never see them.

---

*FOR THE ENTERPRISE*

Choose the deployment model that fits your security review.

### Self-hosted in your VPC

Run the data plane inside your own Kubernetes cluster or VM fleet.

### Postman-hosted

Let Postman operate it for you with regional data planes.

### Hybrid

Control plane managed by Postman; data plane stays in your cloud.

---

## Fabric is built for all APIs

---

## 1,000+ LLMs, one endpoint

Integrate with any LLM provider: OpenAI, Anthropic, Google Gemini, Azure, AWS Bedrock, Cohere, Mistral, Meta Llama, DeepSeek, and hundreds more.

---

### Drop-in compatible

Change the base URL in your existing SDK client. Every existing call, every existing integration, works unchanged. No new library to learn, no request format to translate.

### Automatic fallback and routing

Define fallback chains across providers and models. If a provider is unavailable or degraded, traffic routes to the next in your chain automatically. Weighted routing for cost/quality tradeoffs. Circuit breakers per upstream.

### Token-aware rate limits and budgets

Set limits by token count, not just request count. Per-team and per-consumer budgets enforced in real time. Streaming SSE completions are governed call by call, not just at request initiation.

### Cost and quality visibility

Every prompt and completion logged inside your own cloud. LLM metering attributed by model, route, team, and user. Compare cost per model against quality signals to make routing decisions based on real data, not estimates.

### PII redaction on every call

Detect and redact sensitive data in prompts before they reach a provider, and in completions before they reach your application. Configurable per route: redact, hash, block, or flag for async review. Works on streaming responses, not just blocking calls.

### Credential isolation per provider

API keys and OAuth tokens for each LLM provider are stored in your data plane, injected transparently by the gateway, and never exposed to the calling application. Switch providers without redistributing secrets.

---

## MCPs, internal and external

Integrate to any external MCP server. Register your internal ones in minutes. Fabric governs both the same way.

---

### Fan-out across every upstream MCP

One inbound tools/list request fans out to all registered MCP servers simultaneously. Results are merged, deduplicated, and namespaced automatically. No collisions between tools from different servers, no per-agent wiring required.

### Expose multiple MCP servers behind one route

Agents connect to a single Fabric endpoint regardless of how many MCP servers sit behind it. Add, remove, or swap upstream MCP servers without changing anything in the agent's configuration, with an optional code mode plugin.

### Scope-aware tool loading

Agents only see the tools they are explicitly authorized for. Unauthorized tools are absent from tools/list entirely, silent deny by default. An agent cannot discover what it cannot call.

---

## Internal APIs, agent-ready

Fabric exposes your internal APIs as governed routes: registered from Postman collections, OpenAPI / AsyncAPI specs, or your Private API Network, and they're immediately reachable by any agent through the same control plane as every LLM and MCP server.

---

### One policy layer

Route-level auth, RBAC, and credential brokering apply to internal APIs exactly as they do to LLMs and MCPs.

### Reach inside your perimeter

Because the data plane runs in your VPC, agents can call private APIs a SaaS gateway can't see.

---

### Ready to control your AI traffic?

Get early access while we onboard launch customers.

---

## Broken collaboration leads to broken APIs.

Ninety-three percent of API teams still face collaboration blockers. The 2025 State of the API report reveals how you can unlock the productivity gains that API-first promises, but scattered tooling prevents.

[Read the Report](/state-of-api/2025/)
