A fullstack NestJS + Next.js platform with API key management, RBAC, audit logging, Redis rate limiting, and interactive documentation—all production-hardened out of the box.
Generate, rotate, and revoke API keys with bcrypt hashing, prefix lookup, IP whitelisting, and per-key rate limiting.
Three-tier hierarchy: OWNER › ADMIN › MEMBER with custom guard decorators enforced across all endpoints.
Short-lived access tokens (15m) with rotating refresh tokens (7d) and server-side session revocation.
Every mutating request is recorded to the database with automatic redaction of sensitive fields.
Global throttling via NestJS ThrottlerModule plus Redis-backed per-API-key rate limiting with sliding window.
Helmet, strict CORS, ValidationPipe with whitelist, input sanitization, and global exception filter.
/api/v1/auth/register/api/v1/auth/login/api/v1/auth/refresh/api/v1/users/me/api/v1/api-keys/api/v1/api-keys/api/v1/api-keys/:id/rotate/api/v1/admin/usersRegister
POST /api/v1/auth/register
{ "email": "you@example.com", "name": "Name", "password": "Pass@1234" }Login & get token
POST /api/v1/auth/login
{ "email": "you@example.com", "password": "Pass@1234" }Generate an API key
POST /api/v1/api-keys
Authorization: Bearer <accessToken>
{ "name": "My Key" }Call any endpoint
GET /api/v1/users/me x-api-key: <your-api-key>