I kept building the same thing every time I shipped an API: some logging, a few SQL queries, maybe a Grafana chart — all to answer “who’s using this?” and “why are errors up?”
The fourth time I did this, I extracted it into a standalone product.
PeekAPI is a server-side middleware that captures request metadata and sends it to a real-time dashboard. The entire integration is one line:
import { peekapi } from "@peekapi/sdk-node";
app.use(peekapi({ apiKey: "pk_..." }));
Technical decisions that might interest HN:
Zero dependencies in every SDK. Node SDK uses only built-in https, crypto, fs, os. Python SDK is pure stdlib. Go, Rust, Ruby, PHP, Java — same approach. No transitive dependency tree, minimal supply chain surface.
Never stores raw credentials. Auth headers are SHA-256 hashed on the client before leaving the server. The dashboard identifies consumers by hash — it never sees API keys or tokens.
Resilient by design. Events are buffered in-memory, flushed in batches. On failure: exponential backoff (max 5 retries). After max failures or on non-retryable errors, events persist to a JSONL file on disk. Same on process shutdown (SIGTERM/SIGINT). Recovered automatically every 60s and on startup.
SSRF protection. SDKs enforce HTTPS for all non-localhost endpoints and block requests to private IP ranges.
Ingestion is decoupled from the dashboard. SDKs POST to a standalone Go ingest service (ingest.peekapi.dev) that handles geo extraction, batching, and writes to Postgres. Dashboard is a separate Next.js app that reads the same DB.
What the dashboard shows:
Real-time request stream (WebSocket via Supabase Realtime)
Per-endpoint analytics: volume, error rate, avg/p95 latency
Per-consumer breakdown: who’s calling what, how often, error patterns
Configurable alerts: error rate spikes, latency thresholds, inactivity detection
Notifications via email, Slack, Discord, Telegram, or webhook
SDKs available for:
konstantinkai•1h ago
I kept building the same thing every time I shipped an API: some logging, a few SQL queries, maybe a Grafana chart — all to answer “who’s using this?” and “why are errors up?”
The fourth time I did this, I extracted it into a standalone product.
PeekAPI is a server-side middleware that captures request metadata and sends it to a real-time dashboard. The entire integration is one line:
import { peekapi } from "@peekapi/sdk-node";
app.use(peekapi({ apiKey: "pk_..." }));
Technical decisions that might interest HN:
Zero dependencies in every SDK. Node SDK uses only built-in https, crypto, fs, os. Python SDK is pure stdlib. Go, Rust, Ruby, PHP, Java — same approach. No transitive dependency tree, minimal supply chain surface.
Never stores raw credentials. Auth headers are SHA-256 hashed on the client before leaving the server. The dashboard identifies consumers by hash — it never sees API keys or tokens.
Resilient by design. Events are buffered in-memory, flushed in batches. On failure: exponential backoff (max 5 retries). After max failures or on non-retryable errors, events persist to a JSONL file on disk. Same on process shutdown (SIGTERM/SIGINT). Recovered automatically every 60s and on startup.
SSRF protection. SDKs enforce HTTPS for all non-localhost endpoints and block requests to private IP ranges.
Ingestion is decoupled from the dashboard. SDKs POST to a standalone Go ingest service (ingest.peekapi.dev) that handles geo extraction, batching, and writes to Postgres. Dashboard is a separate Next.js app that reads the same DB.
What the dashboard shows:
Real-time request stream (WebSocket via Supabase Realtime) Per-endpoint analytics: volume, error rate, avg/p95 latency Per-consumer breakdown: who’s calling what, how often, error patterns Configurable alerts: error rate spikes, latency thresholds, inactivity detection Notifications via email, Slack, Discord, Telegram, or webhook SDKs available for:
Node.js (Express/Fastify/Koa/Hapi/NestJS), Python (ASGI/WSGI/Django), Go (net/http/Gin/Echo/Fiber/Chi), Rust (Actix/Axum/Rocket), Ruby (Rack/Rails), PHP (PSR-15/Laravel), Java (Spring Boot/Jakarta Servlet).
SDKs are MIT licensed.
Happy to go deep on any architectural decision — and would love to hear what’s missing.