Docs/Quick Start: HTTP Proxy

Protect an HTTP API in 5 Minutes

Add authentication, rate limiting, and cost tracking to any REST or GraphQL API.

1

Install SatGate

Install the SatGate proxy using pip, Docker, or from source:

pip install satgate

Or with Docker:

docker pull ghcr.io/satgate-io/satgate:latest
2

Create a config file

Create satgate.yaml with your API upstream:

listen: ":8080"
admin:
  separateListener: ":9090"
routes:
  - name: my-api
    match:
      pathPrefix: /api/
    upstream:
      url: http://localhost:3000
    policy:
      kind: observe    # Start with observe — log everything, block nothing
rootKey: "your-root-key-here"   # Generate with: openssl rand -hex 32
3

Start the proxy

satgate serve --config satgate.yaml

SatGate is now running on port 8080, proxying to your API on port 3000.

4

Mint a token and make a request

# Mint a capability token
curl -X POST http://localhost:9090/admin/tokens/mint \
  -H "Authorization: Bearer your-root-key-here" \
  -H "Content-Type: application/json" \
  -d '{"caveats": [{"type": "expiry", "value": "24h"}]}'

# Use the token to call your API through SatGate
curl http://localhost:8080/api/hello \
  -H "Authorization: Bearer <token-from-above>"
5

Check the dashboard

If you're using SatGate Cloud, your requests appear in the Usage Analytics dashboard. For self-hosted, check the admin API:

curl http://localhost:9090/admin/stats \
  -H "Authorization: Bearer your-root-key-here"

You're in Observe mode — every request is logged and metered. When ready, switch to Control mode to enforce budgets.