# Ultimo > Modern Rust web framework with automatic TypeScript generation ## Docs - [API-Key Authentication](/api-keys): For server-to-server and programmatic clients, Ultimo ships an API-key middleware that validates a presented key against a **pluggable store**, resolves it to an **identity** (id + scopes), and attaches that identity to the request `Context`. Missing or invalid keys are rejected with **401**. - [API Reference](/api-reference): Complete API reference for the Ultimo web framework. - [Authorization (Guards)](/authorization): Authentication tells you *who* the caller is; authorization decides *what they may do*. Ultimo's guards let a handler declare its access requirements and enforce them uniformly — regardless of whether the caller was authenticated by [JWT](/jwt) or an [API key](/api-keys). - [Changelog](/changelog): All notable changes to the Ultimo framework are documented here. - [CLI Tools](/cli): The Ultimo CLI provides commands for generating TypeScript clients, managing projects, and development workflows. - [Database Integration](/database): Ultimo provides first-class support for database integration with both **SQLx** and **Diesel** ORMs. - [Diesel Integration](/diesel): Ultimo provides first-class support for **Diesel**, a safe, extensible ORM with compile-time guarantees. - [Getting Started](/getting-started): Get up and running with Ultimo in minutes. - [JWT Authentication](/jwt): Ultimo ships a JWT (JSON Web Token) auth middleware that verifies signed bearer tokens, attaches the validated claims to the request `Context`, and can issue tokens. It's secure-by-default: the signing algorithm is **pinned to HS256**, so `alg: none` and algorithm-confusion attacks are rejected, and token expiry (`exp`) is validated automatically. - [Middleware](/middleware): Middleware runs around your route handlers — before and after — for cross-cutting concerns like logging, CORS, security headers, and auth. - [OpenAPI Support](/openapi): Ultimo automatically generates OpenAPI 3.0 specifications from your RPC procedures, enabling integration with Swagger UI, Postman, and code generation tools. - [Performance](/performance): Performance is one of Ultimo's two headline pillars (alongside [security](/security)). Our approach is deliberately un-flashy: **measure honestly, guard against regressions, and let you reproduce everything.** No cherry-picked bar charts. - [Roadmap](/roadmap): Where Ultimo is headed. The throughline is **type-safe end to end** — define your API in Rust, get a fully-typed TypeScript client with no drift — sequenced toward a stable **1.0**. - [REST API Routing](/routing): Ultimo provides a fast, intuitive routing system for building traditional REST APIs. This page covers the standard HTTP routing with methods like GET, POST, PUT, and DELETE. For RPC-style APIs with TypeScript client generation, see the [RPC documentation](/rpc). - [RPC System](/rpc): Ultimo's RPC system provides type-safe remote procedure calls with automatic TypeScript generation. - [Security](/security): Security is one of Ultimo's two core pillars (with performance). The framework is **secure by default**, follows **defense in depth**, and aims to be **provable** (audited, no `unsafe`, public disclosure policy). - [Sessions](/sessions): Ultimo ships cookie-based session management behind the `session` feature. Cookies are a core helper; sessions are middleware over a pluggable store. - [SQLx Integration](/sqlx): Ultimo provides first-class support for **SQLx**, a fully async SQL toolkit with compile-time query verification. - [Static Files](/static-files): Serve frontend assets — CSS, JavaScript, images — directly from disk, and support Single Page Application (SPA) routing with a fallback to `index.html`. - [Testing](/testing): Ultimo ships first-class testing utilities behind the `testing` feature. The `TestClient` drives your app **in-process** — no socket, no ports, fully deterministic and fast. - [TypeScript Clients](/typescript): Ultimo automatically generates type-safe TypeScript clients from your Rust RPC procedures, enabling seamless full-stack development. - [WebSocket Support](/websocket): Ultimo provides zero-dependency, RFC 6455 compliant WebSocket support with built-in pub/sub functionality. - [AWS (ECS + Fargate)](/deployment/aws): Run your Ultimo container on AWS without managing servers. This guide uses **ECS with Fargate** — AWS manages the underlying compute. - [Azure Container Apps](/deployment/azure): [Azure Container Apps](https://azure.microsoft.com/en-us/products/container-apps) is a serverless container platform with built-in autoscaling, HTTPS, and managed identity — no Kubernetes expertise required. - [DigitalOcean App Platform](/deployment/digitalocean): [DigitalOcean App Platform](https://www.digitalocean.com/products/app-platform) is a PaaS that detects your Dockerfile, builds it, and deploys with managed HTTPS, scaling, and monitoring. - [Docker](/deployment/docker): Docker is the foundation for most deployment targets. This guide covers building optimized Ultimo images with multi-stage builds, layer caching, and production-ready configurations. - [Fly.io](/deployment/fly-io): [Fly.io](https://fly.io) runs your Docker containers on hardware close to your users. Machines boot in ~300 ms, scale to zero when idle, and deploy globally with a single command. - [Google Cloud Run](/deployment/google-cloud-run): [Cloud Run](https://cloud.google.com/run) runs containers with automatic scaling — including scale-to-zero. You pay only for actual request processing time. - [Deployment Overview](/deployment): Ultimo compiles to a **single static binary** — no runtime, no interpreter, no `node_modules`. This makes deployment straightforward on any platform that runs Linux containers or bare-metal binaries. - [Kubernetes](/deployment/kubernetes): Deploy Ultimo to any Kubernetes cluster — managed (EKS, GKE, AKS, DOKS) or self-hosted. This guide provides production-ready manifests with health checks, resource limits, HPA autoscaling, and TLS ingress. - [Railway](/deployment/railway): [Railway](https://railway.app) deploys from your Git repo with zero configuration. Push to `main` and Railway builds, deploys, and gives you a URL.