IAM. Gateway. BFF.One unified platform.

A modern unified architecture built to master Identity & Access Management, API Gateway Engine, BFF as a Service, and Secure Tunneling.

Launch AuthGate See architecture

Identity & Access Management

Oudom Dev

oudom@stadoor.io

Active

Token Scopes

workspace:readgateway:write

BFF as a Service

Cookie ProtocolXSS Immune

Browser__Host-Session

⇄

BFF ProxyJWT Token

Token Exposure:0.00%

AUTHGATE

API Gateway Engine

GET /api/v1/ordersJWT Policy

Avg Latency

0.84ms

Secure Tunneling

$ stadoor tunnel 8080

✓ Connected successfully

dev-oudom.tunnel.stadoor.site → localhost:8080

WS Tunnel Connection:Active

AUTHGATE

Identity & Access Management

Oudom Dev

oudom@stadoor.io

Active

Token Scopes

workspace:readgateway:write

API Gateway Engine

GET /api/v1/ordersJWT Policy

Avg Latency

0.84ms

BFF as a Service

Cookie ProtocolXSS Immune

Browser__Host-Session

⇄

BFF ProxyJWT Token

Token Exposure:0.00%

Secure Tunneling

$ stadoor tunnel 8080

✓ Connected successfully

dev-oudom.tunnel.stadoor.site → localhost:8080

WS Tunnel Connection:Active

Four services.
One platform.

IAM, Gateway, BFF, and Tunnels are engineered to operate as one seamless developer infrastructure removing separate boilerplate glue code.

ide-terminal.app

Console Active

Credentials Managerconfidential

Client IDauthgate-web-app

Secret

••••••••••••••••••••••••••••

Simulator Note: Interactive simulator runs a live instance of Identity & Access Management. Click the button in the terminal block above to run runtime triggers.

From login toprotected traffic.

A real request through JWT validation, tenant claim check, policy enforcement, and upstream forwarding — step by step.

IAM—OAuth2 · OIDC · JWT issuance

Gateway—Dynamic routes · policy binding

authgate · request trace

live replay

200 OK · 40.5ms

ServiceTimelinems

CLIENT

API GATEWAY

IAM

API GATEWAY

UPSTREAM

CLIENT

Pick an auth type for your gateway.Mark each route public or secured.

Auth type is set at the gateway level. Individual routes can be marked public even inside a secured gateway.

auth type · per gateway

API_KEY

Key-based access

Secure a route with an API key sent in the request header. Great for service-to-service calls.

Relative Security Strength72%

gateway://request-sandbox

GET /dev-workspace/gateway-1/products HTTP/1.1
Host: gateway.authgate.site
X-Api-Key: ag_live_4f89d3a7e912c3b8
Accept: application/json

Want to send a real request through the gateway?

Try it in the Playground

Spring Boot

Kafka

PostgreSQL

MongoDB

Axon

Docker

Redis

Next.js

Java

RabbitMQ

Spring Boot

Kafka

PostgreSQL

MongoDB

Axon

Docker

Redis

Next.js

Java

RabbitMQ

Spring Boot

Kafka

PostgreSQL

MongoDB

Axon

Docker

Redis

Next.js

Java

RabbitMQ

Start learning.Start building.

Real security infrastructure — IAM and API Gateway — built open-source for IT learners.

Open AuthGate Dashboard Meet the team Read the architecture

IAM. Gateway. BFF.One unified platform.

Identity & Access Management

BFF as a Service

API Gateway Engine

Secure Tunneling

Identity & Access Management

API Gateway Engine

BFF as a Service

Secure Tunneling

Four services.One platform.

Identity & Access Management

API Gateway Engine

BFF as a Service

Secure Tunneling

From login toprotected traffic.

Pick an auth type for your gateway.Mark each route public or secured.

API_KEY

Start learning.Start building.

Four services.
One platform.