Gateway Grid sits at the edge of your stack — routing, securing, and versioning every API call across regions, then carrying each endpoint through its whole life, from first draft to graceful sunset.
route /v3/orders → orders-svc
policy rate-limit: 2000/min · burst 500
auth oauth2 + mTLS · jwt scopes
deploy canary 5% → 50% → 100%Platform teams route their traffic through Gateway Grid
Routing, security, and observability used to be three tools owned by three teams. Gateway Grid collapses them into one decision, written as code and enforced at the edge.
Match on path, header, weight, or geography and reach the right service in under a millisecond. Failover and retries are policy, not plumbing — declared once, inherited by every region.
OAuth2, OIDC, mTLS, and API keys terminate at the gateway, with scopes checked before a request ever reaches your service.
Per-key, per-route, and per-tenant quotas with burst windows — counted consistently across every edge node, not approximated per region.
Shadow real production traffic onto a new build and diff the responses before a single user is routed to it.
Validate every request and response against your OpenAPI contract and reject drift at the edge, before it reaches a client.
Each request emits a trace, latency, and status line — exported to OpenTelemetry with no agent to install in your services.
What the grid carries
An API is never finished — it is versioned, deprecated, and one day retired. Gateway Grid manages the whole arc, so a breaking change stops being a fire drill.
Start from an OpenAPI or gRPC spec; the gateway scaffolds routes, mocks, and a developer portal before the service behind them exists.
Run v2 and v3 side by side, shift traffic by percentage, and roll back in one click — no client ever resolves to the wrong endpoint.
Flag an endpoint as sunsetting; the gateway warns callers, emits Sunset headers, and counts the route down to retirement on a date you set.
See exactly which keys still call a dying route, notify those teams in a click, and pull the endpoint only once its traffic reaches zero.
The outages that wake platform teams rarely come from exotic bugs. They come from a forgotten v1, a noisy tenant, a schema that quietly drifted. Gateway Grid turns each of these from an incident into a policy that was already in place.
A v1 you assumed was dead is still serving forty partners. Gateway Grid shows live call counts per key, so you find out before you delete it, not after the support queue floods.
One customer's retry storm used to starve everyone else's requests. Per-tenant limits are enforced at the edge, so a single caller can saturate their quota without touching yours.
A service started returning a renamed field and three clients broke in production. Responses are validated against the OpenAPI contract at the edge, and drift is rejected before it ships.
An internal route shipped without a scope check and sat exposed for a month. Auth terminates at the gateway, so an unauthenticated request never reaches the service to begin with.
A bad release went to 100% of traffic at once. New builds take a 5% canary and a live traffic mirror first, so a regression is contained to a sliver and rolled back in seconds.
Nobody knew that one internal endpoint was load-bearing until it was retired. The gateway maps every real consumer of every route from observed traffic, so the surprise is gone.
“We retired a v1 that thirty partners still depended on — without a single angry email. Gateway Grid told us who was calling it and counted them down to zero.”
“Routing, auth, and rate limiting used to live in three repos and two teams. Now it's one policy file in code review, and edge incidents went from weekly to roughly never.”
“A canary with live traffic mirroring caught a contract break our test suite missed entirely. That one catch would have been a Saturday-night incident.”
Start free at the edge and pay as your request volume grows. Billing tracks requests, not seats, so adding engineers never changes the invoice.
For a first API at the edge.
For teams shipping many APIs.
For global, high-volume estates.
Both. Run on our managed edge in 42 regions, or deploy the data plane inside your own VPC and keep only the control plane with us. Policies and lifecycle behave identically in either mode.
Median gateway overhead is 0.7 ms. Routing, auth, and rate-limit decisions are evaluated at the nearest edge node, not on a round trip to a central service.
Yes. Point Gateway Grid at any HTTP or gRPC upstream — Kubernetes, serverless, or bare metal. Import your OpenAPI spec and the routes scaffold themselves.
Run versions side by side, shift traffic by percentage, and emit Sunset headers on deprecated routes. The dashboard shows which consumers still call a dying endpoint, so you retire it only once nobody is left on it.
Routing decisions are cached at each edge node and keep serving from last-known-good policy if the control plane is unreachable. Your data plane stays up even during a control-plane incident.
Gateway Grid is SOC 2 Type II certified with optional data residency. Auth terminates at the edge and audit logs capture every policy change with the author and timestamp.
Import a spec, deploy a gateway, and route your first request in an afternoon — no sales call required to start.