CRelay is an encrypted API relay with replay protection. It protects sensitive API payloads beyond HTTPS using AES-256-GCM encryption, timestamp freshness, route-bound AAD, and encrypted responses within a trusted gateway boundary.

Is CRelay a replacement for HTTPS?

No. CRelay is not a replacement for HTTPS. It adds application-level payload encryption on top of HTTPS to protect sensitive data even if TLS is terminated or intercepted at a proxy.

Is CRelay zero-knowledge?

No. CRelay v0.1 operates as a trusted gateway boundary. The relay server decrypts payloads to forward them to target APIs. Zero-knowledge architecture is not a feature of v0.1.

How does CRelay prevent replay attacks?

CRelay uses timestamp freshness validation combined with unique nonces and route-bound Authenticated Associated Data (AAD) to ensure each request is unique and cannot be replayed.

What encryption does CRelay use?

CRelay uses AES-256-GCM for payload encryption, providing both confidentiality and integrity verification.

Encrypted API relay with replay protection.

CRelay protects sensitive API payloads beyond HTTPS with AES-256-GCM encryption, timestamp freshness, route-bound AAD, and encrypted responses.

Request private beta access View GitHub

Open SDK. Public protocol. Hosted enforcement.

Client SDK

CRelay Gateway

Your API

Encrypted Response

HTTPS protects the pipe. CRelay protects the payload.

After TLS termination, sensitive payloads may still pass through logs, proxies, queues, and internal services. CRelay adds application-level payload protection and replay defense for sensitive API calls.

After TLS termination

Once TLS terminates, your payload is plaintext inside infrastructure. Logs, queues, and proxies see everything.

Replay risk

Without replay protection, captured requests can be replayed. Identical payloads accepted twice means double charges, duplicate actions.

Route confusion

Without route-bound AAD, a valid encrypted payload may be accepted in the wrong context.

How it works

SDK encrypts request

Your client SDK encrypts the request payload with AES-256-GCM, binding the AAD to method, path, and tenant.

Gateway verifies AAD, freshness, and replay

The gateway checks timestamp freshness, validates the AAD matches the route, and rejects replays.

Gateway forwards to allowlisted upstream

Only pre-approved target URLs receive the decrypted request.

Gateway encrypts response back to SDK

The upstream response is encrypted with response-specific AAD before returning to the client.

CRelay operates within a trusted gateway boundary: the gateway decrypts requests to validate and forward them, then encrypts responses before they return to the SDK. This is how replay protection, AAD verification, and allowlist enforcement work in practice.

Security features

AES-256-GCM

Authenticated encryption with 32-byte keys, 12-byte nonces, and 16-byte auth tags. Industry-standard envelope encryption.

Replay protection

Every request carries a unique nonce. The gateway rejects any nonce it has already seen within the freshness window.

Timestamp freshness

Requests must arrive within a configurable freshness window (default 5 minutes). Stale envelopes are rejected.

Route-bound AAD

Additional Authenticated Data binds each encryption to a specific method, path, and tenant. Prevents route confusion attacks.

Target allowlists

Only pre-approved upstream URLs can receive forwarded requests. Prevents SSRF and unauthorized forwarding.

Encrypted responses

Responses are encrypted before returning to the SDK, using response-specific AAD (RESPONSE:/path:tenantId).

Built for developers

quickstart.ts
import { CRelayClient } from "@crelay/sdk";
const client = new CRelayClient({
  apiKey: process.env.CRELAY_API_KEY!,
  baseUrl: "https://gateway.crelay.dev",
  tenantId: "tenant_demo",
  kid: "key_v1",
  keyB64: process.env.CRELAY_KEY_B64!,
});
const response = await client.secureRequest({
  targetUrl: "https://api.example.com/internal/action",
  method: "POST",
  data: { amount: 1000 },
});

Read SDK docs Open quickstart

Open SDK. Public protocol. Hosted enforcement.

CRelay keeps the developer-facing parts transparent: the SDK, protocol, threat model, and quickstart are open for review. The hosted gateway provides the managed enforcement layer for replay protection, freshness validation, route-bound AAD, target allowlists, and encrypted responses.

Open SDK

Inspect the client-side encryption flow and integrate CRelay in minutes.

Public Protocol

Review the envelope format, AAD rules, freshness model, and threat assumptions.

Quickstart Demo

Run a local mock gateway and upstream API to understand the full encrypted request flow.

Hosted Gateway

Use CRelay's managed gateway for enforcement, replay defense, and response encryption.

Transparent enough to trust. Managed enough to be useful.

Request private beta access

Encrypted API relay with replay protection.

CRelay protects sensitive API payloads beyond HTTPS with AES-256-GCM encryption, timestamp freshness, route-bound AAD, and encrypted responses.

Request private beta access View GitHub

Open SDK. Public protocol. Hosted enforcement.

Client SDK

CRelay Gateway

Your API

Encrypted Response

HTTPS protects the pipe. CRelay protects the payload.

After TLS termination

Once TLS terminates, your payload is plaintext inside infrastructure. Logs, queues, and proxies see everything.

Replay risk

Without replay protection, captured requests can be replayed. Identical payloads accepted twice means double charges, duplicate actions.

Route confusion

Without route-bound AAD, a valid encrypted payload may be accepted in the wrong context.

How it works

SDK encrypts request

Your client SDK encrypts the request payload with AES-256-GCM, binding the AAD to method, path, and tenant.

Gateway verifies AAD, freshness, and replay

The gateway checks timestamp freshness, validates the AAD matches the route, and rejects replays.

Gateway forwards to allowlisted upstream

Only pre-approved target URLs receive the decrypted request.

Gateway encrypts response back to SDK

The upstream response is encrypted with response-specific AAD before returning to the client.

Security features

AES-256-GCM

Authenticated encryption with 32-byte keys, 12-byte nonces, and 16-byte auth tags. Industry-standard envelope encryption.

Replay protection

Every request carries a unique nonce. The gateway rejects any nonce it has already seen within the freshness window.

Timestamp freshness

Requests must arrive within a configurable freshness window (default 5 minutes). Stale envelopes are rejected.

Route-bound AAD

Additional Authenticated Data binds each encryption to a specific method, path, and tenant. Prevents route confusion attacks.

Target allowlists

Only pre-approved upstream URLs can receive forwarded requests. Prevents SSRF and unauthorized forwarding.

Encrypted responses

Responses are encrypted before returning to the SDK, using response-specific AAD (RESPONSE:/path:tenantId).

Built for developers

quickstart.ts
import { CRelayClient } from "@crelay/sdk";
const client = new CRelayClient({
  apiKey: process.env.CRELAY_API_KEY!,
  baseUrl: "https://gateway.crelay.dev",
  tenantId: "tenant_demo",
  kid: "key_v1",
  keyB64: process.env.CRELAY_KEY_B64!,
});
const response = await client.secureRequest({
  targetUrl: "https://api.example.com/internal/action",
  method: "POST",
  data: { amount: 1000 },
});

Read SDK docs Open quickstart

Open SDK. Public protocol. Hosted enforcement.

Open SDK

Inspect the client-side encryption flow and integrate CRelay in minutes.

Public Protocol

Review the envelope format, AAD rules, freshness model, and threat assumptions.

Quickstart Demo

Run a local mock gateway and upstream API to understand the full encrypted request flow.

Hosted Gateway

Use CRelay's managed gateway for enforcement, replay defense, and response encryption.

Transparent enough to trust. Managed enough to be useful.