Introducing PayGate

Developers donโ€™t always want to modify their backend apps just to charge for premium API features.

Summary

PayGate is a powerful iRule for F5 BIG-IP that implements pay-to-access functionality entirely at the network edge, with zero backend changes required.

Why PayGate?

  • Instant monetization of API endpoints โ€” no code changes, no redeploys
  • Flexible entitlement via tokens stored in BIG-IPโ€™s memory
  • Edge-enforced security: protected webhook, token validation, TTL handling
  • Self-contained operation: no external dependencies like Redis or iRulesLX
  • Business-aligned: measure demand, treat price as signal, and unlock revenue in hours

Architectural overview

๐Ÿงฉ How It Works

1. Protected Token Injection

Stripe sends a checkout.session.completed webhook โ†’ your Python handler which extracts the entitlement_token and sends it securely to BIG-IP (/cache-token) with a shared secret.

1
2
3
4
5
6

# iRule snippet
when HTTP_REQUEST {
  if { [HTTP::path] eq "/cache-token" && [HTTP::header "X-Webhook-Secret"] eq $static::shared_token_secret } {
    # save token into table
  }
}

2. Table-Based Caching

Tokens are stored in a BIG-IP table with a 1-hour TTL. No Redis or external caching โ€” itโ€™s all in-memory on BIG-IP.

3. Edge-Gated API Requests

When the API client requests /api/v1/hyperlocal?entitlement_token=..., the iRule:

  • Extracts the token
  • Looks it up in the table
  • If found โ†’ injects a header (X-Entitlement-Tier) and allows the request
  • If missing or expired โ†’ redirects to /pricing, where users can pay again

๐Ÿ› ๏ธ Demo & Code

  • GitHub Repo: mikeoleary/paywall-irule-demo
  • Complete iRule with webhook gateway, token cache, and premium routing
  • Python Flask webhook handler to verify Stripe events
  • /token-status and /purge-token endpoints on BIG-IP for monitoring and token cleanup (can be added easily but are not part of this demo)

๐Ÿ’ก Detailed traffic flow

๐Ÿ’ก Business Benefits

Feature Benefit
Edge enforcement No backend modifications needed
Real-time monetization Start charging premium instantly
Demand measurement Paywall conversion = clear product-market fit
Rapid iteration Change pricing, features, or TTLs without app release
Cost-efficient No extra infrastructure, all on existing BIG-IP

โœ… Whatโ€™s Next

  • ๐Ÿ“ˆ A/B pricing tests โ€” change price or TTL to optimize conversion
  • ๐Ÿ“Š Usage analytics โ€” track token issuance and redemption trends
  • ๐Ÿ“ฆ Expand features โ€” tier-based access, usage quotas, premium burst credits
  • ๐Ÿ”’ Packaging โ€” package as a blueprint or DevCentral article

๐Ÿš€ Get Started

  • Clone the repo and load PayGate iRule onto your BIG-IP
  • Deploy the Flask webhook on your VM
  • Create a Stripe product with entitlement_token metadata
  • Route /cache-token, /token-status, and /purge-token to your BIG-IP
  • Test the flow: pricing โ†’ checkout โ†’ API access

With PayGate, youโ€™ve turned your BIG-IP into a revenue-generating edge gateway, empowering API monetization in hours, not months. Let me know what you think!

Updated:

You May Also Enjoy