api_gateway Product type

API Gateway

Token-gated, audited HTTP proxy with method/header policies, OAuth injection, SSRF guard, and rate limits. The non-LLM gateway story for everything else your app talks to.

Install Community Edition API Gateway docs ↗

WHAT'S IN THE BOX

Built for policy, not just for bytes

The API Gateway understands HTTP enough to enforce policies before bytes leave your network.

Per-endpoint upstream URL

Define an endpoint slug + upstream URL. Requests to /api/<uuid>/proxy/<slug>/... forward upstream with optional path-tail.

Method allowlist

Restrict each endpoint to specific HTTP methods (GET, POST, …). Anything else gets a 405.

Header policies

Forward allowlist, blocked list (always blocks Host, Authorization, Cookie, Content-Length), inject headers (server-side secrets the client never sees).

OAuth Service Connections

Generic OAuth 2.0 authorization-code flow. Token gets injected as Authorization: Bearer … upstream and refreshed on demand. Six built-in presets (Google, GitHub, Slack, Microsoft, Notion, Discord).

SSRF guard

Validates upstream URLs at create AND request time. Blocks loopback, RFC1918, link-local, IPv6 unique-local, cloud metadata. Defense against DNS rebinding.

Rate limits + timeout

Per-minute and per-hour caps with 429 + Retry-After. Configurable upstream timeout (1-300s).

EXAMPLE

Proxy GitHub via OAuth

Connect a project's OAuth Service Connection to GitHub. PromptGate handles the authorization-code dance, stores the access + refresh tokens encrypted, and injects the bearer header on every upstream call.

Client never sees the OAuth token — only its PromptGate token
Refresh handled transparently when the access token expires
Audit trail of every proxied call
SSRF guard ensures the OAuth callback host stays public

curl shell

# Proxy GitHub through PromptGate
curl https://promptgate.your.co/api/<uuid>/proxy/github/user/repos \
  -H "Authorization: Bearer pg_live_..."

# PromptGate adds the GitHub OAuth bearer upstream automatically
# and refreshes the token if it has expired.

DECISION HELPER

Pick this type when…

Use API Gateway when

You want to put a token-gated, audited proxy in front of a non-LLM HTTP API
You need OAuth (Google / GitHub / Slack / Microsoft / Notion / Discord) without scattering tokens
You want SSRF + rate-limit on every outbound call
You want to share an upstream API key across multiple internal apps without sharing the key itself

Pick something else when

You're routing LLM calls → AI Gateway or Agent Proxy
You want to aggregate MCP servers → MCP Gateway

One proxy, every API.

Spin up an API Gateway project; add an upstream URL; issue a proxy-scoped token; you're forwarding requests inside five minutes.

Install Community Edition GitHub OAuth recipe ↗