README.md

---
title: Plot Digitizer Gateway
emoji: 🛡️
colorFrom: gray
colorTo: blue
sdk: docker
app_port: 7860
pinned: true
short_description: Public proxy for the private plot-digitizer backend
---

# plot-digitizer-gateway

Public entry point for the [plot-digitizer MCP](https://github.com/jdsanc/MixSense/tree/main/.agents/mcp/digitizer).

Forwards authenticated requests to a private backend Space. Callers authenticate
with their **own** Hugging Face read token (`Authorization: Bearer <hf_token>`);
the gateway validates it via `whoami-v2`, rate-limits per HF username, and
forwards to the backend using the gateway's own credentials.

## Required secrets

Set in Settings → Variables and secrets:

| Key                | Type   | Value                                                           |
|--------------------|--------|-----------------------------------------------------------------|
| `GATEWAY_HF_TOKEN` | Secret | Fine-grained HF token with **Read** on the backend Space        |
| `BACKEND_URL`      | Secret | e.g. `https://jdsan-plot-digitizer.hf.space`                    |

## Endpoints

```
GET  /health                  → {"status":"ok","gateway":true}
POST /v1/digitize             → requires Authorization: Bearer <user HF token>
```

## Auth flow

1. Caller sends `Authorization: Bearer <their HF read token>`.
2. Gateway validates via `https://huggingface.co/api/whoami-v2` (5-min cache).
3. Gateway rate-limits per HF username (100/day, 10/min).
4. Gateway forwards to the private backend with its own `GATEWAY_HF_TOKEN`
   (the only thing that unlocks the Space) and `X-Forwarded-User: <hf-username>`
   for backend-side attribution and rate-limiting. The caller's token is
   never forwarded.

The backend Space remains private; only the gateway can reach it.