Interactive Demo

REST Key Injection

Users authorize access by entering their API key into a secure Gateway iframe. The key never touches the client's systems — only an opaque reference is returned. The Gateway injects the real key on every request.

Secure Key Onboarding

User authorizes access — API key captured by the Gateway, never seen by the client

Act 1/3

User:

Client:

Service:

Taylor

Nexus Solutions is requesting access to your Cloudbase account. Enter your API key to authorize.

Your key goes directly to the Secure Gateway — Nexus Solutions never sees it

authorizes

SECURE GATEWAY

Hosted by Layr8 - isolated from Nexus Solutions

SECURE

Enter your Cloudbase API key to authorize Nexus Solutions

This iframe is served directly by the Secure Gateway. Nexus Solutions cannot read its contents.

returns kid_...

Nexus Solutions

Waiting for Taylor to authorize access to Cloudbase...

How Secure Key Onboarding Works

Taylor enters their Cloudbase API key into a secure vault. Like Stripe's payment form, the key never passes through Nexus Solutions's systems. Enter any value to see the flow.

Enter an API key above to see the secure onboarding flow.

Interactive demo: REST Key Injection via Layr8 Secure Gateway

Secure Key Capture

Users enter their API key through a Gateway-hosted iframe. Like Stripe's payment form, the secret never touches the client's systems — only an opaque reference is returned.

Just-in-Time Injection

On each API call, the Gateway decrypts the key from its KMS vault, injects it into the outbound request, and discards it. Never cached, never exposed.

Breach Containment

If the client is compromised, attackers find no API keys — only useless opaque references. Users' service data stays completely protected.