RequestRocket Documentation
Getting Started

Platform Overview

Understand the core concepts and architecture of RequestRocket

Platform Overview

RequestRocket is an API management platform that acts as an intelligent proxy layer between your applications and target APIs. This page explains the core concepts and how they work together.

How It Works

  1. Your application makes a request to the RequestRocket proxy using a proxy credential
  2. RequestRocket validates the proxy credential
  3. Authorization rules are evaluated (if configured)
  4. If allowed, RequestRocket forwards the request to the target API using a target credential
  5. The target API's response is returned to your application with additional headers by RequestRocket

Response Headers

RequestRocket adds these headers to all responses:

  • requestrocket-proxy-code: Either proxy-access-granted or proxy-access-denied (indicates if the request was allowed or denied by authentication and authorization rules)
  • requestrocket-proxy-message: Description of the proxy code
  • requestrocket-proxy-warning: Informs users of any RequestRocket account related warnings (e.g. billing, limits)

If you see proxy-access-granted but still get an error, the issue is with the target API, target credential, or request format - not the proxy authentication.

Core Concepts

Organisations

Organisations are the top-level entity in RequestRocket. They allow you to:

  • Manage team members and their permissions
  • Organize resources
  • Control billing and subscriptions
  • Set organization-wide policies

Each user can belong to multiple organisations with different roles (Owner, Admin, or User).

Credentials

RequestRocket uses two types of credentials:

Proxy Credentials: Used by your application to authenticate with RequestRocket

  • API Key
  • Bearer Token
  • JWT
  • JWT Verify
  • Basic Auth

Target Credentials: Used by RequestRocket to authenticate with your target APIs

  • API Key
  • Bearer Token
  • JWT
  • Basic Auth
  • OAuth2
  • Custom authentication
  • Custom token exchange
  • No Auth

Credentials are encrypted using AES-256-GCM and stored regionally.

Targets

A target represents a destination API that you want to connect to. Each target includes:

  • Base URL: The root endpoint of your API
  • Test Path: A health check endpoint
  • Region: The AWS region where the target is deployed

Targets can be reused across multiple proxies.

Proxies

A proxy is the complete configuration that connects your application to a target API. It combines:

  • A Proxy Credential (how your app authenticates with RequestRocket)
  • A Target (the destination API)
  • A Target Credential (how RequestRocket authenticates with the target)

Each proxy gets a unique Base URL that your application uses to make requests (to which you can append any path, parameters and headers required).

Authorization Rules

Authorization rules provide fine-grained access control for API requests. You can create rules at multiple levels:

Credential Rules: Apply to all proxies using that credential Target Rules: Apply to all proxies using that target Proxy Rules: Apply to a specific proxy only

Rules can match based on:

  • HTTP methods (GET, POST, PUT, DELETE, etc.)
  • Path patterns (regex)
  • Headers (presence and values)
  • Query parameters (presence and values)
  • Deny or Allow effects

Each rule has an effect (Allow or Deny) and a priority (0-1000).

Dashboard and navigation

After you sign in, the main app shows a left sidebar and a top bar (with organisation switcher, notifications, and user menu). The sidebar includes:

  • Dashboard — overview, performance, and notifications
  • Proxies
  • Proxy Credentials
  • Targets
  • Target Credentials
  • Docs — link to documentation

Dashboard tabs

When Dashboard is selected, the main content has three tabs:

TabContents
HomeWelcome message, Quick Actions (Proxies, Proxy Credentials, Targets, Target Credentials, User Management, Account Settings), Resources (API Documentation, Getting Started, community, Code Samples, Support), a Notifications preview, and the Global API Endpoints map.
PerformancePerformance Dashboard: overview of API usage, authentication success rates, and response times. Refresh button, KPI cards (Total Requests, Total Errors, Success Rate, Avg Response Time), and charts (Request Volume, Response Time, Error Volume, Error Rate, Cumulative API Seconds, Top API Response Codes, Authentication Methods).
NotificationsFull notifications list. Description: "Stay up to date with system updates, organization alerts, and personal messages." Mark All Read and Refresh. Filters: System, Organization, Personal, Unread (with counts). Search notifications. Table: Type, Title, Preview, Date, Status, Actions (e.g. view, mark read).

Regional Architecture

RequestRocket uses a distributed architecture with regional data storage and API handling:

Control Plane

  • Centralized management of resources
  • Aggregated analytics and system metrics
  • User and organisation management
  • No sensitive operational data

Data Plane

  • Regional deployment for data sovereignty
  • Stores all credentials (encrypted)
  • Processes API requests
  • Maintains request logs / telemetry
  • Reports usage to telemetry and billing microservices

All components of a proxy (proxy credential, target credential, target, and proxy) must be in the same region.

API Types

RequestRocket provides three types of APIs:

Proxy API

Synchronous API requests with immediate responses. Best for:

  • Real-time data retrieval
  • Interactive applications
  • Low-latency requirements

Async API

Queue-based processing with intelligent retry. Best for:

  • Batch operations
  • Unreliable network conditions
  • Non-time-critical requests
  • High-volume processing

Core API

Programmatic management of RequestRocket resources. Use it to:

  • Create and manage credentials, targets, and proxies
  • Query request history and analytics
  • Automate infrastructure provisioning
  • Build custom integrations

Common Workflows

Development Workflow

  1. Create development credentials and targets
  2. Configure proxies for development APIs
  3. Test integrations in development environment
  4. Monitor request logs for debugging

Production Deployment

  1. Create production credentials with appropriate auth types
  2. Set up regional targets for optimal performance
  3. Configure authorization rules for security
  4. Deploy proxies with production credentials
  5. Monitor performance and request metrics

Multi-Region Setup

  1. Create credentials in each required region
  2. Define targets in each region
  3. Create region-specific proxies
  4. Route requests to nearest regional proxy

Next Steps

Create Your First Proxy

Get started with RequestRocket

Client Integration

Integrate into your application

Rules

Set up access control

API Reference

Explore complete API documentation

Getting Started

Learn how to use RequestRocket to secure your API requests

Organisations

Learn how to create and manage organisations, invite team members, and configure billing

On this page

Platform Overview
How It Works
Response Headers
Core Concepts
Organisations
Credentials
Targets
Proxies
Authorization Rules
Dashboard and navigation
Dashboard tabs
Regional Architecture
Control Plane
Data Plane
API Types
Proxy API
Async API
Core API
Common Workflows
Development Workflow
Production Deployment
Multi-Region Setup
Next Steps