MIDDLEWARE AS A SERVICE

Enterprise-Grade API Routing,
Billing & Caching

A robust Laravel-based proxy gateway that securely manages upstream API requests, handles prepaid credit consumption via FIFO batching, and intelligently caches heavy payloads.

Explore Features
Client App cURL / PHP / JS API Gateway Auth & Cache Upstream API Redis

Core Architecture

Built for scale, security, and precise resource management.

Smart Proxy Engine

Seamlessly intercepts client requests, injects upstream credentials dynamically, and transforms payloads before forwarding to the target API.

FIFO Credit Billing

Strict per-API-key accounting. Credits are consumed from the oldest active batch first, with automated daily expiry checks and ledger integrity.

Smart Cache & Storage

Strips heavy Base64 photos from Redis cache and Database. Stores them securely on the filesystem, injecting them only when the client requests them.

The Request Lifecycle

1

Auth & Rate Limit

Validates Bearer/X-API-Key headers. Enforces Redis sliding window rate limits (min/hour/day).

2

Cache Check

Checks Redis for an existing cached response. If found, returns instantly without charging credits or hitting upstream.

3

Proxy & Process

Deducts credits (FIFO), proxies to upstream, extracts photos to disk, strips photos from JSON, and stores in DB/Cache.

Platform Boundaries

What It Can Do

  • Invisible Credential Injection: Safely inject upstream usernames/passwords into the request body without exposing them to the client.
  • Field Filtering: Clients can request specific fields (e.g., ?fields=Code,Name) to drop heavy data like Base64 photos.
  • Automated Batch Expiry: Background cron jobs automatically expire old credit batches and adjust balances daily.
  • PDF Invoice Generation: Automatically generates and stores tax-compliant PDF invoices upon order approval.
  • Webhook Dispatching: Queues and retries webhook events (low balance, order approved) via Redis workers.

What It Cannot Do

  • Process Online Payments: It is strictly a prepaid system. It does not integrate with SSLCommerz, Stripe, or bKash. Admins manually approve orders based on external bank transfers.
  • Host Upstream APIs: It is a middleman. If the target upstream verification server goes down, the gateway will gracefully return a 502 error, but it cannot process the data itself.
  • Public User Registration: Users cannot sign up freely. The platform is strictly invite-only. Admins must create user accounts from the backend.
  • Stream Responses: It uses standard REST JSON payloads. It does not support Server-Sent Events (SSE) or WebSockets for streaming large data chunks.