v1.2.0

Bug fixes, minor performance upgrades, and new features.

This is the final Python release for Doorman. Moving forward I will migrate Doorman to be written in Rust. Maintaining the UI and not breaking any integrations. Expect v2.0.0 in the next month or two for this major update.

New Features

Transparent Host Routing
Doorman can route traffic by the incoming Host header, so foo.mydomain.com/v2/bar/query can be proxied to the upstream service without changing the client-facing URL. Set this in APIs → Add/Edit API → Basic Information → Hostname Routing, and set the upstream service in APIs → Add/Edit API → Servers.

Anonymous Access
Doorman can allow unauthenticated requests and treat them as anonymous callers, useful for public/basic-tier access. Set this in APIs → Add/Edit API → Configuration by turning off Auth Required, then enabling Anonymous Access.

Credits / Rate Limiting By IP
Anonymous callers can be tracked by client IP, while authenticated callers use their own user/API-key identity. Enable credits in APIs → Add/Edit API → Configuration → Credits Enabled / Credit Group; if anonymous access is enabled, you can also set Anonymous Credit Group there.

Forwarded Client IP
Behind a reverse proxy, Doorman needs the real client IP to make anonymous IP buckets work correctly. Set this per API in APIs → Add/Edit API → IP Access Control → Trust X-Forwarded-For, and configure the reverse proxy to send X-Forwarded-For.

v1.1.0

New feature for API Builder and to explore the data for the API Builder.

Security updates, bug fixes, and more!

v1.0.3

Minor bug fix on user permissions in this build.

v1.0.2

Minor bug fixes in logging, analytics, endpoint uris, and more.

v1.0.1

What's Changed

A bug fix with lax CSFR cookie strictness where the domain host was not being set properly.

v1.0.0

Doorman v1.0.0

First stable release of a lightweight API gateway providing a single entry point for REST, gRPC, GraphQL, SOAP, and AI workloads with integrated security and traffic controls.

Highlights

• Multi‑protocol: REST, gRPC, GraphQL, SOAP, AI streaming
• AuthZ/AuthN: JWT auth, RBAC roles, user groups
• Subscriptions: Enforces API access by subscription
• Traffic controls: Rate limits, throttling, retries
• Storage: In‑memory (dev/test) and MongoDB + Redis (prod). SQLite is not supported.

Security

• Admin isolation: Non‑admin users can’t view/modify admin accounts
• Audit logging: Tracks configuration changes and platform events
• Request validation: Strict route matching and payload checks to reduce injection/traversal risk
• Data masking: Filters sensitive values from logs and responses

Operations

• Management dashboard: Next.js UI for configuration and live traffic views
• Snapshots & rollback: Create snapshots and roll back configuration (requires persistent storage for durability)
• Import/export: Migrate APIs, endpoints, roles via JSON
• Metrics: Latency, throughput, and error rates for registered services

Requirements

• Python 3.10+ for backend services
• Docker Compose for deployment
• Production: Redis (caching/rate limiting) and MongoDB (config/user persistence)

Pre-Release v0.1.0

Doorman Pre-Release v0.1.0

Doorman is a Python-based API Gateway and User Management platform.

Features

• REST, SOAP, GraphQL, and gRPC support
• Authentication and authorization
• Rate limiting and throttling
• User, role, and group management
• Per-API, per-endpoint, and custom backend routing
• Redis and MongoDB support
• Structured logging
• Data monitoring and analytics
• Built-in developer portal

Status

This is an early pre-release build. Development and testing are ongoing.
Basic functional and performance testing has been completed, and most core features are working as expected.
Breaking changes should be expected, and APIs are not yet considered stable.

Please open an issue for any problems you encounter, including minor issues, as this helps improve overall usability and stability.