Products

Four parts.
One flight path.

Radar finds your API surface. Sentinel enforces the contract. Talon reads intent and strikes. Vault holds the keys. Run all four, or start with one.

RADAR · DISCOVERY

GoldEagle Radar

Continuous API inventory built from live traffic. Radar watches your gateways and reconstructs every endpoint, parameter and data type actually in use.

  • Agentless traffic mirroring
  • Sensitive-data classification (PII, PCI, PHI)
  • Drift alerts when a new endpoint appears
  • OpenAPI export from observed traffic

radar — console

goldeagle radar scan --source kong --window 7d

  312 endpoints observed
   47 undocumented  (15%)
    9 exposing PII without auth  ⚠

SENTINEL · GATEWAY FIREWALL

GoldEagle Sentinel

The inline enforcement layer. Sentinel validates every request against your schema and policy before it is allowed to reach an origin server.

  • Deploys as sidecar, gateway plugin or reverse proxy
  • JSON Schema and OpenAPI contract enforcement
  • Adaptive per-identity rate budgets
  • Sub-5ms added latency at p99

sentinel — console

policy: payments-v2
  enforce:  schema, jwt, rate
  on_break: strike
  rate:     120/min per subject
  audit:    full-body retain 30d

TALON · THREAT ENGINE

GoldEagle Talon

Behavioural detection for traffic that passes every syntactic check but is still an attack. Talon scores intent and strikes when the score crosses your line.

  • Credential-stuffing and account-takeover models
  • Business-logic abuse and scraping detection
  • Per-source reputation and automatic bans
  • Tunable strike threshold, dry-run mode included

talon — console

STRIKE  203.0.113.44
  reason  credential stuffing
  signal  418 auth failures / 90s
          across 361 distinct subjects
  action  banned 24h, ticket SEC-4417

VAULT · KEYS AND IDENTITY

GoldEagle Vault

Where your API keys, secrets and machine identities live. Issue, scope, rotate and revoke credentials without a deploy.

  • Automatic key rotation on a schedule you set
  • Scoped, short-lived machine tokens
  • Leaked-credential monitoring across public repos
  • Revoke a key everywhere in under one second

vault — console

goldeagle vault rotate --key stripe-prod

  new key issued    ge_live_•••••••f31c
  old key retired   grace 60m
  services updated  7 / 7

Fits where you already are

No migration required

GoldEagle attaches to the gateway, mesh or proxy you already run. If it carries your API traffic, we can read it.

Kong

NGINX

Envoy

Cloudflare

Kubernetes

AWS API Gateway

Apigee

HAProxy

Istio

Azure APIM

Fastly

Traefik

Plans

Priced on traffic,
not on seats

Every plan includes discovery and enforcement. What changes is how much judgement, retention and human backup you get.

Nest

Free

Up to 1M calls / month

Development and staging

Start here

MOST DEPLOYED

Flight

$0.14

per million calls

Production teams

Start here

Talon

Custom

On-prem or private VPC

Regulated enterprises

Talk to sales
Feature comparison across the Nest, Flight and Talon plans
Feature Nest Flight Talon
API discovery (Radar)
Schema enforcement (Sentinel)
Behavioural detection (Talon)
Key management (Vault)
Log retention 7 days 90 days Custom
Managed SOC, 24/7
Incident response retainer
Deployment Cloud Cloud Cloud, VPC or on-prem
Support Community 8×5, 4h SLA 24/7, 15m SLA

Ready when you are

Find out what is already flying through your APIs

A 30-minute session. We put Radar on a week of your traffic in dry-run and show you the endpoints you did not know you had.