Interactive Demo
REST Key Injection
Users authorize access by entering their API key into a secure Gateway iframe. The key never touches the client's systems — only an opaque reference is returned. The Gateway injects the real key on every request.
Secure Key Onboarding
User authorizes access — API key captured by the Gateway, never seen by the client
Taylor
Nexus Solutions is requesting access to your Cloudbase account. Enter your API key to authorize.
SECURE GATEWAY
Hosted by Layr8 - isolated from Nexus Solutions
This iframe is served directly by the Secure Gateway. Nexus Solutions cannot read its contents.
Nexus Solutions
Waiting for Taylor to authorize access to Cloudbase...
How Secure Key Onboarding Works
Taylor enters their Cloudbase API key into a secure vault. Like Stripe's payment form, the key never passes through Nexus Solutions's systems. Enter any value to see the flow.
Enter an API key above to see the secure onboarding flow.
Interactive demo: REST Key Injection via Layr8 Secure Gateway
Secure Key Capture
Users enter their API key through a Gateway-hosted iframe. Like Stripe's payment form, the secret never touches the client's systems — only an opaque reference is returned.
Just-in-Time Injection
On each API call, the Gateway decrypts the key from its KMS vault, injects it into the outbound request, and discards it. Never cached, never exposed.
Breach Containment
If the client is compromised, attackers find no API keys — only useless opaque references. Users' service data stays completely protected.