REST Bridge — Reach HTTP Devices in Any LAN Without VPN

REST Bridge — Reach HTTP Devices in Any LAN Without VPN

Many devices in local networks speak HTTP but not HTTPS. Smart relays, IoT gateways, industrial controllers, home automation hubs — they expose a local REST API on port 80, unencrypted, intended to be accessed from within the same network.

The challenge is reaching these devices from outside. A VPN is overkill and requires configuration on the remote side. Port forwarding exposes unencrypted traffic to the internet. And a traditional tunnel proxy like HTTP CONNECT expects the target to speak TLS.

How the REST Bridge Works

ProxyPass solves this with the REST Bridge. Instead of setting up a proxy in your client, you send a standard HTTPS request to your ProxyPass subdomain and include three headers:

  • X-ProxyPass-ApiKey — your authentication key
  • X-ProxyPass-NodeId — which node should handle the request
  • X-ProxyPass-Target — the local URL of the device you want to reach

ProxyPass receives your encrypted HTTPS request, routes it through the tunnel to the specified node, and the node forwards it to the target device on the local network over plain HTTP. The response travels back through the tunnel, encrypted, to you.

A Concrete Example: Toggling a Shelly Relay

You have a Shelly smart relay at a remote site, controlling a piece of equipment. It sits on 192.168.1.45 and exposes a simple HTTP API. You want to toggle it from your office, 200 kilometers away.

Without ProxyPass, you would need a VPN to the site, or port forwarding (exposing the unencrypted Shelly API to the internet — terrible idea), or someone on site to press a button.

With ProxyPass, one curl command does it:

curl -X GET "https://yourcompany.proxypass.cloud/relay/0?turn=toggle" \
  -H "X-ProxyPass-ApiKey: your-api-key" \
  -H "X-ProxyPass-NodeId: your-node-id" \
  -H "X-ProxyPass-Target: http://192.168.1.45"

The request travels encrypted to ProxyPass, through the tunnel to the node at the remote site, and the node calls the Shelly's local API. The relay toggles. You get the response back. The entire round trip takes a fraction of a second.

Security: Encryption Where It Matters

The critical security detail: the only unencrypted leg is the last hop — from the node to the device, inside the customer's own LAN. Everything between your client and the ProxyPass cloud, and between the cloud and the node, is encrypted. Your API key never travels in plain text.

Full HTTP Method and Header Support

The REST Bridge supports all standard HTTP methods — GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, and TRACE — and forwards all headers to the target. Whatever the target device accepts, ProxyPass passes through completely, including custom headers your device might require for authentication or configuration.

A Unique Capability

No other tunneling service offers this mode. Traditional tunnels require the target to handle its own TLS. The REST Bridge is the only way to securely access plain-HTTP devices from outside their network without modifying the device itself.

This makes ProxyPass the natural choice for IoT fleet management, industrial monitoring, and any scenario where you need to talk to simple HTTP endpoints behind firewalls. Not sure if the REST Bridge fits your setup? Reach out — we walk through integration scenarios with every customer during onboarding.

Request Access →

An unhandled error has occurred. Reload 🗙

Connection lost

Attempting to reconnect...

Connection failed

The server is not reachable.