plumbus sender-constrained requests

Make stolen tokens useless.

Plumbus enforces Proof-of-Possession semantics at the API edge: requests must come from the same device that obtained the credential.

Without changing your IdP, token format, or application code.

What Plumbus is

Plumbus is a transparent enforcement layer that adds sender binding to existing authentication without refactoring the system.

  • enforces Proof-of-Possession semantics on API requests
  • works with existing authentication material, treating it as an opaque value
  • adds an additional cryptographic proof that binds requests to a client-held key
  • does not inspect, parse, or interpret authentication material
  • does not replace or modify your identity provider
  • does not change authentication formats or application logic
  • does not introduce tracking, fingerprinting, or behavioral identification

Why Plumbus

  • Seamless adoption — can be introduced or removed without changing existing authentication or application code.
  • Gradual rollout — enforcement can be enabled progressively and expanded as confidence grows.
  • Distributed by design — enforcement scales naturally with the system without concentrating load or risk.
  • Stateless by design — introduces no shared or persistent security state and no new attack surface.
  • Contained failure modes — failures affect request enforcement only, not identity or authentication state.
Demo