Interactive integration demos platform

Demo hosting for
DevRel teams shipping API products.

Push a ZIP, get a public URL with a secure proxy, runtime config, and webhook capture. Your prospects make real API calls — your keys never leave the server.

✓ No credit card✓ Free tier forever✓ Self-host friendly
~/demos/stripe-checkout — apiqube
Live demo

Stripe Checkout — running through apiqube

Real API calls, zero secrets in the browser. Click to load the interactive demo in an iframe.

Built for the people who run demos

Three teams, one workflow

DevRel teams
Onboard developers without writing onboarding apps
·Ship interactive SDK demos next to every release.
·Embed walkthroughs in docs without backend infra.
·Capture webhook events live during workshops.
API-first startups
Sell the integration before the contract
·Prospects can try real API calls with their own keys.
·No “sample sandbox” to maintain — your real endpoints, safely proxied.
·Per-prospect runtime config, no rebuilds.
Sales engineers
Reproducible demos that survive the handoff
·One URL per demo, version-controlled artifacts.
·Guided steps so AEs can run the same demo confidently.
·Replay incoming webhooks during the call.
Honest qualification

Is apiqube for you?

We'd rather you bounce now than churn after a contract. Here's where we win, and where we don't.

You'll get value if
You sell or evangelize an HTTP API or SDK.
Your demos make real upstream API calls (not just UI mocks).
You repeat the same demo for different prospects, students, or design partners.
You want to capture webhook events live during a call or workshop.
You’d rather spend $15/mo than maintain another Heroku app for demos.
You want viewers to use their own API keys without those keys ever touching the bundle.
!Look elsewhere if
·You need on-prem-only hosting today. We’re hosted SaaS for now.
·You want a no-code visual workflow builder. apiqube serves your code, it doesn’t author it for you.
·You need SAML SSO, granular RBAC, or audit logs today. Those are on the Team plan, which isn’t live yet.
·Your demo doesn’t need any backend or API-call layer. A static host like Vercel is cheaper for that.
Before / after

What changes the day you switch

Same demo. Different operational reality.

Without apiqube
With apiqube
Demo hosting
×Stand up another Heroku/Vercel project, configure DNS, rotate credentials.
Demo hosting
Push a ZIP. Get a public URL. Done.
API keys in demos
×Baked into the bundle or pasted in the browser. Rotated weekly out of fear.
API keys in demos
Stored server-side, injected by the proxy. Never reach the viewer’s browser.
Per-prospect runtime values
×Rebuild the demo per account. Or hand-edit configs over Slack.
Per-prospect runtime values
Declared in runtime config. Viewers fill them in the side panel; values never persisted.
Webhook events
×Spin up ngrok, hope the tunnel survives the demo. Lose events between calls.
Webhook events
Public webhook URL per project. Events stored, searchable, replayable.
Outbound request safety
×Hope the demo author didn’t accidentally enable SSRF on your prod proxy.
Outbound request safety
DNS resolve + IP filter + scheme allowlist + redirect revalidation, by default.
Quotas / cost control
×A buggy demo on a customer call quietly burns through your OpenAI bill.
Quotas / cost control
Monthly counters in Postgres. Over the cap: HTTP 402 with an upgrade payload.
What you actually get

Demo infrastructure, not slideware

Real primitives we've already shipped: SSRF-hardened proxy, runtime config, webhook receiver, atomic monthly quotas.

Secure proxy with SSRF hardening
Demos call your upstream API through /api/proxy. We inject keys server-side, block private IPs and cloud metadata, validate every redirect, and cap response size.
POST /api/proxy
{
  "projectId": "stripe-checkout-7b3a1c",
  "method": "POST",
  "targetUrl": "/v1/charges",
  "body": { "amount": 1999, "currency": "usd" }
}
Runtime config, not hardcoded
Define which values your demo needs (API keys, account IDs, account-specific URLs). Each viewer fills them in the side panel — values never end up in the bundle.
[
  { "key": "STRIPE_KEY",  "visibility": "secret", "required": true },
  { "key": "ACCOUNT_ID",  "visibility": "public", "required": true },
  { "key": "BASE_URL",    "visibility": "public",
    "defaultValue": "https://api.stripe.com" }
]
Webhook capture, replay later
Every project gets a public webhook URL. Incoming events are stored, searchable, and ready to feed into your guided flow steps.
POST /hooks/<projectId>/<token>
{ "event": "checkout.session.completed", "id": "cs_test_..." }

→ stored in project_events
→ visible in /hooks/<projectId>
→ counted in your monthly usage
Quotas that protect, not punish
Monthly counters in Postgres enforce plan limits atomically. Hit the cap and we return 402 with a friendly upgrade payload — your demo stays loadable.
// HTTP 402 from /api/proxy
{
  "code": "quota_exceeded",
  "error": "Free plan limit reached for proxy_requests: 1000 / month.",
  "usage": { "current": 1000, "limit": 1000, "metric": "proxy_requests" }
}
What you actually ship

Ship in days, not sprints

No vanity metrics. These are real guarantees the platform gives you on day one.

1 push
From ZIP to public URL

npx apiqube push extracts, prebuilds, and serves your demo under a public slug.

0
API keys leaked to viewers

Project keys live server-side. The proxy injects them per request and strips them on the way back.

5 MB · 15 s
Hard caps on every proxy call

Response size and timeout enforced for you. A runaway upstream can’t take your demo down.

21
SSRF tests between you and rogue demos

DNS resolve, IPv6 loopback, cloud metadata, redirect revalidation — all covered by unit tests.

How it works

From code to live demo in three steps

01
Push your demo
Use the CLI or upload a ZIP. We extract it into a prebuilt artifact and serve it under a public URL.
npx apiqube push
02
Wire the runtime config
Declare which values your demo needs — secrets stay server-side, public values render as a form for each viewer. Proxy requests get the right key automatically.
03
Share, observe, iterate
Send the link, watch live webhook events, follow guided steps, and check usage. Push a new version anytime — versions are kept and rollback is one click.

Ship your first interactive demo this week.

Free to start, $15/mo when you outgrow it. No seat math, no per-environment pricing.