Enterprise-Grade Open Source

Your API Gateway, Now Quantum-Safe

Drop-in replacement for Kong and Apigee with native post-quantum TLS, AI-powered threat detection, and configurable security policies. Built in Rust for maximum performance.

Get Started View on GitHub

Rust 1.75+ Go 1.23 Python 3.11+ React 19 NIST FIPS Apache 2.0

terminal

live

$ git clone https://github.com/yazhsab/qbitel-qsgw.git && cd qbitel-qsgw

$ make docker-all

$ curl http://localhost:8085/health

{"status":"ok"}

Quantum-Safe Security, Zero Compromise

Enterprise API gateway features with post-quantum TLS built into the core

🔒

Post-Quantum TLS

FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA) with hybrid X25519 + ML-KEM-768. Four configurable TLS policies to match your migration timeline.

🚀

Blazing Fast Rust Engine

Axum + Tokio-powered data plane. Async I/O, zero-copy forwarding, 10,000+ concurrent connections with sub-millisecond per-request overhead.

🤖

AI-Powered Threat Detection

Real-time anomaly detection catches quantum downgrade attacks, bot traffic, weak ciphers, replay attacks, and anomalous patterns automatically.

🎛️

4 TLS Migration Policies

Go quantum-safe at your own pace. From CLASSICAL_ALLOWED for legacy support to PQC_ONLY for maximum security.

🔄

Drop-in Replacement

Replace Kong, Apigee, or Nginx without rewriting your stack. Same routing, same patterns — with quantum-safe security added.

🛡️

Zero-Trust Architecture

JWT + API key auth, per-IP rate limiting, HSTS, CSP, CORS, role-based access control. Defense in depth at every layer.

AI-Powered Threat Detection

Six threat categories detected and classified in real time

🔴 CRITICAL

QUANTUM_DOWNGRADE

Attempts to force classical cipher suites

🟠 HIGH

WEAK_CIPHER

Deprecated cipher suites (RC4, DES, 3DES)

🟠 HIGH

BOT_ATTACK

Automated traffic and endpoint probing

🟠 HIGH

REPLAY_ATTACK

Replayed TLS sessions detected

🟡 MEDIUM

ANOMALOUS_TRAFFIC

Unusual patterns and rate spikes

🟡 MEDIUM

CERTIFICATE_ISSUE

Invalid or expired certificates

Battle-Tested Architecture

Rust data plane, Go control plane, Python AI engine — each component optimized for its role

Clients

Web / Mobile / API Consumers

PQC TLS 1.3

QSGW Gateway

Rust · Axum/Tokio · PQC TLS · Auth · Rate Limit · Reverse Proxy

:8443

REST / gRPC

Control Plane

Go · Config · Routes

:8085

AI Engine

Python · Anomaly · Bot

:8086

Upstream Services

Your APIs

SQL / Raft

PostgreSQL

Routes · Threats · TLS

:5432

etcd

Distributed Config

:2379

Admin Dashboard

React 19

:3004

🦀

Rust Gateway

Axum + Tokio data plane with PQC TLS termination, reverse proxy, and zero-copy forwarding

⚡

Go Control Plane

Configuration management, health checks, route management, and admin API on port 8085

🤖

Python AI Engine

Real-time threat classification, anomaly detection, and security analytics on port 8086

Deploy in Under 60 Seconds

One command to deploy the full stack — gateway, control plane, AI engine, and admin UI

Docker Quick Start

# Clone and start the full stack

$ git clone https://github.com/yazhsab/qbitel-qsgw.git && cd qbitel-qsgw

$ make docker-all

# Verify

$ curl http://localhost:8085/health

{"status":"ok","service":"qsgw-control-plane"}

:8443

Gateway

Rust + PQC TLS

:8085

Control Plane

Go Admin API

:8086

AI Engine

Python + FastAPI

:3003

Admin UI

React 19

QSGW vs. Traditional Gateways

The only API gateway with post-quantum TLS and AI threat detection built into the core

Feature	QSGW	Kong	Apigee	Envoy	Nginx
Post-Quantum TLS	✅	❌	❌	❌	❌
Hybrid PQC + Classical	✅	❌	❌	❌	❌
Quantum Downgrade Detection	✅	❌	❌	❌	❌
AI Threat Detection	✅	⚠️ plugin	⚠️ plugin	❌	❌
TLS Migration Policies	✅	❌	❌	❌	❌
Reverse Proxy	✅	✅	✅	✅	✅
Rate Limiting	✅	✅	✅	✅	✅
JWT Auth	✅	✅	✅	✅	⚠️ plugin
Admin Dashboard	✅	✅	✅	❌	❌
Built in Rust	✅	❌ Lua/Go	❌ Java	❌ C++	❌ C
Open Source	✅	⚠️ partial	❌	✅	✅