Wrap NetSuite, Salesforce, or any internal API with a proxy that your customers can call safely. Issue signed API keys, filter responses to only the fields you want shared, and audit every request.
curl https://api.proxyflow.app/p/acme/customers/123 \
-H "Authorization: ApiKey pf_xxx:<hmac>" \
-H "X-Timestamp: 1739000000" \
-H "X-Nonce: 7b9a..."
{
"id": "123",
"name": "Acme Corp",
"email": "billing@acme.com"
}
// Internal fields (SSN, balance, notes) filtered outEverything you need to safely give your customers programmatic access — without rebuilding a backend for each integration.
Each organization owns its upstreams, routes, and consumers. Members manage them; end-customers call them.
API keys plus per-request HMAC signatures with timestamp + nonce. No replay, no token theft.
Pick the fields that flow through with an allowlist, or write a JSONata expression for full transforms.
API key headers, Basic, Bearer, OAuth2 client credentials with token caching, or custom headers.
Method, latency, upstream status, error code. Searchable per route and per consumer.
Proxy requests execute on the same edge as your dashboard. Sub-100ms overhead.