Developer Documentation
Secure your API with APIGate's local sidecar proxy. Low latency, privacy-first, and simple to integrate.
Introduction
APIGate is a behavioral firewall for your API. Unlike traditional rate limiters that only track IP addresses, APIGate tracks Identity (User + IP) to stop sophisticated abuse like proxy hopping, multi-account farming, and credential stuffing.
How It Works
To maintain < 5ms latency and high privacy standards, we recommend running the APIGate Proxy as a sidecar or local service alongside your application.
1. Local Caching
Decisions are cached locally. 99% of requests never hit the network, ensuring instant responses.
2. Smart Batching
Required checks are aggregated and sent in batches asynchronously, reducing API costs.
3. Privacy Hashing
Emails & PII are salted and hashed locally before leaving your infrastructure.
Quick Start: Run the Proxy
The local proxy is a lightweight Go application. You can build it from source or run the pre-compiled binary.
Requirements
- Go 1.21+ (if building from source)
- Git
- Network Access to
api.apigate.io(HTTPS/443)
1. Clone & Build
# Clone the repository
git clone https://github.com/apigate-in/apigate-proxy.git
cd apigate-proxy
# Build the binary
go build -o apigate-proxy2. Configure Environment
Create a .env file in the same directory:
# .env
PORT=8080
UPSTREAM_BASE_URL=https://api.apigate.io
UPSTREAM_API_KEY=your_api_key_here
# Privacy Settings
EMAIL_ENCRYPTION_ENABLED=true
EMAIL_ENCRYPTION_KEY=your_random_secret_string
# Performance
WINDOW_SECONDS=603. Run the Server
# Start the proxy
./apigate-proxyThe server will start on port 8080 (or your configured PORT).
Application Integration
Once the proxy is running at http://localhost:8080, integrate it into your backend middleware. You need to make two calls: a blocking check before processing, and an async log after processing.
Step 1: Check Permission (Blocking)
Call this before your business logic.
// Example: Node.js / Express Middleware
async function accessIqMiddleware(req, res, next) {
const payload = {
ip_address: req.ip,
email: req.user?.email || req.ip, // Required: Use Email, User-ID, or fallback to IP
user_agent: req.get('User-Agent')
};
try {
// Call Local Proxy
const response = await axios.post('http://localhost:8080/api/allow', payload);
if (response.data.allow) {
next(); // Allowed
} else {
res.status(403).json({ error: "Access Denied", reason: response.data.message });
}
} catch (err) {
// Fail Open Strategy (Recommended)
console.error("APIGate Proxy Error:", err.message);
next();
}
}Step 2: Log Result (Async)
Call this after sending your response. Do not await this call (fire-and-forget).
// Fire and forget - don't block response
axios.post('http://localhost:8080/api/log', {
ip_address: req.ip,
email: req.user?.email || req.ip,
response_code: res.statusCode,
endpoint: req.path,
timestamp: new Date().toISOString()
}).catch(e => console.error("Log error", e));Configuration Reference
Full list of supported environment variables for the proxy:
| Variable | Description | Default |
|---|---|---|
| PORT | Local server port | 8080 |
| UPSTREAM_BASE_URL | Main Backend URL. Default is APIGate Cloud. Can be changed to a custom domain for Enterprise/On-Premise plans. | https://api.apigate.io |
| UPSTREAM_API_KEY | Your APIGate Secret Key | Required |
| EMAIL_ENCRYPTION_KEY | Secret for local hashing | None (Plaintext) |
| WINDOW_SECONDS | Cache window duration | 60 |
Ready to Integrate?
Get your API keys from the dashboard and start securing your endpoints in under 5 minutes.