How I Built an Open-Source API Gateway to Secure Backends Without Code Changes If you've ever shipped an API, you know the drill: One day it's working fine. Next day, you get alerts for SQL injection, XSS, or path traversal attempts. Adding security usually means rewriting middleware, integrating heavy SDKs, or paying enterprise prices for a WAF. I got tired of that trade-off. So I built Backport — a lightweight, open-source API gateway that sits in front of your backend and handles security, rate limiting, and caching. Zero code changes required. 🎯 The Problem I Was Solving Most small teams & indie devs don't have a dedicated security engineer Cloudflare/enterprise WAFs charge $20+/mo just for custom regex rules Adding middleware to every route = tech debt + deployment friction Mocking & caching still require separate tools I wanted something that just works out of the box, is transparent, and doesn't lock you in.…