Built an API abuse-prevention and traffic-governance system, need feedback on it
Hey HN / devs,
Over the past few months I’ve been building APIGate — a lightweight, high-performance API traffic monitoring, protection & governance layer designed for companies and API-first platforms that want real-time control without adding complexity or latency.
What APIGate does
Real-time traffic governance: lets you track & control API requests by IP, email, user agent, country, and status codes.
Rate limiting & abuse protection: track request rates across multiple time windows and auto-block or restrict when thresholds are crossed.
Anomaly detection: detect spikes in error patterns (4xx/5xx) per requester with custom triggers.
Geo & network access controls: whitelist/blacklist by country and block VPN/proxy abuse.
Intelligent user linkage: see all IPs, user agents, and countries tied to each user.
Dashboard & insights: rich analytics with traffic heatmaps and real-time activity maps.
Full flexibility: every rule, threshold, and action is configurable to your policies.
Ultra-low latency: built with Go + Fiber — responses remain <50ms with minimal overhead.
Integration is simple — just two endpoints:
a decision API (before requests) for allow/deny decisions
a logging API (after requests) that powers dashboards and adaptive logic
We also include a built-in IP reputation shield with millions of known proxy/VPN/spam IPs to pre-block obvious bad traffic. apigate.in
What I’m looking for
Product feedback: What’s missing?
Use cases: Would you use this instead of rolling your own or using a cloud provider’s tooling?
Integration concerns: What would stop you from adopting something like this?
Pricing feedback: Does the tiering make sense for indie devs vs startups vs enterprise?
Happy to answer any questions about design decisions or implementation approach!
Cheers
[dead]