High-Performance API Gateway

Kernel-Level Security.
Sub-Millisecond Overhead

API gateway with iptables-level DDoS protection, ClickHouse-powered analytics, and atomic Redis quota enforcement.

Currently in Beta
<1ms gateway overhead
3-Layer DDoS Protection
Production-Verified

Built Different

Every feature backed by production code. No vaporware, no roadmap promises.

ProxyShield DDoS Defense

Three-layer protection: kernel iptables packet dropping, TCP socket termination, and application-level threat detection. Bans propagate across all nodes instantly.

Kernel iptablesPacket DROP
TCP SocketConnection KILL
ApplicationThreat Detection
Learn more

Zero-Copy Streaming Proxy

Constant-memory streaming via undici with connection pooling and pipelining. Responses are streamed directly — no buffering in the gateway.

512

Connections

×10

Pipelining

0 B

Buffering

Atomic Quota Enforcement

Redis Lua scripts check RPS + monthly quota in a single roundtrip. Zero race conditions, zero double-counting.

INCR rps_key + INCR monthly_key
→ 1 Redis roundtrip, 0 race conditions

ClickHouse Analytics

Detailed observability: latency breakdown, geo maps, device detection, bot scores, and cache analytics — all stored in ClickHouse.

Latency

5+ fields

Geo

5+ fields

Device

5+ fields

Security

5+ fields

Cache

5+ fields

Service

5+ fields

Explore analytics

Two-Tier Response Cache

L1 in-memory LRU + L2 Redis cache with FNV-1a hashing. Early cache middleware serves responses before the proxy even starts.

~0.001ms L1
Learn more

Per-Route Circuit Breakers

Automatic failure detection with Redis-backed state machine. Half-open probing, configurable thresholds, and instant recovery.

CLOSED
OPEN
HALF

Transform Pipelines

16 built-in actions: JWT claim extraction, header injection, PII masking, field renaming, security headers — all with conditional execution.

JWT→HeaderPII MaskRenameSecurity
View all 16 actions

Gateway as Code

Define routes in nolxy.config.ts, version control them, and sync via CLI or CI/CD. Diff-based updates with dry-run mode.

Developer Portal

Built-in portal for API consumers: self-serve key generation, route discovery, and OpenAPI spec display.

See It in Action

One request through Nolxy. Sub-millisecond overhead. Zero config on your backend.

Terminal
$
curl https://api.yourapp.com/v1/todos \
  -H "x-nolxy-api-key: YOUR_API_KEY"
# or with default proxy URL:
# curl https://proxy.nolxy.com/u_a8f3/todos
HTTP/1.1 200 OK
x-response-time: 0.8ms
x-cache: MISS
x-ratelimit-remaining: 9999
 
[
{
"id": 1,
"title": "Deploy production API",
"completed": true
},
{
"id": 2,
"title": "Set up rate limiting",
"completed": true
}
]
200 OK in 0.8ms gateway overhead
Rate limit tracked automatically

How It Works

From request to response in four steps. Zero code changes on your backend.

Request

Consumer calls your API through Nolxy

Authenticate & Protect

API key validation, rate limiting, IP checks

Cache, Transform & Proxy

Cache check, request transforms, upstream call

Response in <1ms overhead

Logged, metered, returned to consumer

Built for Developers

Nolxy handles the gateway layer so you can focus on your API.

ProxyShield

Multi-layer DDoS protection

Low Overhead

Minimal gateway latency

Analytics

Built-in request observability

API Keys

Scoped, hashed, rate-limited

Transparent Pricing

Simple, Transparent Pricing

Start free, scale as you grow. No hidden fees, cancel anytime.

Ready to Ship Faster?

Start free with 100K requests/month. No credit card required. Deploy in under 2 minutes.