https://requestrocket.com/blog Product updates, API governance, and engineering notes from RequestRocket. en-us Wed, 03 Jun 2026 14:44:22 GMT https://requestrocket.com/blog/ai-token-limits-by-model https://requestrocket.com/blog/ai-token-limits-by-model Wed, 03 Jun 2026 00:00:00 GMT Track and cap token use per AI model within a single proxy. Conditional meters apply independent limits to each model without touching your app code. https://requestrocket.com/blog/monitoring-local-ai-agents-api-usage https://requestrocket.com/blog/monitoring-local-ai-agents-api-usage Mon, 01 Jun 2026 00:00:00 GMT Local AI agents make API calls your observability stack never sees. RequestRocket's request logs, telemetry, and meters give you full per-agent visibility without touching agent code. https://requestrocket.com/blog/openclaw-nemoclaw-data-risk https://requestrocket.com/blog/openclaw-nemoclaw-data-risk Fri, 29 May 2026 00:00:00 GMT OpenClaw and NemoClaw access real APIs with real credentials. Here's how RequestRocket contains the blast radius when they misbehave or are compromised. https://requestrocket.com/blog/securing-apis-openclaw-uses https://requestrocket.com/blog/securing-apis-openclaw-uses Wed, 27 May 2026 00:00:00 GMT OpenClaw calls third-party APIs autonomously on your behalf. Here's how gateway-level credentials, rules, and filters lock down exactly what it can access. https://requestrocket.com/blog/connect-power-bi-to-any-api https://requestrocket.com/blog/connect-power-bi-to-any-api Thu, 07 May 2026 00:00:00 GMT Power BI's web connector speaks Basic Auth. Most modern APIs don't. RequestRocket bridges the gap: accept Basic Auth from Power BI and forward requests using OAuth2, bearer tokens, or any other auth type — with rotation, monitoring, and no credentials in your dataset. https://requestrocket.com/blog/dedicated-managed-self-hosted https://requestrocket.com/blog/dedicated-managed-self-hosted Thu, 23 Apr 2026 00:00:00 GMT RequestRocket now offers dedicated managed and fully self-hosted deployment options — giving teams on Business tier dedicated data plane infrastructure while continuing to use the same central control plane, API, and management console they already know. https://requestrocket.com/blog/zero-downtime-migration-api-authentication https://requestrocket.com/blog/zero-downtime-migration-api-authentication Thu, 16 Apr 2026 00:00:00 GMT Use service abstraction at the gateway layer to migrate between authentication providers — moving your entire API consumer base without downtime, breaking changes, or flag-day cutover risks. https://requestrocket.com/blog/three-pillars-strong-api-program https://requestrocket.com/blog/three-pillars-strong-api-program Thu, 09 Apr 2026 00:00:00 GMT Authentication, documentation, and protection are the foundational capabilities every successful API program needs. Here's how RequestRocket addresses each one in a unified gateway layer. https://requestrocket.com/blog/most-flexible-rate-limiter https://requestrocket.com/blog/most-flexible-rate-limiter Thu, 02 Apr 2026 00:00:00 GMT A look at the rate limiting architecture that makes it possible to enforce different limits per proxy, credential, path, method, and header value — and why flexibility here matters for real-world API governance. https://requestrocket.com/blog/debug-faster-with-requestrocket https://requestrocket.com/blog/debug-faster-with-requestrocket Thu, 26 Mar 2026 00:00:00 GMT Stop guessing at what's happening inside your gateway. The request log, per-request inspection, and telemetry API give you the information you need to diagnose integration issues quickly. https://requestrocket.com/blog/add-auth0-jwt-authentication-to-any-api https://requestrocket.com/blog/add-auth0-jwt-authentication-to-any-api Thu, 26 Feb 2026 00:00:00 GMT A quick-start guide to integrating Auth0 JWT authentication at the RequestRocket gateway layer — protecting your upstream API without any backend code changes. https://requestrocket.com/blog/route-api-traffic-by-auth0-jwt-claims https://requestrocket.com/blog/route-api-traffic-by-auth0-jwt-claims Thu, 19 Feb 2026 00:00:00 GMT Use the claims inside Auth0 JWT tokens to make intelligent routing decisions at the RequestRocket gateway — directing traffic to different targets or applying different policies based on user attributes. https://requestrocket.com/blog/api-keys-and-jwts-stronger-together https://requestrocket.com/blog/api-keys-and-jwts-stronger-together Thu, 12 Feb 2026 00:00:00 GMT API keys and JWTs aren't competing mechanisms — they solve different parts of the authentication problem. Here's how to layer them on the same proxy for defence in depth. https://requestrocket.com/blog/how-to-extract-and-use-jwt-claims https://requestrocket.com/blog/how-to-extract-and-use-jwt-claims Thu, 05 Feb 2026 00:00:00 GMT Practical techniques for pulling data out of JWT tokens at the gateway layer — and using those claims to enforce fine-grained access control, tenant isolation, and per-user response redaction without touching your backend. https://requestrocket.com/blog/api-governance-manageable https://requestrocket.com/blog/api-governance-manageable Thu, 29 Jan 2026 00:00:00 GMT API governance fails when it becomes a process overhead nobody follows. Here's how combining a gateway, explicit proxy records, rules, and telemetry turns governance into something teams will actually use. https://requestrocket.com/blog/shadow-apis-financial-services https://requestrocket.com/blog/shadow-apis-financial-services Thu, 22 Jan 2026 00:00:00 GMT Unmanaged API sprawl is a ticking compliance clock in fintech. Why API governance isn't optional when operating in regulated markets — and what a practical remediation looks like. https://requestrocket.com/blog/archive-api-requests-to-s3 https://requestrocket.com/blog/archive-api-requests-to-s3 Thu, 15 Jan 2026 00:00:00 GMT How to use RequestRocket's filter system to capture and archive every inbound request and its response to S3 — useful for audit trails, compliance, and debugging without touching your backend. https://requestrocket.com/blog/better-api-monitoring-opentelemetry https://requestrocket.com/blog/better-api-monitoring-opentelemetry Thu, 08 Jan 2026 00:00:00 GMT Monitor API latency, error rates, and request volume across all your upstream dependencies. RequestRocket exports telemetry to any OpenTelemetry-compatible backend — Datadog, Tempo, New Relic, and more. https://requestrocket.com/blog/fine-grained-authorization-requestrocket-oktafga https://requestrocket.com/blog/fine-grained-authorization-requestrocket-oktafga Thu, 01 Jan 2026 00:00:00 GMT Combine RequestRocket's gateway with OktaFGA's relationship-based access control to enforce authorization policies that go well beyond simple role checks — without modifying your backend. https://requestrocket.com/blog/api-gateway-at-the-centre-of-ai-revolution https://requestrocket.com/blog/api-gateway-at-the-centre-of-ai-revolution Thu, 25 Dec 2025 00:00:00 GMT APIs are the connective tissue linking AI models to real-world data and actions. The gateway is the layer that makes those connections safe, observable, and scalable — here's why that matters now. https://requestrocket.com/blog/two-essential-security-policies-for-mcp https://requestrocket.com/blog/two-essential-security-policies-for-mcp Thu, 11 Dec 2025 00:00:00 GMT Prompt injection detection and secret masking are the two gateway policies every team should implement before exposing endpoints to LLM-driven traffic. Here's how to configure both. https://requestrocket.com/blog/oauth-secured-remote-mcp-access https://requestrocket.com/blog/oauth-secured-remote-mcp-access Thu, 04 Dec 2025 00:00:00 GMT How RequestRocket sits between MCP clients and your target API to inspect JWT claims — including sub — and block requests that shouldn't reach the underlying service. https://requestrocket.com/blog/defending-mcp-servers-against-prompt-injection https://requestrocket.com/blog/defending-mcp-servers-against-prompt-injection Thu, 27 Nov 2025 00:00:00 GMT Prompt injection is a real and growing threat for MCP-connected services. Here's how to use gateway-level filter rules to detect and block injection attempts before they reach your LLM. https://requestrocket.com/blog/jwt-vs-api-key-auth-m2m https://requestrocket.com/blog/jwt-vs-api-key-auth-m2m Thu, 20 Nov 2025 00:00:00 GMT A practical comparison of JWT and API key authentication for M2M use cases — covering security, complexity, and the real-world scenarios where each approach makes sense. https://requestrocket.com/blog/api-key-authentication-best-practices https://requestrocket.com/blog/api-key-authentication-best-practices Thu, 13 Nov 2025 00:00:00 GMT A practical guide to API key generation, storage, scoping, rotation, and revocation — with concrete patterns for keeping credentials out of your source code and blast radius small. https://requestrocket.com/blog/in-defence-of-api-keys https://requestrocket.com/blog/in-defence-of-api-keys Thu, 06 Nov 2025 00:00:00 GMT API keys have been called outdated and insecure. That view is wrong for most practical scenarios. Here's the case for why they remain a sound, auditable choice — and how to use them well. https://requestrocket.com/blog/taming-api-key-chaos-for-ai-agents https://requestrocket.com/blog/taming-api-key-chaos-for-ai-agents Thu, 30 Oct 2025 00:00:00 GMT As AI agents scale across your stack, credential management spirals fast. Here's how a gateway-first approach brings order to key rotation, scoping, and access control for agent-driven traffic.