Features
Shared edge for custom domains, with the features you'd build yourself if you had a month.
For the engineer
Plain HTTP API
POST a hostname, get a CNAME target back. No SDK required — curl works. Language SDKs for TS, Python, Go ship separately.
Original Host preserved
The upstream request carries the customer's original hostname in the Host header. Route inside your app exactly as if the customer typed your subdomain.
Metadata passthrough
Attach a JSON blob to each domain. /v1/edge/resolve gives it back on lookup. Stick workspace IDs, theme overrides, feature flags, anything.
Automatic DNS verification
Background probes check each customer's CNAME every 5 minutes. Verified/unverified shows in the portal so your support team knows exactly where DNS propagation stands.
For the TLS anxiety
Let's Encrypt, on demand
Certs issue on the first HTTPS request — no pre-provisioning. ~3 s cold, <10 ms for every subsequent request from cache.
Auto-renewal
Caddy renews certs at 60 days. If renewal fails (DNS changed, etc.), you get an alert before the old cert expires.
HSTS-safe
We never issue wildcard certs for a customer's apex — always single-hostname. Your customer's HSTS stays their own decision.
For the multi-tenant app
Projects
One Hee account, many projects. Each project is a separate API-token scope, billing entity, and domain namespace.
Per-project API tokens
Issued in the portal, shown once, revocable anytime. No shared master token you'd lose sleep over.
Role-based portal access
Invite teammates as Owner, Admin, or Member. Members view and verify; Admins issue tokens; Owners touch billing.
For the SRE
Open source edge
Caddy binary + a NestJS control plane on Postgres. Inspect every line. Run your own instance if compliance says so.
Public status page
status.hee.la — runs on Upptime (GitHub Actions). No status-page SaaS markup. Uptime history committed to a public repo.
Prometheus metrics
Per-project cert issuance latency, 5xx rate, request volume. Scrape or pull via Grafana Cloud. (Coming Phase 2.)