Open source ·JSON:API compliant · Apache 2.0

Build the Business Model.
Ship the API.

Write a YAML manifest describing your domain. Aperture generates a fully-compliant JSON:API server — auth, multi-tenancy, hooks, and audit — with zero boilerplate code and zero schema management.

Four steps from model to production

One manifest file. Everything else is generated.

1
Define your model

Describe your domain in YAML

Declare entities, fields, types, and relationships. Mark entities as tenant-scoped. This manifest is the single source of truth — no Java, no Spring config.

invoice.yaml
apiVersion: aperture.itsjool.com/v1
kind: Entity
metadata:
  name: Invoice
spec:
  tenantScoped: true
  fields:
    amount:
      type: decimal
      required: true
    status:
      type: string
      enum: [DRAFT, ISSUED, PAID]
    customer:
      type: ref
      target: Customer
      relation: ManyToOne
      required: true
2
Secure it

Declare permissions and policies

Define role-based access per operation and attribute-based policies inline. No separate security layer — Aperture enforces it at runtime from your manifest.

invoice.yaml
  permissions:
    TenantAdmin: [read, delete]
    Accountant:  [create, read, update]
    Viewer:      [read]

  policies:
    FinanceTeamOnly: [read, update]
    EuRegionOnly:    [read, update]
3
Hook into the lifecycle

Attach validation and triggers

Four hook types fire at the right phase of every request. You own the logic over HTTP — Aperture handles signing, retries, and failure modes.

invoice.yaml
  hooks:
    ValidateInvoice:
      phase: PRECOMMIT
      async: false
      onFailure: reject
      url: http://hook-service:8080/hooks/validate-invoice
4
Build and ship

Run the build. Deploy. Done.

The Maven plugin generates all Java source and Liquibase migrations. No code written by hand, no SQL to manage. Commit the lock files and ship.

terminal
# generates, migrates, tests, packages
$ mvn verify

✓ Manifest validated
✓ Java source generated
✓ Liquibase changeset written
✓ 81 tests passed

$ docker compose up --detach
✓ JSON:API server listening on :8080

Enterprise-ready. Declared, not hand-written.

Everything a production multi-tenant API needs — and a pluggable architecture so you own what matters.

Zero-boilerplate code generation

The Maven plugin generates all Spring entities, controllers, repositories, and auth filters from your manifests on every build. Regenerated from truth every time — no drift, no stale code.

Zero schema management

Aperture diffs your manifest against committed lock files and generates Liquibase migrations automatically. Add a field, rename a field — the SQL writes itself. Drops are deferred so you never lose data accidentally.

MCP integration — AI-ready out of the box

Every entity gets Model Context Protocol tool stubs for list, get, create, update, and delete. AI assistants respect the same auth, tenancy, and permission rules as the REST API.

JSON:API — the full protocol, not just the format

Atomic operations, sparse fieldsets, compound documents, RSQL filtering, sorting, and pagination come standard on every entity. The open standard answers the questions your team would otherwise argue about.

Multi-tenancy out of the box

POOL mode adds tenant isolation at the database level — every query auto-filtered, every FK constraint tenant-aware. NONE mode for single-tenant deployments. Same codebase, different config.

Pluggable auth and identity

JWT and API key auth built in. Implement one interface to swap in Keycloak, Okta, or any identity provider. Everything else — tenancy, RBAC, hooks, audit — stays completely unchanged.

Four lifecycle hook types

validate blocks, mutate modifies, trigger fires async, guard runs pre-auth. You implement logic over HTTP — Aperture handles signing, retries, and timeouts.

RBAC + ABAC security model

Role-based permissions and SpEL attribute policies live in the manifest. Field encryption, rate limiting, optimistic locking, and a transactional audit trail are all included.

Ready to stop bikeshedding?

Write a manifest. Ship a production API. Focus on the model — Aperture handles the exposure.