Patent notice: HackGATE includes technology for monitoring and controlling security testing activities. A U.S. patent application has been filed for this technology: US Patent Applied #63/645,845. Patent pending.
Quick Start
Create your first HackGATE site in minutes. Deploy a proxied test environment and invite researchers.
Authentication
Learn how to authenticate with the HackGATE API using Clerk JWT tokens or organization API keys.
HackGATE Sites
Understand how HackGATE sites work, how to manage them, and how to configure access controls.
API Reference
Full reference for the HackGATE REST API — endpoints, request parameters, and response schemas.
How HackGATE works
When you create a HackGATE site, the platform provisions a unique subdomain (e.g.,yourapp-yourorg.hackgate.net) that proxies all traffic to your origin server. Researchers connect to the HackGATE subdomain — your production application is never exposed directly.
Create a HackGATE site
Point HackGATE at your origin URL. The platform instantly provisions a proxied subdomain.
Configure access control
Choose open access for all authenticated researchers, or maintain a custom allowlist of approved emails.
Set rate limits and block rules
Protect sensitive paths and limit request rates to prevent accidental or malicious overload.
Key capabilities
Access Control
Allowlist specific researcher emails or open the environment to all verified users.
Traffic Analytics
View most active users, path discovery, and traffic timelines across your test environment.
WAF Monitoring
ModSecurity-powered WAF events with attack type breakdown and rules timeline.
API Coverage
Upload your OpenAPI schema and see which endpoints researchers have exercised.
Scheduled Testing
Set precise start and stop times so your test environment is only active when you want it.
Project Management
Group HackGATE sites into projects with timelines, owners, and metadata.