diff --git a/devstack/files/apache-sahara-api.template b/devstack/files/apache-sahara-api.template
new file mode 100644
index 0000000000..591739155c
--- /dev/null
+++ b/devstack/files/apache-sahara-api.template
@@ -0,0 +1,27 @@
+Listen %PUBLICPORT%
+
+<VirtualHost *:%PUBLICPORT%>
+    WSGIDaemonProcess sahara-api processes=2 threads=1 user=%USER% display-name=%{GROUP} %VIRTUALENV%
+    WSGIProcessGroup sahara-api
+    WSGIScriptAlias / %SAHARA_BIN_DIR%/sahara-wsgi-api
+    WSGIApplicationGroup %{GLOBAL}
+    WSGIPassAuthorization On
+    AllowEncodedSlashes On
+    <IfVersion >= 2.4>
+        ErrorLogFormat "%{cu}t %M"
+    </IfVersion>
+    ErrorLog /var/log/%APACHE_NAME%/sahara-api.log
+    %SSLENGINE%
+    %SSLCERTFILE%
+    %SSLKEYFILE%
+
+    <Directory %SAHARA_BIN_DIR%>
+        <IfVersion >= 2.4>
+            Require all granted
+        </IfVersion>
+        <IfVersion < 2.4>
+            Order allow,deny
+            Allow from all
+        </IfVersion>
+    </Directory>
+</VirtualHost>
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index f94de90682..d11a1ead1d 100755
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -46,6 +46,37 @@ function cleanup_sahara {
 
     # Cleanup auth cache dir
     sudo rm -rf $SAHARA_AUTH_CACHE_DIR
+    if [ "$SAHARA_USE_MOD_WSGI" == "True" ]; then
+        sudo rm -f $(apache_site_config_for sahara-api)
+    fi
+}
+
+function configure_sahara_apache_wsgi {
+
+    local sahara_apache_conf=$(apache_site_config_for sahara-api)
+    local sahara_ssl=""
+    local sahara_certfile=""
+    local sahara_keyfile=""
+    local venv_path=""
+
+    if is_ssl_enabled_service sahara; then
+        sahara_ssl="SSLEngine On"
+        sahara_certfile="SSLCertificateFile $SAHARA_SSL_CERT"
+        sahara_keyfile="SSLCertificateKeyFile $SAHARA_SSL_KEY"
+    fi
+
+    sudo cp $SAHARA_DIR/devstack/files/apache-sahara-api.template $sahara_apache_conf
+    sudo sed -e "
+        s|%PUBLICPORT%|$SAHARA_SERVICE_PORT|g;
+        s|%APACHE_NAME%|$APACHE_NAME|g;
+        s|%SAHARA_BIN_DIR%|$SAHARA_BIN_DIR|g;
+        s|%SSLENGINE%|$sahara_ssl|g;
+        s|%SSLCERTFILE%|$sahara_certfile|g;
+        s|%SSLKEYFILE%|$sahara_keyfile|g;
+        s|%USER%|$STACK_USER|g;
+        s|%VIRTUALENV%|$venv_path|g
+    " -i $sahara_apache_conf
+
 }
 
 # configure_sahara() - Set config files, create data dirs, etc
@@ -140,7 +171,9 @@ function configure_sahara {
 
     # Format logging
     if [ "$LOG_COLOR" == "True" ] && [ "$SYSLOG" == "False" ]; then
-        setup_colorized_logging $SAHARA_CONF_FILE DEFAULT
+        if [ "$SAHARA_USE_MOD_WSGI" == "False" ]; then
+            setup_colorized_logging $SAHARA_CONF_FILE DEFAULT
+        fi
     fi
 
     if is_service_enabled tls-proxy; then
@@ -158,11 +191,18 @@ function configure_sahara {
     recreate_database sahara
     $SAHARA_BIN_DIR/sahara-db-manage \
         --config-file $SAHARA_CONF_FILE upgrade head
+
+    if [ "$SAHARA_USE_MOD_WSGI" == "True" ]; then
+        configure_sahara_apache_wsgi
+    fi
 }
 
 # install_sahara() - Collect source and prepare
 function install_sahara {
     setup_develop $SAHARA_DIR
+    if [ "$SAHARA_USE_MOD_WSGI" == "True" ]; then
+        install_apache_wsgi
+    fi
 }
 
 # install_python_saharaclient() - Collect source and prepare
@@ -182,10 +222,17 @@ function start_sahara {
         service_protocol="http"
     fi
 
-    run_process sahara-all "$SAHARA_BIN_DIR/sahara-all \
-        --config-file $SAHARA_CONF_FILE"
-    run_process sahara-api "$SAHARA_BIN_DIR/sahara-api \
-        --config-file $SAHARA_CONF_FILE"
+    if [ "$SAHARA_USE_MOD_WSGI" == "True" ] ; then
+        enable_apache_site sahara-api
+        restart_apache_server
+        tail_log sahara-api /var/log/$APACHE_NAME/sahara-api.log
+    else
+        run_process sahara-all "$SAHARA_BIN_DIR/sahara-all \
+            --config-file $SAHARA_CONF_FILE"
+        run_process sahara-api "$SAHARA_BIN_DIR/sahara-api \
+            --config-file $SAHARA_CONF_FILE"
+    fi
+
     run_process sahara-eng "$SAHARA_BIN_DIR/sahara-engine \
         --config-file $SAHARA_CONF_FILE"
 
@@ -214,9 +261,14 @@ function configure_tempest_for_sahara {
 # stop_sahara() - Stop running processes
 function stop_sahara {
     # Kill the Sahara screen windows
-    stop_process sahara-all
-    stop_process sahara-api
-    stop_process sahara-eng
+    if [ "$SAHARA_USE_MOD_WSGI" == "True" ]; then
+        disable_apache_site sahara-api
+        restart_apache_server
+    else
+        stop_process sahara-all
+        stop_process sahara-api
+        stop_process sahara-eng
+    fi
 }
 
 # is_sahara_enabled. This allows is_service_enabled sahara work
diff --git a/devstack/settings b/devstack/settings
index 8aae7a74a6..39625362b1 100644
--- a/devstack/settings
+++ b/devstack/settings
@@ -36,6 +36,9 @@ True}
 SAHARA_PERIODIC_COORDINATOR_URL=${SAHARA_PERIODIC_COORDINATOR_URL:-\
 kazoo://127.0.0.1:2181}
 
+#Toggle for deploying Sahara API with Apache + mod_wsgi
+SAHARA_USE_MOD_WSGI=${SAHARA_USE_MOD_WSGI:-False}
+
 # Tell Tempest this project is present
 TEMPEST_SERVICES+=,sahara
 
diff --git a/tox.ini b/tox.ini
index 98bd35ac8b..2517f145ef 100644
--- a/tox.ini
+++ b/tox.ini
@@ -32,7 +32,7 @@ commands =
     doc8 doc/source
     # Run bashate checks
     bash -c "find sahara -iname '*.sh' -print0 | xargs -0 bashate -v"
-    bash -c "find devstack -not -name README.rst -and -not -name \*.json -type f -print0 | xargs -0 bashate -v"
+    bash -c "find devstack -not -name \*.template -and -not -name README.rst -and -not -name \*.json -type f -print0 | xargs -0 bashate -v"
     # Run security linter
     bandit -c bandit.yaml -r sahara -n5 -p sahara_default -x tests