Acrossedv1.0

Decide before
you serve.

An open decision layer that judges every request — bots, scrapers, abusers, brute-forcers — in less than a millisecond, and lets the rest pass.

Get startedStar on GitHub
< 1 ms
engine p50 latency
25k req/s
per CPU core
0 bytes
of your traffic stored
server.ts
$
1
2
3
4
5
6
7
8
9
10
11
12
13

// each line will explain itself in a moment

acrossed.comlive · p50 0.6 ms
0.6 ms
p50 engine latency
2.4 ms
p99 engine latency
25,000 req/s
sustained per CPU core
0 bytes
of request bodies stored

How it works

Three steps. No infrastructure to run.

Acrossed is a hosted decision engine. You send us a request fingerprint, we answer in under a millisecond. There's nothing to deploy and nothing to scale on your end.

  1. 01

    Install the SDK

    One package per language — Node, Python, or Go. Get an API key and an HMAC signing secret in under a minute.

  2. 02

    Define your rules

    Block IP ranges, geos, paths, headers. Add per-IP rate limits. Combine in any order — first match wins.

  3. 03

    Get sub-ms decisions

    Every request to your app calls /check. We return ALLOW or DENY, signed. You enforce — we just decide.

Security model

Cryptographically sound. Deliberately stateless.

We're a security layer, so the security has to be the boring part. Here's exactly what we do — no buzzwords, no certifications we don't have.

AES-256-GCM at rest

Your rules and signing secrets are encrypted before they touch the database. The encryption key never leaves the engine process.

HMAC-SHA256 in flight

Every response is signed with your project's secret. The SDK verifies before honouring — so a man-in-the-middle can't forge an ALLOW.

Stateless on your traffic

We never persist request bodies, headers, or response payloads. /check carries a small fingerprint that we evaluate and forget.

Fail-open by default

If our API is unreachable, the SDK returns ALLOW so an Acrossed outage cannot take your app down. Flip a flag to fail-closed if you want stricter behaviour.

From the teams using it

Built for engineers who read the code.

We were rebuilding our auth stack and needed rate limiting without adding Redis to the mix. Acrossed was three lines of middleware and we were done. The latency headroom is negligible.

M
Marcus T.
Staff Engineer, fintech startup

The fail-open default is exactly the right call. Our security vendor should never be the reason our app goes down. We ship with Acrossed in front of every internal service.

P
Priya N.
Platform Lead, SaaS company

I read the entire SDK source before using it. It's 180 lines. No magic, no hidden network calls. That's rare in the security space and it matters a lot to us.

D
Daniel K.
Senior Backend Engineer
Free
Drop Acrossed in front of one app and try it.
$0forever
Start free
  • 10,000 decisions / month
  • Up to 5 active rules
  • Default <slug>.acrsd.dev subdomain with TLS
  • AES-256-GCM encrypted rule storage
  • HMAC-SHA256 signed responses
  • JS, Python, and Go SDKs
Most popular
Pro
For production apps with real traffic.
$19per month
Upgrade to Pro
  • 1,000,000 decisions / month
  • Up to 100 active rules
  • Up to 3 custom domains with on-demand TLS
  • Country-level geo blocking
  • Per-IP rate limiting at engine speed
  • Pay-as-you-go: $0.10 / extra 1K
Scale
SaaS, marketplaces, and high-traffic APIs.
$99per month
Upgrade to Scale
  • 10,000,000 decisions / month
  • Up to 500 active rules
  • Up to 10 custom domains with on-demand TLS
  • Country-level geo blocking
  • Per-IP rate limiting at engine speed
  • Pay-as-you-go: $0.08 / extra 1K
Business
For teams that need audit logs and multi-region.
$299per month
Upgrade to Business
  • 50,000,000 decisions / month
  • Up to 2,500 active rules
  • Up to 25 custom domains with on-demand TLS
  • Audit log export (CSV, JSON)
  • Multi-region routing (US + EU)
  • Pay-as-you-go: $0.05 / extra 1K
  • Priority chat support
EnterpriseCustom
Custom volume, custom contract, direct line to the maintainer. · Unlimited decisions (custom-priced) · Direct Slack channel with the maintainer · Custom contract & invoicing terms
Contact sales
Pay-as-you-go is on by default for Pro, Scale, and Business.
Outgrew your monthly cap? We keep deciding — overage is billed at the end of the cycle at your plan's per-1K rate. Toggle off in your dashboard if you'd rather hard-cap.
Free tier · 10,000 decisions / month

Ship the gate in five minutes.
No credit card. No agent. No infra to run.

Install the SDK, define a rule, deploy. If you outgrow the free tier, upgrade. If you don't, stay free forever.