🛡️ GatePilot

Enterprise-Grade API Gateway & Developer Portal

A self-hostable, production-ready API Gateway solution for managing, securing, and monitoring your APIs at scale.

Features • Tech Stack • Quick Start • API Reference • Architecture • Developer

📋 Overview

GatePilot is a comprehensive API management platform designed for developers and organizations who need complete control over their API infrastructure. Built with modern technologies and security best practices, GatePilot provides everything you need to manage API access, enforce rate limits, and monitor usage.

Why GatePilot?

Self-Hostable: Full control over your data and infrastructure
Enterprise Security: SHA-256 hashed API keys, audit logging, and role-based access
Real-time Analytics: Monitor API usage, latency, and error rates
Developer-Friendly: Clean UI, comprehensive documentation, and OpenAPI support

✨ Features

🏢 Organizations & Multi-tenancy

Create and manage multiple organizations
Invite team members with role-based permissions (Owner, Admin, Member, Viewer)
Isolated projects per organization

📦 Project Management

Create unlimited API projects
Configure routes, keys, and rate limits per project
Enable/disable projects instantly

🔀 API Routes

Define proxy routes to upstream services
Path prefix matching with HTTP method filtering
Scope-based access control per route

🔐 Secure API Keys

SHA-256 hashed key storage (keys never stored in plaintext)
Unique key prefixes for identification (gp_xxxxxxx)
Scope-based permissions
Key expiration and revocation

⚡ Rate Limiting

Per-key requests per minute (RPM) limits
Per-IP rate limiting
Daily quota enforcement
Configurable rate limit policies

📊 Request Logging & Analytics

Complete request history with metadata
Latency tracking and status code monitoring
Visual analytics dashboard with charts:
- Requests over time
- Endpoint distribution
- Latency percentiles
- Error rate tracking

📖 OpenAPI Documentation

Upload and host OpenAPI/Swagger specifications
Auto-generated API documentation
Version management

📝 Audit Logging

Complete trail of administrative actions
Compliance-ready logging
Filter by action, resource, and time

🛠️ Tech Stack

Layer	Technology
Frontend	React 18, TypeScript, Vite, Tailwind CSS, shadcn/ui
Backend	Express.js, TypeScript, Node.js
Database	PostgreSQL with Drizzle ORM
Authentication	Supabase Auth (Email/Password)
Charts	Recharts
State Management	TanStack Query
Routing	Wouter

🚀 Quick Start

Prerequisites

Node.js 18+
PostgreSQL 14+
Supabase account (for authentication)

Installation

Clone the repository

git clone https://github.com/Mavdii/GetPilot.git
cd GetPilot

Install dependencies

npm install

Configure environment variables

cp .env.example .env
# Edit .env with your credentials

Set up the database

# Run migrations
npm run db:push

# Or use SQL files
psql -d your_database -f migrations/000_run_all.sql

Start the development server

npm run dev

The application will be available at http://localhost:5000

🔧 Environment Variables

Variable	Description
`DATABASE_URL`	PostgreSQL connection string
`SESSION_SECRET`	Secret key for session encryption
`SUPABASE_URL`	Supabase project URL
`SUPABASE_ANON_KEY`	Supabase anonymous key
`SUPABASE_SERVICE_ROLE_KEY`	Supabase service role key

See .env.example for a complete list.

📁 Project Structure

gatepilot/
├── client/                     # Frontend React application
│   ├── src/
│   │   ├── components/         # Reusable UI components
│   │   │   └── ui/             # shadcn/ui components
│   │   ├── hooks/              # Custom React hooks
│   │   ├── lib/                # Utilities and query client
│   │   └── pages/              # Page components
│   └── index.html
├── server/                     # Backend Express application
│   ├── routes.ts               # API route handlers
│   ├── storage.ts              # Database storage layer
│   ├── supabase-auth.ts        # Authentication logic
│   └── index.ts                # Server entry point
├── shared/                     # Shared types and schemas
│   ├── tables/                 # Database table definitions
│   │   ├── users.ts
│   │   ├── organizations.ts
│   │   ├── projects.ts
│   │   ├── api-keys.ts
│   │   ├── rate-limits.ts
│   │   ├── request-logs.ts
│   │   ├── openapi-specs.ts
│   │   └── audit-logs.ts
│   └── schema.ts               # Combined schema exports
├── migrations/                 # SQL migration files
│   ├── 001_create_sessions.sql
│   ├── 002_create_users.sql
│   └── ...
└── drizzle.config.ts           # Drizzle ORM configuration

🔌 API Reference

Gateway Usage

Proxy requests through the gateway:

POST /gateway/{projectId}/your/api/path
Headers:
  x-api-key: gp_your_api_key_here
  Content-Type: application/json

Authentication Endpoints

Method	Endpoint	Description
`POST`	`/api/auth/signup`	Register new user
`POST`	`/api/auth/login`	Login with credentials
`POST`	`/api/auth/logout`	Logout current user
`GET`	`/api/auth/user`	Get current user info

Organization Endpoints

Method	Endpoint	Description
`GET`	`/api/orgs`	List user's organizations
`GET`	`/api/orgs/:slug`	Get organization details
`POST`	`/api/orgs`	Create new organization

Project Endpoints

Method	Endpoint	Description
`GET`	`/api/projects/:id`	Get project with routes
`POST`	`/api/orgs/:slug/projects`	Create new project
`PATCH`	`/api/projects/:id`	Update project
`DELETE`	`/api/projects/:id`	Delete project

API Key Endpoints

Method	Endpoint	Description
`GET`	`/api/projects/:projectId/keys`	List API keys
`POST`	`/api/projects/:projectId/keys`	Generate new API key
`POST`	`/api/keys/:id/revoke`	Revoke API key

🔒 Security Features

API Key Security

Keys are hashed with SHA-256 before storage
Only the key prefix (first 11 characters) is stored for display
Full key is shown only once at creation time

Session Security

HTTP-only cookies
Secure flag in production
Session expiration (7 days default)

Audit Trail

All sensitive operations are logged
Actor, action, resource, and timestamp recorded
Compliance-ready audit logs

📈 Analytics Dashboard

GatePilot provides comprehensive analytics including:

Requests Over Time: Line chart showing API traffic trends
Status Code Distribution: Pie chart of response codes (2xx, 4xx, 5xx)
Endpoint Popularity: Bar chart of most-used endpoints
Latency Percentiles: P50, P95, P99 latency metrics
Error Rate Tracking: Monitor API health in real-time

🗄️ Database Schema

The database consists of 11 tables organized for optimal performance:

Table	Description
`users`	User accounts
`sessions`	Session storage
`orgs`	Organizations
`memberships`	User-org relationships
`projects`	API projects
`routes`	Proxy route configurations
`api_clients`	Registered API consumers
`api_keys`	Hashed API keys
`rate_limit_policies`	Rate limiting configs
`request_logs`	API request history
`openapi_specs`	OpenAPI specifications
`audit_logs`	Administrative action log

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

Fork the repository
Create your feature branch (git checkout -b feature/AmazingFeature)
Commit your changes (git commit -m 'Add some AmazingFeature')
Push to the branch (git push origin feature/AmazingFeature)
Open a Pull Request

👨‍💻 Developer

Platform	Contact
👤 Name	Umar
🐙 GitHub	@Mavdii
📧 Email	omarelmhdi@gmail.com
📱 Telegram	@dev_umar
💬 WhatsApp	01550875414

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

Built with ❤️ by Umar

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
client		client
migrations		migrations
script		script
server		server
shared		shared
.env.example		.env.example
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
components.json		components.json
drizzle.config.ts		drizzle.config.ts
package-lock.json		package-lock.json
package.json		package.json
postcss.config.js		postcss.config.js
tailwind.config.ts		tailwind.config.ts
tsconfig.json		tsconfig.json
vite.config.ts		vite.config.ts

License

Mavdii/GetPilot

Folders and files

Latest commit

History

Repository files navigation