Acrossed
Live • 96 µs median decision

The rule engine your firewall wishes it was.

Encrypted, signed, sub-millisecond. Drop one line into your backend and start enforcing IP, geo, header, and rate-limit rules from a dashboard your team can actually live in.

Start free — 10K checks / monthRead the docs
app.ts
import { Acrossed } from "acrossed";

const ac = new Acrossed({
  apiKey: process.env.ACROSSED_KEY!,
  signingSecret: process.env.ACROSSED_SECRET!,
});

app.use(async (req, res, next) => {
  const { decision, reason } = await ac.check(req);
  if (decision === "deny") return res.status(403).send(reason);
  next();
});

Drop into any stack

node.jspythongonext.jsfastifydjangorailslaravel

Live from production

A decision faster than your DB cache can answer.

Every check runs against in-memory rule state. No DB round-trip on the hot path. The number below is a real percentile pulled from the live production engine.

P50 latency
78 µs
SLA
99.99%
DB calls / check
0

Built for production

Every safety primitive your team will ask for, before they ask.

Cryptographic by default

Every request is HMAC-SHA256 signed against the raw bytes — no replay, no impersonation, no JSON-canonicalisation gotchas.

Sub-millisecond decisions

Rules live in memory. The hot path never touches Postgres. A hit on your blocklist resolves in 80 microseconds.

AES-256-GCM at rest

Rules and signing secrets are encrypted with a 32-byte master key. Even with database access, an attacker sees opaque blobs.

Custom domains, free TLS

Bring your own domain or use the default <project>.acrsd.dev. Caddy mints a Let's Encrypt cert on first request automatically.

Rate-limit anything

Sliding-window counters keyed by IP, header, or both. Bounded memory, automatic eviction, no Redis required.

SDKs you can audit

JavaScript, Python, and Go — each under 200 lines, zero dependencies, MIT licensed. The whole pipeline is yours to read.

Three SDKs, one engine

Drop in the language you already ship in.

import { Acrossed } from "acrossed";

const ac = new Acrossed({
  apiKey: process.env.ACROSSED_KEY!,
  signingSecret: process.env.ACROSSED_SECRET!,
});

app.use(async (req, res, next) => {
  const d = await ac.check(req);
  if (d.deny) return res.status(403).send(d.reason);
  next();
});

Pricing

Predictable. No per-rule pricing tricks.

Pay for the volume of decisions you make. Custom domains, alerts, and SSO are bundled into the tier — no a-la-carte.

Free
$0/ forever

Everything you need to ship a side project safely.

  • 10,000 decisions / month
  • 5 active rules
  • 1 default acrsd.dev subdomain
  • Sub-millisecond engine
  • HMAC-signed checks
Start free
Most popular
Pro
$29/ per month

For teams shipping serious traffic in production.

  • 1,000,000 decisions / month
  • 100 active rules
  • 3 custom domains
  • Country-level geo blocking
  • Email alerts on rule hits
  • Priority support
Upgrade to Pro
Enterprise
$499/ per month

For platforms with audit, SSO, and uptime requirements.

  • 100M decisions / month
  • 5,000 active rules
  • Unlimited custom domains
  • Dedicated routing region
  • Audit log export
  • SSO / SAML
  • 99.99% SLA
Contact sales

Stop writing if-statements.
Start enforcing rules.

Spin up a project, copy your API key, paste 4 lines into your backend. Your team owns the rules — not your codebase.

Start free →Read the docs