WebSocket Proxying

Nolxy transparently proxies WebSocket connections to your upstream services — including API key validation, connection quotas, and idle timeouts — with zero frame parsing overhead.

How It Works

When a client sends an HTTP Upgrade request to a Nolxy proxy URL, the gateway validates the API key, resolves the target route, and performs a raw TCP socket pipe between the client and upstream. No WebSocket frames are parsed — data flows at wire speed.

  1. Client sends GET /proxy/your-path with Upgrade: websocket
  2. Nolxy validates x-nolxy-api-key header (or ?api_key= query param)
  3. Route is resolved from the user's configured routes
  4. Upstream WebSocket handshake is completed
  5. Bidirectional TCP pipe is established — all frames pass through transparently

Authentication

WebSocket clients can authenticate in two ways:

x-nolxy-api-key header

Preferred. Set during the HTTP upgrade handshake.

?api_key=sk_... query param

Fallback for clients that cannot set custom headers (e.g., browser WebSocket API).

Limits & Security

LimitValue
Max connections per user50 concurrent
Idle timeout5 minutes
SSRF protectionPrivate IPs blocked
Forwarded headersx-forwarded-for, x-nolxy-user-id

Example (Browser)

const ws = new WebSocket(
  "wss://gateway.nolxy.com/proxy/chat?api_key=sk_live_..."
);

ws.onopen = () => ws.send(JSON.stringify({ type: "hello" }));
ws.onmessage = (e) => console.log(JSON.parse(e.data));

Plan Requirements

WebSocket Proxying is available on Pro plans and above.

Response CompressionGraphQL Protection