Skip to main content
Tusky aggregators are the HTTP layer between your applications and the Walrus decentralized storage network. Every user gets a dedicated private aggregator that serves only their content, backed by a global CDN for fast, reliable delivery.

How Aggregators Work

When a request arrives at your aggregator, the flow is:
1

Request received

A client requests a file through your aggregator URL (e.g. https://myproject.mytusky.xyz/v1/blobs/abc123).
2

CDN edge check

Cloudflare’s edge network checks for a cached copy. If cached, the response is served immediately from the nearest edge node.
3

Aggregator fetch

On a cache miss, the aggregator routes to Tusky’s aggregator infrastructure, which reconstructs the blob from the Walrus network.
4

Response delivered

The file is returned to the client and cached at the edge for subsequent requests.

URL Schemes

Your aggregator supports multiple URL patterns for accessing content:
PatternExampleDescription
/{quiltPatchId}/qp_abc123Access a file by its quilt patch ID (the most common pattern).
/v1/blobs/{blobId}/v1/blobs/blob_xyz789Access a raw Walrus blob by its blob ID.
/v1/blobs/by-quilt-patch-id/{quiltPatchId}/v1/blobs/by-quilt-patch-id/qp_abc123Alternative verbose path for quilt patch access.
The short /{quiltPatchId} format is ideal for embedding in applications and sharing links. The longer /v1/blobs/ paths follow Walrus conventions for compatibility with tooling.

CDN and Edge Caching

All Tusky aggregators are fronted by Cloudflare’s global CDN:
  • Edge caching — Popular content is cached at 300+ edge locations worldwide, reducing latency to milliseconds for repeat requests.
  • DDoS protection — Cloudflare’s Web Application Firewall (WAF) protects your aggregator from volumetric attacks and malicious traffic.
  • Automatic compression — Responses are compressed with Brotli or gzip when supported by the client.
  • HTTP/3 support — Modern clients benefit from QUIC-based transport for faster connections.

Fallback Aggregator

For maximum resilience, Tusky operates a fallback aggregator on separate infrastructure from the primary aggregator stack. If the primary aggregator is unavailable, requests are automatically routed to the fallback, ensuring your content remains accessible even during infrastructure disruptions.
The fallback aggregator runs on independent infrastructure (different cloud provider, different region) to protect against correlated failures.

Security

Private aggregators provide several security benefits over public Walrus aggregators:

Content Isolation

Your aggregator only resolves content that belongs to your account. It will not serve blobs uploaded by other users.

DDoS Protection

Cloudflare WAF rules protect your aggregator from abuse, rate-limiting malicious traffic before it reaches your content.

Access Logging

Every request is logged with metadata for analytics, debugging, and audit trails.

Custom Rules

Enterprise users can configure custom WAF rules, IP allowlists, and rate limits for their aggregator.

What’s Next

Private Aggregators

Understand how your dedicated aggregator is provisioned and configured.

Custom Domains

Serve content from your own branded domain.

Analytics

Monitor traffic, bandwidth, and top files across your aggregator.