Always included
Free Tier
1,000,000 calls/mo
- First 1M successful API calls every calendar month are always free
- No credit card required to start — free tier never expires
- Resets automatically on the 1st of each month
NubexCloud API Gateway is a fully managed service for controlling, securing, and distributing traffic to your backend services — from single microservices to global multi-region architectures. First 1 million API calls every month are free.
API Gateway handles the hard parts of API management — so your teams can focus on building products, not plumbing.
Each API consumer gets a unique APP Key and APP Secret. Requests are authenticated via HMAC signature — no passwords, no tokens to rotate, no exposed credentials.
Set per-API, per-application, or global throttling policies. Protect your backends from traffic spikes, abuse, and runaway automation — without writing a single line of middleware.
Create, version, publish, and deprecate APIs in any workflow you choose. Group APIs by domain or business unit, and publish to dev / staging / production environments independently.
Connect Cloud Host, Load Balancer, or Kubernetes clusters as backend services via VPC authorization. Your compute stays fully on the private network — only the gateway is public-facing.
Every API group gets a test subdomain out of the box. Bind your own custom domain in production — full HTTPS with certificate management included. CNAME in minutes, not days.
Enable cross-origin resource sharing at the API level with a single configuration toggle. No server-side header code needed — gateway handles preflight responses automatically.
Every availability zone is completely isolated. Scale to hundreds of millions of requests without tuning a single server.
No infrastructure to provision, no load balancers to configure. The console guides you through the whole process.
Group your APIs by domain or business unit. Each group gets a test subdomain automatically. Bind a custom domain for production.
Specify request path, HTTP method, backend service (Host / Load Balancer / Kubernetes), and port. The gateway handles the rest.
Configure authentication (App Key + Secret), rate limiting strategy, CORS rules, and environment-specific settings in the console.
Deploy to dev, staging, or production environments independently. Manage versions, roll back, and run gray releases with zero downtime.
API Gateway sits at the perimeter of your VPC. Backend services are never exposed to the internet — only the gateway is, with full TLS and app-level auth in front of it.
Traditional architectures require opening firewall ports for every public API. With NubexCloud API Gateway, your Cloud Hosts, Load Balancers, and Kubernetes clusters stay on the private network. The gateway receives public traffic, authenticates it, applies rate limits, and routes to the correct backend — all over the internal VPC.
Each availability zone runs a completely isolated gateway instance. There's no cross-AZ dependency in the data path — failure in one zone has no effect on another.
First 1 million API calls every natural month are always free. Pay only for what you use beyond that.
API Gateway uses a daily post-paid model. Each day your valid API calls (HTTP 200–399) are counted, and a bill is generated based on that month's cumulative total using the tier below.
The more you scale, the less you pay per call. No negotiation required — tiered pricing applies to every account automatically.
All prices in USD. Outbound traffic billed separately at standard egress rates. Inbound traffic is free.
Eight concepts are all you need to understand to configure, publish, and manage APIs at scale on NubexCloud.
| Concept | What it is and how it works |
|---|---|
| API Group | A namespace for related APIs, identified by a shared domain name. Use one group per service or business unit — e.g., payments-api, user-service. All APIs in a group share the same base domain and environment configuration. |
| Subdomain | Each API Group is automatically assigned a subdomain by the platform for testing and development. This subdomain is active immediately after group creation — no DNS setup needed. In production, replace it with a custom domain. |
| Custom Domain | Your own domain (e.g., api.yourcompany.com) bound to an API Group. The domain must be CNAME'd to the gateway subdomain. HTTPS is handled automatically once the domain is verified. |
| API | A single endpoint definition — method, path, parameters, and its backend target. You define the contract; the gateway enforces it. APIs can be created, updated, versioned, and deprecated independently within a group. |
| Backend Service | The compute resource that handles the actual request — a Cloud Host, Load Balancer, or Kubernetes service. Defined by a resource ID and port number. All backend traffic runs over the internal VPC; your service never needs a public IP. |
| Flow Control | Rate limiting policies that cap API calls within a time window — per API, per application, or globally. Protects your backend from overload and prevents any single consumer from monopolising capacity. |
| Application | The identity of an API consumer. Each application has a unique APP Key (identity) and APP Secret (signing key). Applications must be authorized on specific APIs before they can call them — controlling exactly who can access what. |
| Authorization | The act of granting an application permission to call a specific API. Once authorized, the application signs requests using its APP Secret via HMAC. The gateway verifies the signature before routing the request to the backend. |
Exposing backends directly or running NGINX yourself both work — until they don't. Here's why managed API Gateway is the right choice for production.
| Capability | NubexCloud API Gateway | Direct Backend Exposure | Self-managed NGINX |
|---|---|---|---|
| Authentication | ✓ App Key + HMAC built-in | ✗ Must build yourself | ~ Plugin required |
| Rate limiting | ✓ Per-API, per-app policies | ✗ No control | ~ Limit zone module |
| API versioning | ✓ Version + env management | ✗ Application-layer only | ✗ Manual config per version |
| Custom domain + HTTPS | ✓ One-click cert management | ~ Manual cert renewal | ~ Let's Encrypt + cron |
| Backend isolation (VPC) | ✓ Private network only | ✗ Public IP required | ~ Depends on config |
| CORS handling | ✓ Console toggle, no code | ✗ Server-side code required | ~ nginx add_header blocks |
| Availability | ✓ 99.95% SLA, AZ-isolated | ~ Depends on host HA | ✗ You manage HA yourself |
| Ops overhead | ✓ Zero — fully managed | ~ Low (but insecure) | ✗ High — patching, config, HA |
From startup SaaS to enterprise portals — every team that needs to expose services securely is a gateway team.
Expose your user, product, and payment APIs to mobile clients with App Key authentication, per-user rate limits, and automatic HTTPS — without opening any firewall ports.
Route a single public endpoint to dozens of internal Kubernetes services. Maintain a clean API contract for consumers while freely refactoring the backend architecture underneath.
Issue each integration partner their own Application with a scoped APP Key. Revoke access instantly for any partner, set individual rate limits, and audit every call independently.
Centralize all internal service APIs behind a single gateway. Teams get self-service access via the console, with quota enforcement that prevents any one team from impacting others.
Gateway handles authentication and rate limiting for millions of concurrent device connections. Backends stay safe even if a device fleet sends a request storm — throttling absorbs the spike.
Issue one Application per tenant. Set per-tenant quotas, track individual usage, and enforce plan-level rate limits — all without changing your backend code. Scale each tenant independently.
API Gateway uses daily post-paid billing — no upfront commitment, no reserved capacity, no idle cost. Pay only for successful API invocations beyond your free monthly tier.
1,000,000 calls/mo
From $0.007 per 10K calls
$0 inbound traffic
API Gateway has zero idle cost. If your APIs receive no traffic, you pay nothing. Bills are calculated daily in arrears — invoiced in USD with AED equivalent on every consolidated invoice.
No infrastructure to provision, no gateway to configure. Create an API group and go live in under 10 minutes.