API security proxy

Put explicit security boundaries around outbound API traffic

ThrottleProxy combines workspace authentication, approved destinations, private-network blocking, credential separation, resource limits, and sanitized lifecycle evidence. It does not replace provider authentication or a complete enterprise gateway.

Tenant scopedPrivate targets blockedCredentials stripped

Practical boundaries

Security is a sequence of small, enforced decisions

Authenticate first

Resolve a workspace key with one exact hash-keyed Redis lookup before opening an upstream connection.

Approve the destination

Require exact hosts or explicit one-level wildcard patterns before target safety validation.

Block private networks

Reject local, metadata, private, reserved, unsafe-port, and unsafe-protocol targets before outbound traffic.

Separate credentials

Strip ThrottleProxy credentials, cookies, and hop-by-hop headers from the upstream request.

Bound resource use

Apply request, response, queue, concurrency, idle, and absolute-duration limits.

Keep safe evidence

Redact sensitive headers, query values, tokens, bodies, and raw upstream errors from lifecycle output.

Good fit

  • Teams calling a small, reviewed set of public upstream APIs.
  • Applications that need shared limits and destination policy outside one process.
  • Workspaces that need narrow roles and privacy-safe operational evidence.

Not a replacement for

  • Provider credential storage or automatic provider authorization.
  • A general-purpose open proxy or arbitrary URL fetcher.
  • A compliance certification, WAF, or complete zero-trust network platform.

Common questions

Does ThrottleProxy forward its own API key upstream?

No. Proxy credentials are removed before the outbound request. Providers that require authorization need a separate explicit credential mechanism.

Can it reach private or metadata services?

Targets are checked for unsafe protocols, ports, local names, private and reserved addresses, metadata ranges, and unsafe DNS results.

Does it store raw request bodies?

Diagnostic and lifecycle objects are designed to preserve safe stage, timing, and status context without raw request or response bodies.

Start with one narrow integration

Use one workspace key, one exact public host, and non-sensitive test traffic.

Open quick start