74 Repos
Granular authorization policies for web service endpoints.
Distinguishing note: Focuses on the domain-level security policy.
Explore 74 awesome GitHub repositories matching security & cryptography · API Access Control. Refine with filters or upvote what's useful.
FastAPI is a high-performance Python web framework designed for building REST APIs. It operates as an ASGI web framework, providing a system to create structured HTTP endpoints that automatically serialize data and validate request parameters. The framework utilizes Python type hints to drive data validation and serialization, automatically generating machine-readable OpenAPI and JSON Schema specifications. This process enables the automatic creation of interactive, browser-based API documentation where endpoints can be tested directly. The project includes a dependency injection system for
Includes built-in utilities for securing endpoints using authentication and authorization standards such as tokens and basic credentials.
Multica is an autonomous coding agent manager and LLM agent orchestration platform. It coordinates teams of autonomous agents to execute coding tasks and manage their lifecycles through a centralized dashboard. The system provides multi-tenant agent workspaces that isolate agents, settings, and project issues into distinct organizational boundaries. The platform distinguishes itself through an agent skill library that captures successful task solutions as reusable, versioned skills. These skills are shared across the agent team and pinned using content hashes to ensure consistent behavior acr
Allows setting the API target URL via environment variables to connect clients to specific backends.
Django REST Framework is a toolkit for building standards-compliant web services that map complex data models to structured HTTP responses. It provides a modular architecture for handling the request lifecycle, including authentication, permission checks, and content negotiation. The framework is designed to facilitate the development of robust APIs by transforming complex data types into native formats and validating incoming request payloads against defined schemas. The project distinguishes itself through a highly modular, class-based design that allows developers to build complex views an
Implements flexible identity verification and granular access control policies.
This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven
Protects application resources using authentication and authorization mechanisms like OAuth2, JWT, and role-based access control.
Qwen is a comprehensive framework for large language model development, serving, and deployment. It provides a complete ecosystem for transformer-based sequence modeling, offering base models alongside specialized tools for instruction-tuned alignment, fine-tuning, and long-context inference. The project is designed to support both research and production environments, enabling users to train, optimize, and host generative models locally or across distributed hardware. The framework distinguishes itself through its focus on high-performance serving and extensibility. It features a high-perfor
Secures model endpoints by requiring valid authentication headers for programmatic access to inference services.
Mastra is an orchestration framework designed for building, deploying, and managing autonomous AI agents and multi-agent systems. It provides a comprehensive suite of primitives for creating resilient AI applications, including durable workflow orchestration, event-driven agent loops, and semantic memory management. By integrating these core components, the platform enables developers to build complex, multi-step processes that can reason about goals and execute tasks without manual intervention. The framework distinguishes itself through its focus on observability and secure, isolated execut
Validates incoming API requests using standard identity providers or token-based authentication.
Surya is a document processing platform designed to transform unstructured files into structured, machine-readable data. It provides a comprehensive suite of tools for text recognition, layout analysis, and reading order detection, enabling the conversion of PDFs and images into formats such as JSON, HTML, or markdown. The platform is built to handle complex document workflows, offering capabilities for data extraction, document segmentation, and automated form completion. The platform distinguishes itself through a robust pipeline-based architecture that allows users to chain analysis tasks
Limits usage and spending by assigning unique keys to different environments and rotating them.
Elysia is a high-performance TypeScript web framework designed for building type-safe backend services. It provides a modular, plugin-based architecture that allows developers to compose server logic, middleware, and validation schemas into scalable application instances. By leveraging native web standards, the framework ensures portability across diverse JavaScript runtimes, including Node.js, Deno, and various edge computing environments. The framework distinguishes itself through its focus on end-to-end type safety, automatically synchronizing request and response definitions between the s
Configures authentication schemes within API documentation to specify access control requirements for endpoints.
APIJSON is a no-code database API generator and object-relational mapping layer that automatically transforms relational database schemas into functional HTTP endpoints. It provides a system for generating CRUD operations and technical documentation without the need to write manual backend code. The project is distinguished by its ability to allow clients to define custom JSON response structures and field aliases directly within the request. It features dynamic query translation that converts structured JSON parameters into optimized SQL for complex relational joins, subqueries, and data agg
Allows administrators to control access and enable or disable specific generated API endpoints.
This project is a Node.js library for implementing and managing JSON Web Tokens. It functions as a cryptographic token manager and authentication tool used to sign, verify, and decode tokens to securely transmit claims between parties. The library supports both symmetric and asymmetric signing algorithms, including HMAC and RSA. It enables the creation of digitally signed tokens using secrets or private keys, and provides mechanisms to validate token signatures and verify embedded claims such as expiration and issuer. The tool covers a range of identity and access capabilities, including sta
Protects API endpoints by validating signed tokens to restrict access to authorized clients.
LangChain.js is a framework for building, executing, and monitoring stateful agentic applications. It provides an orchestration engine that models workflows as directed graphs, allowing developers to connect language models, data sources, and external tools into modular, multi-step processes. The platform distinguishes itself through its focus on stateful execution and human-in-the-loop control. It manages agent lifecycles by persisting execution state across threads, enabling fault tolerance and the ability to pause workflows at designated breakpoints for manual review or modification. This
Minimizes production attack surfaces by selectively enabling or disabling built-in API endpoints.
Hydra is a headless identity server that functions as a certified OAuth2 and OpenID Connect provider. It is designed as an authentication engine that manages authorization handshakes and token lifecycles while remaining decoupled from the user interface. The project distinguishes itself through a headless architecture, allowing external management of login and consent flows. It provides specialized capabilities for dynamic client registration, JSON Web Token issuance, and a system for rotating encryption secrets without service downtime. The system covers a broad range of identity operations
Secures APIs by issuing JWT access tokens and managing scopes to control resource permissions.
kops is a Kubernetes cluster provisioner and lifecycle manager designed to automate the creation, maintenance, and destruction of production-grade clusters on cloud infrastructure. It functions as a declarative infrastructure manager, synchronizing the live state of a cluster with versioned manifests stored in remote object storage to ensure idempotent operations. The project distinguishes itself by offering comprehensive automation for the entire cluster lifecycle, including high-availability control plane deployment, incremental rolling updates, and automated version upgrades. It also serve
Controls API server accessibility by switching load balancers between internet-facing and internal-only modes.
VictoriaMetrics is a high-performance, scalable time series database and observability platform designed for long-term storage and analysis of metric, log, and trace data. It functions as a unified backend for monitoring ecosystems, offering full compatibility with industry-standard protocols and query languages. The system is built to handle massive data volumes through a distributed architecture that supports horizontal scaling and efficient data lifecycle management. The platform distinguishes itself through a storage engine that utilizes consistent hashing for data sharding and log-struct
Protects sensitive administrative and monitoring endpoints with dedicated authentication keys to prevent unauthorized access to system internals.
Quarkus is a Kubernetes-native Java framework designed for building high-performance, memory-efficient applications. It utilizes ahead-of-time native compilation to transform Java code into standalone, optimized binaries that eliminate the need for a virtual machine, enabling rapid startup and reduced memory consumption. By performing code augmentation during the build phase, it shifts heavy processing tasks away from runtime, ensuring that applications are optimized for cloud-native environments. The framework distinguishes itself through a unified approach to reactive and imperative program
Supports controller-based request handling to define web endpoints using standard framework conventions.
BillionMail is a self-hosted email infrastructure and marketing platform designed to provide full control over mail delivery, domain management, and subscriber communication. It functions as a comprehensive mail server manager that enables users to deploy and maintain private email environments, including integrated webmail interfaces for direct account access. The platform distinguishes itself by combining high-volume bulk email distribution with sophisticated deliverability tools. It supports multi-tenant infrastructure provisioning, allowing administrators to manage multiple domains and ma
Restricts access to email sending endpoints by whitelisting authorized IP addresses.
Zuul is an API gateway service that manages incoming network traffic to backend services. It serves as a routing layer and edge security proxy that provides centralized control over security and monitoring for microservices. The project implements a dynamic request router that maps incoming paths to backend locations using configurable rules that can be updated at runtime. It also includes a circuit breaker implementation to monitor backend failure rates and stop traffic to failing services to prevent cascading outages. The gateway provides a filter-based request pipeline for processing traf
Implements granular authorization policies at the entry point to prevent unauthorized access to sensitive backend services.
Nanobrowser is an AI browser automation tool and Chrome extension that uses large language models to execute complex, multi-step web workflows through a natural language interface. It functions as a multi-agent workflow orchestrator, coordinating specialized AI agents to plan strategies and interact with page elements to complete tasks. The system emphasizes local-first operations, acting as a local API manager that stores provider credentials and executes data processing within the browser to keep sensitive information and keys out of external servers. It utilizes a provider-agnostic API bri
Provides a secure interface for managing API keys and endpoints for various LLM providers locally.
The AWS Cloud Development Kit is an infrastructure-as-code framework that enables developers to define and provision cloud resources using familiar programming languages. By utilizing construct-based synthesis, it translates high-level, object-oriented code into declarative templates, allowing for the automated management of complex cloud environments through a centralized, code-driven control plane. The framework distinguishes itself through its ability to model infrastructure as a dependency-aware resource graph, ensuring that components are provisioned and updated in the correct order. It
Enforces security policies using multiple authentication methods and network-level controls to restrict API access.
This project serves as a comprehensive resource hub and curated directory for the FastAPI web framework ecosystem. It provides developers with a centralized collection of community-vetted libraries, tools, and best practices designed to support the development, testing, and deployment of scalable web services using modern Python. The repository distinguishes itself by aggregating resources that address the full lifecycle of high-performance API development. It covers essential capabilities including project scaffolding, database integration, and the implementation of real-time communication p
Offers granular authorization policies and security controls for web service endpoints.