15 repositorios
Security layers for managing API access and traffic at the gateway level.
Distinguishing note: Focuses on centralized proxy-based security.
Explore 15 awesome GitHub repositories matching security & cryptography · API Gateway Security. Refine with filters or upvote what's useful.
Context7 is an AI-powered documentation retrieval engine designed to provide developers and AI agents with real-time, context-aware access to technical documentation and code snippets. By integrating external library documentation as callable tools, the platform equips AI coding assistants with project-specific knowledge, helping to improve generation accuracy and reduce hallucinations during inference. The platform distinguishes itself through a robust security and governance framework that manages documentation as a centralized knowledge base. It employs a multi-source ingestion pipeline to
Enforces authentication, rate limiting, and request validation through a centralized proxy layer for all external service interactions.
SuperTokens Core is an open-source, self-hosted authentication and identity management platform designed for deployment within private infrastructure. It provides a comprehensive suite for managing user accounts, roles, and secure authentication flows, utilizing a modular, recipe-based architecture that allows developers to enable specific security features without modifying the core codebase. The platform distinguishes itself through its robust multi-tenancy capabilities, which allow for the logical or physical isolation of user records and configuration settings across different organizatio
Authenticates GraphQL requests by validating user identity through an API gateway authorizer.
Hapi is a configuration-driven web framework for building secure and scalable HTTP servers and APIs on the Node.js runtime. It functions as a REST API development framework and an enterprise server implementation focused on stability, security, and comprehensive input validation. The framework is built around a plugin-based architecture, allowing core functionality and custom logic to be organized into modular, registerable plugins. It serves as an HTTP request lifecycle manager, enabling the interception and modification of requests through pre-handlers and extensions before they reach the f
Implements security layers through authentication strategies and CORS policies to protect API resources.
This project is an artificial intelligence gateway that functions as a centralized middleware layer for managing, securing, and observing interactions with language, vision, and audio models. It provides a unified interface that standardizes requests across multiple providers, enabling teams to integrate AI capabilities into their applications through a consistent set of tools and protocols. The gateway distinguishes itself through its comprehensive infrastructure governance and traffic management capabilities. It allows for policy-driven routing, automated failover, and load balancing across
Provides centralized proxy-based security and authentication management for AI model interactions.
Shenyu is a microservices API gateway designed to route external traffic to backend services using dynamic rules and protocol conversion. It functions as a central entry point that manages traffic flow through a combination of an API traffic governor, a distributed configuration manager, and a security layer for protecting endpoints. The project features a dynamic plugin architecture that allows for the injection of custom request processing logic without restarting the server. It utilizes a distributed coordination service to synchronize routing and policy updates across a gateway cluster in
Implements a centralized security layer at the gateway to enforce token-based authorization and signature verification.
wewe-rss is an RSS feed generator and scheduled aggregator that converts social media accounts and web content into standardized RSS, Atom, or JSON feeds. It functions as a full-text content extractor, retrieving the complete body of articles rather than short summaries. The system operates as an API-protected feed gateway, utilizing token-based authorization and request rate limiting to restrict access and maintain stability. It supports subscription portability by exporting tracked sources into standardized OPML files. The project manages content aggregation through automated polling via c
Acts as a secure gateway for accessing feeds, combining authorization and rate limiting.
Type-graphql is a framework for building GraphQL servers that uses TypeScript classes as the single source of truth for schema definitions and types. It provides a schema generator and a resolver framework that allows developers to define queries and mutations using class-based controllers and decorators. The project focuses on a schema-first approach where TypeScript classes and metadata reflection are used to automatically derive GraphQL schemas. It incorporates a dependency injection container to manage the instantiation and lifecycle of resolver classes. The system includes a middleware
Manages endpoint permissions by implementing authorization guards within the GraphQL resolver layer.
serverless-express es un adaptador de framework serverless para Node.js que permite ejecutar frameworks web estándar en computación serverless. Utiliza una capa de compatibilidad para mapear eventos y disparadores de la nube en objetos de solicitud y respuesta HTTP estándar. El proyecto cuenta con un generador de código full-stack que produce endpoints de API, esquemas de base de datos y boilerplate de frontend a partir de configuraciones de relación de entidades centralizadas. Incluye un enrutador de eventos serverless para traducir eventos de nube no HTTP en solicitudes HTTP simuladas y una herramienta para aprovisionar bases de datos NoSQL y recursos en la nube utilizando plantillas declarativas de infraestructura como código. Sus capacidades adicionales cubren la integración de identidad en la nube para control de acceso basado en tokens, pipelines de despliegue automatizados para gestionar etapas de entorno y modelado de datos para la generación automatizada de API CRUD. El sistema también proporciona utilidades para codificación binaria base64, registro estructurado de aplicaciones y envío de correos electrónicos transaccionales. La ejecución local de aplicaciones es compatible para desarrollo y pruebas sin requerir despliegue en la nube.
Verifies and caches security tokens at the gateway to restrict access to protected endpoints.
freegeoip es un servicio de geolocalización autohospedado y servidor API que mapea direcciones IP y nombres de host a ubicaciones geográficas. Funciona como un lector de bases de datos MaxMind, analizando bases de datos de geolocalización binarias para proporcionar datos de ubicación a través de una interfaz REST. El proyecto se distingue por proporcionar una alternativa privada a los proveedores de geolocalización en la nube, gestionando archivos de base de datos locales y automatizando actualizaciones periódicas. Incluye un resolvedor de IP de proxy inverso para extraer direcciones de clientes originales de los encabezados de proxy, asegurando un mapeo preciso detrás de balanceadores de carga. El servicio incorpora un sistema de gestión de cuotas para aplicar límites de solicitudes por cliente y asegura sus endpoints utilizando cifrado TLS y políticas CORS. También cuenta con sincronización automatizada de bases de datos con verificación de versión basada en checksum y un frontend web público opcional para realizar búsquedas.
Protects API endpoints using TLS encryption and CORS policies to restrict access to authorized domains.
Contour is a Kubernetes ingress controller that manages external HTTP and TCP traffic by orchestrating Envoy proxy instances. It functions as a control plane that translates declarative Kubernetes API objects into dynamic proxy configurations, enabling real-time traffic management without requiring infrastructure restarts. The system distinguishes itself through a focus on multi-tenant cluster networking and delegated configuration. By allowing routing rules to be partitioned across namespaces, it enables multiple teams to securely manage their own traffic policies within a shared cluster. It
Enforces security policies like JWT validation and IP filtering at the network edge to protect backend services.
light-4j is a Java microservices framework designed for building scalable distributed systems. It provides a toolkit for developing cloud-native services with integrated support for service discovery, telemetry, and secure inter-service communication. The project includes a runtime OpenAPI request validator to ensure communication consistency by checking data against formal specifications. It also features an OAuth2 API security gateway for verifying identity tokens and managing credentials, alongside an event-sourcing messaging system for building command query responsibility segregation arc
Implements a centralized security layer that verifies OAuth2 identity tokens and manages credentials at the gateway level.
AWS Powertools for Python is a utility framework designed for building production-ready Python functions on AWS Lambda. It provides a comprehensive suite of tools for observability, event parsing, routing, and idempotency management to streamline the development of serverless applications. The project distinguishes itself through specialized capabilities for event-driven architectures and AI agent orchestration. It enables the implementation of AI agents by exposing functions as tools via OpenAPI schemas and managing conversation states. Additionally, it features an idempotency library that p
Handles GraphQL resolver and authorizer events including identity parsing and response formatting.
Este proyecto es una puerta de enlace API y controlador de entrada diseñado para gestionar el tráfico, la seguridad y la conectividad de servicios dentro de entornos Kubernetes. Opera como un controlador que monitorea el estado del clúster para reconciliar las configuraciones de la puerta de enlace con las definiciones de infraestructura deseadas, asegurando que las políticas de red y las reglas de enrutamiento permanezcan consistentes en los despliegues distribuidos. El sistema se distingue por una canalización de solicitudes modular que permite la inyección de lógica personalizada para manejar transformaciones, comprobaciones de seguridad y registro. Admite la gestión de infraestructura declarativa, permitiendo a los usuarios definir políticas de tráfico y configuraciones de puerta de enlace a través de manifiestos controlados por versiones. Al integrarse con el almacenamiento de secretos externo y proporcionar un control centralizado sobre múltiples instancias de puerta de enlace, mantiene un enfoque unificado para la aplicación de políticas y la gestión de identidades para los consumidores de API. Más allá del enrutamiento central, la plataforma proporciona capacidades integrales de gestión de tráfico, incluyendo equilibrio de carga, monitoreo de salud y modificación de rutas de solicitud para protocolos HTTP, TCP y gRPC. Facilita la comunicación segura a través de la gestión de certificados integrada y permite la agrupación de políticas de consumidor para asegurar un control de acceso consistente en todas las arquitecturas de servicio.
Acts as a platform for managing traffic, enforcing security policies, and applying rate limits to services within a distributed network.
Este proyecto es un controlador de ingress de Kubernetes que funciona como una API gateway y gestor de tráfico para entornos contenerizados. Opera monitoreando eventos del clúster y traduciendo definiciones de recursos de ingress nativos en configuraciones de enrutamiento activas, asegurando que el tráfico externo se dirija a los servicios internos según especificaciones declarativas. El controlador se distingue por su capacidad para actuar como una puerta de enlace especializada para modelos de inteligencia artificial, proporcionando un punto de entrada seguro que aplica límites de tasa, moderación de contenido y guardrails de prompts. Admite actualizaciones de configuración dinámicas, lo que permite modificar las políticas de gestión de tráfico en tiempo real sin reiniciar el proceso de la puerta de enlace. Además, el sistema utiliza una arquitectura basada en plugins que permite la inyección de lógica personalizada y la orquestación centralizada de políticas en múltiples endpoints de servicio. Más allá de sus capacidades principales de enrutamiento, el proyecto proporciona herramientas integrales para la seguridad de API, incluyendo autenticación de solicitudes y gestión de consumidores. Facilita el puente de protocolos entre diversos estándares de comunicación de red y mantiene la salud del sistema a través de monitoreo de rendimiento integrado y la exportación de métricas operativas. La arquitectura admite modos de despliegue flexibles, permitiendo escalar la capacidad de manejo de tráfico en diversos entornos de infraestructura.
Routes HTTP, gRPC, and WebSocket requests while enforcing security policies and load balancing.
Obot is an orchestration platform designed for the deployment and management of autonomous agents that automate complex business workflows. It provides a framework for connecting intelligent models to internal infrastructure and external services, enabling agents to perform tasks through conversational interfaces. The platform functions as a centralized system for infrastructure governance, incorporating a secure gateway to route, filter, and monitor network traffic between distributed services. It maintains a registry of server capabilities and agent skills, allowing for the discovery and ut
Routes and filters network traffic between services to enforce access policies, ensure regulatory compliance, and monitor system performance.