diff --git a/templates/queens/api-paste.ini b/templates/queens/api-paste.ini
new file mode 100644
index 0000000..e01847c
--- /dev/null
+++ b/templates/queens/api-paste.ini
@@ -0,0 +1,117 @@
+
+# heat-api pipeline
+[pipeline:heat-api]
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation osprofiler authurl authtoken context apiv1app
+
+# heat-api pipeline for standalone heat
+# ie. uses alternative auth backend that authenticates users against keystone
+# using username and password instead of validating token (which requires
+# an admin/service token).
+# To enable, in heat.conf:
+#   [paste_deploy]
+#   flavor = standalone
+#
+[pipeline:heat-api-standalone]
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation authurl authpassword context apiv1app
+
+# heat-api pipeline for custom cloud backends
+# i.e. in heat.conf:
+#   [paste_deploy]
+#   flavor = custombackend
+#
+[pipeline:heat-api-custombackend]
+pipeline = cors request_id faultwrap versionnegotiation context custombackendauth apiv1app
+
+# To enable, in heat.conf:
+#   [paste_deploy]
+#   flavor = noauth
+#
+[pipeline:heat-api-noauth]
+pipeline = cors request_id faultwrap http_proxy_to_wsgi versionnegotiation noauth context apiv1app
+
+# heat-api-cfn pipeline
+[pipeline:heat-api-cfn]
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation osprofiler ec2authtoken authtoken context apicfnv1app
+
+# heat-api-cfn pipeline for standalone heat
+# relies exclusively on authenticating with ec2 signed requests
+[pipeline:heat-api-cfn-standalone]
+pipeline = cors http_proxy_to_wsgi cfnversionnegotiation ec2authtoken context apicfnv1app
+
+# heat-api-cloudwatch pipeline
+[pipeline:heat-api-cloudwatch]
+pipeline = cors versionnegotiation osprofiler ec2authtoken authtoken context apicwapp
+
+# heat-api-cloudwatch pipeline for standalone heat
+# relies exclusively on authenticating with ec2 signed requests
+[pipeline:heat-api-cloudwatch-standalone]
+pipeline = cors versionnegotiation ec2authtoken context apicwapp
+
+[app:apiv1app]
+paste.app_factory = heat.common.wsgi:app_factory
+heat.app_factory = heat.api.openstack.v1:API
+
+[app:apicfnv1app]
+paste.app_factory = heat.common.wsgi:app_factory
+heat.app_factory = heat.api.cfn.v1:API
+
+[app:apicwapp]
+paste.app_factory = heat.common.wsgi:app_factory
+heat.app_factory = heat.api.cloudwatch:API
+
+[filter:versionnegotiation]
+paste.filter_factory = heat.common.wsgi:filter_factory
+heat.filter_factory = heat.api.openstack:version_negotiation_filter
+
+[filter:cors]
+paste.filter_factory = oslo_middleware.cors:filter_factory
+oslo_config_project = heat
+
+[filter:faultwrap]
+paste.filter_factory = heat.common.wsgi:filter_factory
+heat.filter_factory = heat.api.openstack:faultwrap_filter
+
+[filter:cfnversionnegotiation]
+paste.filter_factory = heat.common.wsgi:filter_factory
+heat.filter_factory = heat.api.cfn:version_negotiation_filter
+
+[filter:cwversionnegotiation]
+paste.filter_factory = heat.common.wsgi:filter_factory
+heat.filter_factory = heat.api.cloudwatch:version_negotiation_filter
+
+[filter:context]
+paste.filter_factory = heat.common.context:ContextMiddleware_filter_factory
+
+[filter:ec2authtoken]
+paste.filter_factory = heat.api.aws.ec2token:EC2Token_filter_factory
+
+[filter:http_proxy_to_wsgi]
+paste.filter_factory = oslo_middleware:HTTPProxyToWSGI.factory
+
+# Middleware to set auth_url header appropriately
+[filter:authurl]
+paste.filter_factory = heat.common.auth_url:filter_factory
+
+# Auth middleware that validates token against keystone
+[filter:authtoken]
+paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+# Auth middleware that validates username/password against keystone
+[filter:authpassword]
+paste.filter_factory = heat.common.auth_password:filter_factory
+
+# Auth middleware that validates against custom backend
+[filter:custombackendauth]
+paste.filter_factory = heat.common.custom_backend_auth:filter_factory
+
+# Auth middleware that accepts any auth
+[filter:noauth]
+paste.filter_factory = heat.common.noauth:filter_factory
+
+# Middleware to set x-openstack-request-id in http response header
+[filter:request_id]
+paste.filter_factory = oslo_middleware.request_id:RequestId.factory
+
+[filter:osprofiler]
+paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
+