Authenticate workspace callers
Resolve a revocable workspace API key before any upstream connection is attempted.
Focused gateway alternative
ThrottleProxy focuses on authenticated workspace traffic to reviewed public API destinations. It adds destination safety, resource controls, credential separation, and operational evidence without claiming to replace every gateway, mesh, or ingress function.
Practical boundaries
Resolve a revocable workspace API key before any upstream connection is attempted.
Approve exact public hosts or explicit one-level wildcard patterns instead of arbitrary URLs.
Apply rate, queue, concurrency, request, response, idle, and absolute-duration limits.
Remove ThrottleProxy credentials and cookies before forwarding safe headers upstream.
Keep lifecycle stage, timing, status, and bounded correlation context without raw secrets or bodies.
Use workspace roles, tenant scope, audit events, and narrow support visibility.
No. It is a focused outbound protection layer. A full gateway remains appropriate for ingress routing, transformations, developer portals, or broad service-mesh responsibilities.
No. The workspace must approve a narrow host pattern, and target safety checks still block unsafe protocols, ports, names, addresses, and DNS results.
No. Proxy authentication and provider authentication remain separate; provider credential storage is not connected.
Use one workspace key, one exact public host, and non-sensitive test traffic.