Protect your API from attacks.
No SDK. No code changes.
Backport is an API gateway that lets you transform responses, mock APIs, and add custom security rules — without changing your backend code. Point your clients to Backport. That's it.
Why developers choose Backport
Full Control
Production-grade API security with transparent pricing. Your data stays yours.
30-Second Setup
Sign up, get your API key, point your traffic. Done.
Built for APIs
Not a generic CDN. Purpose-built for API protection and management.
Get Started in 30 Seconds
Sign up, get your API key, and point your traffic to Backport. No credit card required.
100% Open Source. MIT Licensed.
Backport is and will always be open source. No feature gates, no telemetry, no vendor lock-in. The full source code is available on GitHub for review and contributions.
Backport vs Cloudflare
Cloudflare is great for websites. Backport is built for APIs.
See the WAF in action
Select an attack type, send a request, and watch Backport block it before it reaches your server.
Attempt to extract all user records by injecting SQL into the query parameter.
Select an attack type and send a request to see the response
Simulated DemoThis simulates how Backport's WAF processes real requests. Try all 5 attack types to see the difference.
Three steps. That's it.
No complex setup. No SDK installation. No backend changes.
Create an account
Sign up with your email. You will get access to a dashboard where you can manage API keys and view analytics.
Generate an API key
Create a unique API key from your dashboard. This key authenticates all your requests through the proxy.
Point your traffic here
Replace your backend URL with the Backport proxy URL in your client code. Add the X-API-Key header. Done.
What makes Backport different
Every feature listed here is real and functional. No vaporware.
Response Transformation
Modify API responses on the fly without touching your backend. Add fields, remove sensitive data, rename keys, or filter response bodies. Set rules by path pattern — no code deployment needed.
API Mocking
Define mock endpoints in your dashboard. When your backend is down or during development, Backport serves your mock responses automatically. No more frontend teams blocked by backend downtime.
Custom WAF Rules
Define your own regex-based firewall rules with per-endpoint control and severity levels.
Webhook Notifications
Get instant alerts on Slack, Discord, or any URL when WAF blocks a request, rate limits are hit, or your backend returns errors. Never miss a security event.
Built-in WAF + Rate Limiting
17 regex patterns covering SQL injection, XSS, path traversal, command injection, LDAP injection, and XXE. Plan-based rate limiting from 100 to 5,000 requests per minute.
Full Analytics Dashboard
Real-time traffic charts, latency heatmaps, slow endpoint detection, threat alerts, and request replay. Export everything as JSON or CSV for your own analysis.
Works with any language
Backport is an HTTP proxy. If your backend speaks HTTP, it works. No SDK needed.
curl https://backport.in/proxy/users \ -H "X-API-Key: bk_your_key_here"
Who is this for?
Backport is built for developers who want API protection without the complexity.
Indie developers
You are building an API and need basic protection. You need protection without spending hours configuring nginx rules or deploying complex infrastructure. You want to ship, not do ops.
Small teams
Your team is focused on building features, not managing infrastructure. Backport gives you WAF, rate limiting, and analytics without a dedicated security engineer.
API-first products
If your product exposes an API to third-party developers, you need protection from abuse. Backport gives each client their own API key and usage limits.
Pricing
Start free. Upgrade when you need more requests or API keys. No hidden fees.
Free
Try everything free for 3 months. No card required.
- 100 requests / minute
- WAF protection (17 patterns)
- Rate limiting
- 1 API key
- LRU caching & idempotency
- Dashboard analytics
Plus
For growing APIs
- 500 requests / minute
- Response transformation
- API mocking
- 3 API keys
- Full analytics dashboard
- Export data (JSON/CSV)
Pro
For production APIs
- 5,000 requests / minute
- Custom WAF rules
- 10 API keys
- Webhook notifications
- Full analytics + auto docs
- JSON + CSV log export
- Priority support
Enterprise
For teams at scale
- Unlimited requests / minute
- Custom WAF + rate rules
- 50 API keys
- Team collaboration
- Webhooks + Slack/Discord
- Dedicated support & SLA
- Custom integrations
- On-call engineering
All plans include the core WAF and rate limiting. No credit card required for the free tier.
Ready to Secure Your APIs?
Start your free trial today. No credit card required. Full WAF protection, rate limiting, and analytics in 30 seconds.
No vendor lock-in. Cancel anytime.
FAQ
Ready to protect your API?
Start protecting your API today. Free for 3 months, no credit card required.
Production-grade · 30-Second Setup · No Vendor Lock-in