Add API key auth, session login, rate limiting, and access logs to any service — in 60 seconds, without writing a line of code. Single Go binary, embedded SQLite, no external dependencies.
Gate sits in front of any HTTP service. Every request must present a valid API key or session cookie before it reaches the upstream. Your application never handles authentication — Gate intercepts unauthenticated requests and returns 401 before they arrive.
GATE_UPSTREAM=http://localhost:3000 GATE_ADMIN_KEY=secret gate Proxy: http://localhost:8780 → http://localhost:3000 Admin API: http://localhost:8780/gate/api Dashboard: http://localhost:8780/ui
Everything behind :8780 now requires auth. The service at :3000 sees only authenticated requests and doesn't know Gate exists.
Grafana, Metabase, or a custom admin panel exposed with no auth. Gate adds API key or session auth without touching the app.
Multiple services calling one internal API. Gate enforces per-key rate limits and logs every request so you know who calls what.
Old service, no auth, can't be modified. Wrap it with Gate. Instant API key auth, access logs, revocable keys, zero code changes.
| Feature | Free | Pro — $2.99/mo |
|---|---|---|
| Upstreams | 1 | Unlimited |
| Users / API keys | 5 | Unlimited |
| API key auth | Yes | Yes |
| Session login | Basic | Yes + duration controls |
| Rate limiting | Global only | Per-route |
| CORS headers | No | Yes |
| Log export | No | CSV export |
| IP allow/deny | No | Yes |
Gate vs Authelia · Guide: protect internal tools · Gate overview
Single binary. No code changes to your service. Free to start.