Architecture
Control Plane
RequestRocket separates governance and configuration from request processing. The control plane is where you manage everything — credentials, proxies, rules, and telemetry. The data plane is where your traffic flows. Understanding this separation is the foundation of the platform's security model.
Overview
Control Plane Architecture
The control plane handles all configuration, credential storage, policy definition, and observability. The data plane is the runtime proxy that processes your API traffic in real time. These two planes run independently — management operations never touch the proxy path.
Control plane traffic
Configuration calls, credential management, rule and filter updates, telemetry queries, and the management console all use the control plane API. This traffic is authenticated separately and never touches your proxy endpoints.
Data plane traffic
Your callers' API requests — the traffic you proxy through RequestRocket — go directly to the data plane endpoint for your region. The data plane enforces the policies defined in the control plane without ever calling back to it on the hot path.
Security
Design Principles
Credential Isolation
Secrets — API keys, bearer tokens, OAuth credentials — are stored encrypted in the data plane and never surfaced to users or consumers. The control plane retains a reference, not the value, and resolves the credential at request time. Your callers (and users) never see the upstream secret.
Credentials guide →Zero-Trust Policy Enforcement
Rules and rate limits are configured via the control plane and pushed to the data plane. The data plane enforces policy on every request without being able to modify it. The control plane retains a mirror of the policy configuration in the data plane for mutability and auditability. Any changes to the policy configuration are automatically and immediately propagated to the data plane.
Rules guide →Separation of Concerns
Management traffic and proxy traffic use entirely separate API endpoints, separate authentication, and separate infrastructure. A data plane outage does not affect control plane operations. A control plane update does not cause data plane downtime.
Architecture overview →Auditability
Every proxied request produces a structured audit record — timing, auth decision, rule outcomes, filter actions, and response status — stored in the control plane. Configuration changes are tracked with timestamps and actor context. All records are queryable via the Telemetry and Requests APIs.
Observability →Deployment
Where Your Data Plane Runs
The control plane always runs centrally. You choose where your data plane runs — from RequestRocket's shared global infrastructure to fully isolated infrastructure inside your own cloud account.
Managed multi-tenant
Your proxies run on RequestRocket's shared regional infrastructure across supported AWS regions. Zero infrastructure management overhead. Deploy to a new region by changing a single field — proxyRegion. Available to all plans.
Dedicated & self-hosted
Enterprise customers can run a dedicated managed data plane — or deploy the data plane software entirely within their own cloud account. The control plane, management console, and Core API remain unchanged. Your dedicated region appears alongside standard regions in the /endpoints API.
Core APIs
Control Plane API Surface
Every resource — from proxies and credentials to telemetry records — is managed through the versioned Core API. The management console is built entirely on top of it.
Add outbound API security
without changing code
Start on your own or talk to our team about improving the security of every API call you make.