Endpoints without a backend.
Pick a template, set the limits, paste one URL. Contact forms, file uploads, email senders, and database connectors are live on your domain in minutes.
Built for production from day one
99.9% uptime target
Sub-50ms p99 in our regions
AES-256 at rest, TLS 1.3 in transit
Argon2id password and key hashing
Hosted in Germany
GDPR and UK GDPR compliant
What is in the box
Everything you need to ship endpoints
No servers to run, no databases to provision, no email infrastructure to maintain. Bring the limits and the providers you want.
Pre-built templates
Contact forms, feedback collectors, newsletter signups, waitlists, file uploads, email senders, database connectors. Pick one and ship.
Per-endpoint rate limits
Set the request budget per minute, per hour, per day. Enforced at the edge before the request reaches your code.
Allowed hosts you control
Whitelist exactly the domains that can hit your endpoint. Anything else gets a clean rejection at the gate.
Bring your own database
Forward submissions to your own Postgres, MySQL, or MongoDB with a secret connection string. We never see the rows.
Forward files to your server
Uploads hit your endpoint, then we forward the file to wherever you want. S3, your own server, anywhere.
Send email from your provider
Plug in Resend, your SMTP credentials, or any email service. Use your own quota, your own sender domain.
Analytics that answer questions
Requests, errors, latency, top referrers, top endpoints. Real numbers, not vanity charts.
GDPR and UK GDPR ready
Data subject export, verified deletion, subprocessor list, DPO contact. Legal pages included.
Per-endpoint API keys
Generate, rotate, revoke. One key per endpoint so a leak stays contained.
How it works
Three steps to a live endpoint
Sign up
Email and password, or one click with Google, Discord, or GitHub.
Pick a template
Contact form, file upload, email sender, database connector. Configure the limits and the rules.
Paste the URL
Drop one snippet into your site. The endpoint is live and rate-limited from the first request.
Templates
Pre-built, ready to configure
Each one ships with sensible defaults. Override what you need, leave the rest.
Form collector
Contact, feedback, newsletter, waitlist. One template, four modes.
File upload
Receive files, forward them to your server. Size and type limits you set.
Email sender
Resend, SMTP, or any provider. Use your own quota and sender domain.
Database connector
Forward submissions to your own database. We never see the data.
Security
Hardened at the boundary
Argon2id for credentials
Memory-hard hashing for passwords and API keys. We do not use bcrypt or scrypt.
RS256 JWT with JWKS rotation
Tokens signed with a private key, verified by a rotating public key. No shared secrets.
Input rejected, not encoded
We refuse to store anything that looks like script, markup, or control characters. The data never enters the database.
Ownership checked on every request
Every fetch by id re-queries with the caller's user id. A URL change never grants access to another user's data.
Audit log of every access
Reads, writes, permission denials, rate limit hits. Searchable and exportable.
Hard plan limits, not throttling
Hit your plan's request budget and the endpoint goes down for thirty minutes. We contact you to help.
Questions