Protect your API from attacks.
No SDK. No code changes.
Backport is the only API gateway that lets you transform responses, mock APIs, and add custom security rules — without changing your backend code. Point your clients to Backport. That's it.
See the WAF in action
Select an attack type, send a request, and watch Backport block it before it reaches your server.
Attempt to extract all user records by injecting SQL into the query parameter.
Select an attack type and send a request to see the response
This demo simulates how Backport's WAF processes real requests. Try all 5 attack types to see the difference.
Three steps. That's it.
No complex setup. No SDK installation. No backend changes.
Create an account
Sign up with your email. You will get access to a dashboard where you can manage API keys and view analytics.
Generate an API key
Create a unique API key from your dashboard. This key authenticates all your requests through the proxy.
Point your traffic here
Replace your backend URL with the Backport proxy URL in your client code. Add the X-API-Key header. Done.
What makes Backport different
Every feature listed here is real and functional. No vaporware.
Response Transformation
Modify API responses on the fly without touching your backend. Add fields, remove sensitive data, rename keys, or filter response bodies. Set rules by path pattern — no code deployment needed.
API Mocking
Define mock endpoints in your dashboard. When your backend is down or during development, Backport serves your mock responses automatically. No more frontend teams blocked by backend downtime.
Custom WAF Rules
Go beyond the built-in 17 security patterns. Write your own regex rules to block specific threats unique to your API. Cloudflare charges $20/month for this — Backport includes it.
Webhook Notifications
Get instant alerts on Slack, Discord, or any URL when WAF blocks a request, rate limits are hit, or your backend returns errors. Never miss a security event.
Built-in WAF + Rate Limiting
17 regex patterns covering SQL injection, XSS, path traversal, command injection, LDAP injection, and XXE. Plan-based rate limiting from 100 to 5,000 requests per minute.
Full Analytics Dashboard
Real-time traffic charts, latency heatmaps, slow endpoint detection, threat alerts, and request replay. Export everything as JSON or CSV for your own analysis.
Works with any language
Backport is an HTTP proxy. If your backend speaks HTTP, it works. No SDK needed.
curl https://backport-io.onrender.com/proxy/users \ -H "X-API-Key: bk_your_key_here"
Who is this for?
Backport is built for developers who want API protection without the complexity.
Indie developers
You are building an API and need basic protection. You do not want to spend hours configuring Cloudflare or setting up nginx rules. You want to ship, not do ops.
Small teams
Your team is focused on building features, not managing infrastructure. Backport gives you WAF, rate limiting, and analytics without a dedicated security engineer.
API-first products
If your product exposes an API to third-party developers, you need protection from abuse. Backport gives each client their own API key and usage limits.
Open Source
Backport is MIT licensed. You can audit the code, report issues, or contribute features. Full transparency — nothing is hidden.
Star on GitHubPricing
Start free. Upgrade when you need more requests or API keys. No hidden fees.
Free
Try everything free for 3 months. No card required.
- 100 requests / minute
- WAF protection (17 patterns)
- Rate limiting
- 1 API key
- LRU caching & idempotency
- Dashboard analytics
Plus
For growing APIs
- 500 requests / minute
- Response transformation
- API mocking
- 3 API keys
- Full analytics dashboard
- Export data (JSON/CSV)
Pro
For production APIs
- 5,000 requests / minute
- Custom WAF rules
- 10 API keys
- Webhook notifications
- Full analytics + auto docs
- JSON + CSV log export
- Priority support
All plans include the core WAF and rate limiting. No credit card required for the free tier.
FAQ
Ready to protect your API?
Sign up for free. Get an API key in seconds. Start blocking attacks today.