One Gateway.
Every API.
Gatekeeper sits between your apps and the APIs they call — AI providers and any REST service — vaulting your keys, enforcing rate limits and budgets, and logging every request from one control plane.
OpenAI
Anthropic
OpenAI-compatible
Any REST API
Why It Exists
The Problems It Solves.
✕ API keys scattered across every app and script
→ Keys live in Gatekeeper. Clients hold a scoped gateway key — never the real provider credential.
✕ Surprise bills from runaway loops or prompt injection
→ Per-tenant monthly budgets enforced at ingest. Cap hit = tenant locked automatically.
✕ No central rate limiting across services
→ Sliding-window rate limits applied uniformly at the gate, per tenant and per user.
✕ Zero visibility into which service spent what
→ Every request logged with tenant, model, token count, cost, and timestamp.
Request Flow
How Gatekeeper Works.
Provision a Tenant
Assign an App ID, a monthly budget, and per-provider caps from the control panel. Each tenant gets an isolated key, budget, and audit trail.
Route Your Requests
Point your app, workflow, or script at the proxy endpoint. Pass your gateway key and App ID as headers — everything else is handled at the gate.
Monitor & Enforce
Every request is logged with token counts, cost, model, and timestamp. Budget exceeded? The tenant is locked automatically.
Defense Layer
Security at the Boundary.
Protocol 01
Dual Auth Modes
Static API keys for server-to-server integrations (n8n, scripts) and Supabase JWT for user-facing apps. Both enforced before any upstream call.
Protocol 02
Hard Rate Limiting
Per-tenant sliding window limits via Upstash Redis — 30 requests/minute by default. Login brute force separately capped at 5 attempts per 15 minutes per IP.
Protocol 03
Payload Validation
Provider allowlist, model checks, message bounds (max 100), per-message length limits (32K chars), and max_tokens capped at 8192 — before anything fires upstream.
Protocol 04
Budget Enforcement
Month-to-date spend tracked per tenant. When the cap is hit, the tenant is locked immediately. No surprise billing from runaway workflows.
Reference
Frequently Asked.
What is Gatekeeper?+
A proxy that sits between your apps and the external APIs they call — AI providers and any REST service. It vaults your real API keys, authenticates every caller, enforces rate limits and budgets, and logs every request for audit and cost analysis.
Which APIs can it proxy?+
Two classes. AI: OpenAI and Anthropic natively, plus any OpenAI-compatible endpoint (OpenRouter, Groq, Together, DeepSeek, local models) — these are dollar-metered with per-model cost tracking. And any REST API (Stripe, weather, internal services) registered as an upstream — these are request-metered with quotas.
How does authentication work?+
Clients send a per-tenant gateway key (shown once, stored only as a hash). The key is bound to one tenant, so a leaked key can never act as another. Supabase JWT is also supported for user-facing web apps.
How are costs and usage controlled?+
AI calls are priced at ingest by per-model token rates and enforced against monthly dollar budgets — hit the cap and the tenant locks automatically. REST upstreams are governed by per-service monthly request quotas. Both share per-tenant rate limits.
Are my API keys safe?+
Upstream secrets are encrypted at rest (AES-256-GCM) and only decrypted server-side at call time. They are never returned to the browser — the UI shows a masked tail. Clients hold a gateway key, never your real provider credentials.
What problems does it solve?+
Scattered API keys across apps, no central rate limiting, surprise bills from runaway loops, and zero visibility into which service spent what. Gatekeeper centralizes credentials, governance, and audit behind one endpoint.
Pricing
Simple Plans.
Starter includes a 7-day free trial. No card charged until it ends.
Starter
7-day free trial included
- ▸3 tenants
- ▸1M tokens / mo
- ▸Gateway key auth
- ▸Credential vault
- ▸LLM + REST proxy
- ▸30 req/min per tenant
Pro
No trial
- ▸10 tenants
- ▸10M tokens / mo
- ▸Everything in Starter
- ▸Custom model pricing
- ▸100 req/min per tenant
- ▸Priority support
Scale
No trial
- ▸Unlimited tenants
- ▸Unlimited tokens
- ▸Everything in Pro
- ▸Audit log access
- ▸500 req/min per tenant
- ▸SLA guarantee
Enterprise
SoonNot yet available
- ▸Everything in Scale
- ▸Dedicated onboarding
- ▸Custom rate limits
- ▸MSA + SLA
- ▸SSO / SAML
- ▸Volume pricing
Ready to Deploy