Secure API calls, straight from the frontend

A smart-proxy that removes the need for a dedicated backend.

CORS control · Rate limiting · Drop-in replacement · No Node.js required.

frontend-integration.js

// Instead of calling your API directly (exposing your secret key):
fetch("https://api.tosses.dev/v1/credentials", { method: "POST", body: { key: "SECRET_KEY", expiry_ttl: 1800 } });

// Route through Bounce to auto-inject your secret key:
const BOUNCE_KEY = "your_key_here";
const BOUNCE_URL = `https://fetch.tosses.dev/${BOUNCE_KEY}/v1/credentials`;

fetch(BOUNCE_URL, { method: "POST", body: { expiry_ttl: 1800 } }); // No 'key' needed

CORS Control

Lock down requests to your specific origins. Prevent unauthorized frontend usage instantly.

Rate Limiting

Built-in IP-based rate limits protect your upstream APIs from abuse and unexpected billing.

Endpoint Allowlist

Ensure your Bounce keys only reach the exact endpoints you need, nothing more.

Auth Provider Support

We support any JWT auth provider (e.g: Firebase, Clerk, Auth0) to require JWT claims for specific endpoints.

Server-Sent Events (SSE)

Stream real-time data from your APIs directly to the browser with full SSE support.

Dual Encryption

Configs are encrypted using our database secret AND your Bounce Key. Without your key, we cannot decrypt your APIs.

Pricing

Free

Requests10k / mo

Bounce keys3

Rate limit30 req/min

Egress0.5 GB / mo

Select

Pro

$5 / month

Requests500k / mo

Bounce keys10

Rate limit60 req/min

Egress50 GB / mo

Select

Team

$25 / month

Requests5M / mo

Bounce keysUnlimited

Rate limit180 req/min

Egress250 GB / mo

Select

Need more? Contact us for custom pricing.