Skip to content

liamross/brink

BranchesTags

Repository files navigation

Brink

Warning

This project is not being worked on any more. The intended purpose was a drop-in dev-tool for rate limiting and authentication for Next.js APIs. At the time, Next.js had limited tooling around exposing APIs and the result was lots of non-rate-limited endpoints that were difficult to expose without risking DDoS attacks. By dropping in a dev-tool at the root (next.config.js) it was possible to protect all endpoints with a single middleware file.

I still think it's a great idea but I didn't have time to work on it. However luckily Unkey has expanded on the idea and I think is the best solution for this problem today. If you are using Better Auth then just use their API key plugin and you're good to go. It offers less features but it's free and open source!

You'll need a bunch of .env files to get this working I didn't structure the repository very well, probably best to not do it.

Secure and Scale your NextJS API

Brink takes care of API key management

Prevent bad actors from overloading your API

Secure and Scale your Next.js API

Brink provides API key authentication and rate limiting for your Next.js API with a single middleware file, enabling your customers to start using your API immediately.

Key Features

  • API Key Management: Brink handles API key creation, validation, and management for your customers
  • Edge-Based Rate Limiting: Ultra-fast rate limiting (<50ms latency) that blocks requests before they reach your API
  • Simple Integration: Protect your entire API with a single middleware file
  • Test & Production Keys: Provision both test and production API keys for your customers
  • Custom Metadata: Attach custom metadata to each API key
  • Best-Practice Headers: Automatic rate limit headers on all responses

Quick Start

Middleware Setup

const withBrinkMiddleware = brinkInit({
  routes: [
    {
      route: "/api/",
      rules: [
        {
          target: "api_key",
          ratelimit: {tokens: 5, window: "1s"},
        },
      ],
    },
  ],
});

export default withBrinkMiddleware(() => {
  return NextResponse.next();
});

Creating API Keys

import {createApiKey} from "@brink/sdk";

createApiKey({teamId});

Using API Keys

curl https://your.api/protected-endpoint \
-H "X-Api-Key: sk_test_..."

How It Works

API Keys

  • Data is stored on the Edge for instant validation
  • Invalid requests are blocked before reaching your API
  • Reduces costs by preventing unauthorized API calls

Rate Limiting

  • Happens on the Edge before requests hit your API
  • Keeps bad requests from overloading your database
  • Highly customizable rate limit rules
  • Apply different limits to different customers

Benefits

  • Protect Your API: Block invalid requests before they cost you money
  • Fast Performance: Edge-based validation with <50ms latency
  • Easy Setup: Configure everything from your middleware file
  • Customer-Ready: Built-in API key management for your end users
  • Scalable: Designed to handle high-traffic APIs

Project Structure

This is a monorepo containing:

  • apps/brink - Main Next.js application
  • apps/server - Server application
  • packages/db - Database package
  • packages/dev - Development utilities

Getting Started

See the individual package READMEs for setup instructions.

About

API key authentication and rate limiting for Next.js

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Languages