ProxLock
S e c u r e A P I P r o x y M a n a g e m e n t
Protect and manage your API keys with ease. ProxLock provides a secure gateway for your applications, ensuring your sensitive credentials stay safe.
Why ProxLock?
If you bundle an API key in your app, anyone can extract it and use it for their own apps. Suddenly, you're paying for their users.
ProxLock makes it impossible1 for others to abuse your API keys and infrastructure.
Global Rate Limiting
We enable rate limiting for individual keys across all platforms, ensuring no single user can exhaust your quota.
Mobile Attestation
On mobile, we use hardware cryptography based attestation to ensure every request comes from an unmodified copy of your app.
Web Opt-In
Web is inherently less secure than mobile, but equally important. Only opt-in to web usage on the keys that need it and keep the other benefits of ProxLock.
How It Works
Key Storage & Splitting
ProxLock uses an XORed partial key system to ensure your complete API key is never stored in one place. When you upload your API key to ProxLock, we split it into two partial keys, so we don't know your complete key either.
Dynamic Proxying
When your app makes an API request, ProxLock routes it through our secure proxy infrastructure. We validate the app instance using Apple's Device Check to ensure authenticity and prevent unauthorized access. The bearer token is then dynamically constructed by combining the partial keys, and the request is forwarded to the target service with proper authentication, which is then relayed back to your app. This process ensures your credentials remain secure while maintaining minimal latency and maximum reliability.
Source Available
ProxLock is built with transparency in mind. Our entire codebase is source available and published on GitHub. We believe in security through openness, not obscurity.
Supported Platforms
Ready to Get Started?
Join our beta program and get started today.
Still have questions?
We're here to help. Reach out to us via email or join our community.