Products
Four parts.
One flight path.
Radar finds your API surface. Sentinel enforces the contract. Talon reads intent and strikes. Vault holds the keys. Run all four, or start with one.
RADAR · DISCOVERY
GoldEagle Radar
Continuous API inventory built from live traffic. Radar watches your gateways and reconstructs every endpoint, parameter and data type actually in use.
- Agentless traffic mirroring
- Sensitive-data classification (PII, PCI, PHI)
- Drift alerts when a new endpoint appears
- OpenAPI export from observed traffic
radar — console
goldeagle radar scan --source kong --window 7d
312 endpoints observed
47 undocumented (15%)
9 exposing PII without auth ⚠
SENTINEL · GATEWAY FIREWALL
GoldEagle Sentinel
The inline enforcement layer. Sentinel validates every request against your schema and policy before it is allowed to reach an origin server.
- Deploys as sidecar, gateway plugin or reverse proxy
- JSON Schema and OpenAPI contract enforcement
- Adaptive per-identity rate budgets
- Sub-5ms added latency at p99
sentinel — console
policy: payments-v2 enforce: schema, jwt, rate on_break: strike rate: 120/min per subject audit: full-body retain 30d
TALON · THREAT ENGINE
GoldEagle Talon
Behavioural detection for traffic that passes every syntactic check but is still an attack. Talon scores intent and strikes when the score crosses your line.
- Credential-stuffing and account-takeover models
- Business-logic abuse and scraping detection
- Per-source reputation and automatic bans
- Tunable strike threshold, dry-run mode included
talon — console
STRIKE 203.0.113.44
reason credential stuffing
signal 418 auth failures / 90s
across 361 distinct subjects
action banned 24h, ticket SEC-4417
VAULT · KEYS AND IDENTITY
GoldEagle Vault
Where your API keys, secrets and machine identities live. Issue, scope, rotate and revoke credentials without a deploy.
- Automatic key rotation on a schedule you set
- Scoped, short-lived machine tokens
- Leaked-credential monitoring across public repos
- Revoke a key everywhere in under one second
vault — console
goldeagle vault rotate --key stripe-prod new key issued ge_live_•••••••f31c old key retired grace 60m services updated 7 / 7
Fits where you already are
No migration required
GoldEagle attaches to the gateway, mesh or proxy you already run. If it carries your API traffic, we can read it.
Kong
NGINX
Envoy
Cloudflare
Kubernetes
AWS API Gateway
Apigee
HAProxy
Istio
Azure APIM
Fastly
Traefik
Plans
Priced on traffic,
not on seats
Every plan includes discovery and enforcement. What changes is how much judgement, retention and human backup you get.
| Feature | Nest | Flight | Talon |
|---|---|---|---|
| API discovery (Radar) | |||
| Schema enforcement (Sentinel) | |||
| Behavioural detection (Talon) | |||
| Key management (Vault) | |||
| Log retention | 7 days | 90 days | Custom |
| Managed SOC, 24/7 | |||
| Incident response retainer | |||
| Deployment | Cloud | Cloud | Cloud, VPC or on-prem |
| Support | Community | 8×5, 4h SLA | 24/7, 15m SLA |