Perishable vs Cloudflare AI Gateway
Cloudflare AI Gateway is a hosted edge layer for observability, caching, and rate limiting across AI providers. Perishable is a self-hosted proxy focused on keeping API keys out of client binaries. The differences are where the secret lives and what the browser sees.
| Dimension | Perishable | Cloudflare AI Gateway |
|---|---|---|
| Primary job | Don't leak the upstream API key from the browser or mobile binary. | Observability, caching, rate limiting, and fallback for AI calls at Cloudflare's edge. |
| Deployment shape One line of code to get started, per Cloudflare's docs. | Self-hosted Node process you run. | Hosted on Cloudflare's edge; you wire it in by changing a base URL. |
| Where the upstream key lives | In your server-side env. Never touches the browser. | Not specified in the public docs we reviewed; consult the Get Started guide for the exact model. |
| Browser fingerprinting / bot protection | Built-in: entropy collection + fingerprint hash bound to each JWT. | Not part of the AI Gateway's public feature surface (Cloudflare provides bot management as a separate product). |
| Short-lived client tokens | JWT sessions, short TTL, fingerprint-bound, refresh via SDK. | Not the documented mechanism; the gateway focuses on routing and observability rather than client auth. |
| Caching | Out of scope. | Yes — caching is a core feature. |
| Analytics and logging | Local logs from the proxy process. | First-class: analytics and logging across providers. |
| Rate limiting | Per-fingerprint, configurable points-per-window in the proxy. | Built in at the gateway level. |
| Provider support | OpenAI-compatible: OpenAI, Anthropic (via base URL), OpenRouter, Ollama. | OpenAI, Anthropic, Google, Workers AI, Replicate, and others. |
| Vendor coupling | None. Node, MIT, runs anywhere. | Cloudflare account required. |
| Best fit | Apps where the threat model is 'key in client binary' and the priority is owning the path. | Teams already on Cloudflare who want edge observability and caching for server-side AI traffic. |
What Cloudflare AI Gateway gives you that Perishable does not
Cloudflare AI Gateway is, by design, a feature-rich observability and control plane for AI traffic. Per their public documentation, it provides analytics and logging, caching, rate limiting, request retries, and model fallback across a broad set of providers — OpenAI, Anthropic, Google, Workers AI, Replicate, and more — wired in with a single line of code change.
If you are already on Cloudflare, those features come with the ecosystem you already use. The integration is genuinely one line: change your base URL to the gateway. You get dashboards. You get caching. You get retries. Perishable does none of that.
What Perishable gives you that Cloudflare AI Gateway does not
The narrow thing: a browser SDK that handles fingerprinting and entropy collection, plus a proxy that issues short-lived JWT sessions bound to that fingerprint. The point is the client. The threat model is “my React Native app has my key in it and a competitor is racking up my OpenAI bill at 4am”.
Cloudflare AI Gateway is not framed around that problem. It assumes you already have a server-side caller and you want to put a smart edge in front of it. If your traffic originates from the browser and you want a token-rotation story that does not require you to write your own session service, Perishable is the smaller tool that does that specific job.
When you might want both
Stack them. The browser talks to Perishable (fingerprint, entropy,
JWT, rate limit). Perishable’s OPENAI_BASE_URL points at your
Cloudflare AI Gateway endpoint. The gateway routes to the actual
provider with its caching, logging, and fallback features turned on.
You end up with: keys never in the client, sessions that expire on a short clock, plus edge caching and analytics. Two layers, two jobs.
When you should just pick one
If you have no client-side calls at all — all your AI requests come from your backend — Perishable’s client SDK is irrelevant and a gateway alone is the right call.
If you have only client-side calls and want the minimum number of moving parts, Perishable alone (running on a small VM, or as a container next to your app) is the simpler shape and you can add a gateway later if you need analytics.
The honest answer to “which one” is “what is the actual problem”. For key-in-binary, Perishable. For edge analytics and routing, Cloudflare AI Gateway. For both, both.
This comparison is grounded in each project's public docs as of 2026-05-31. If something has moved, open an issue.