Zuplo vs.AWS API Gateway

Zuplo is redefining what it means to be an API Management platform and is an alternative to AWS API Gateway. With Zuplo, you can easily build and share quality APIs with other developers. Compare features, pricing, deployment options, and customizability below.

About the Products

About AWS API Gateway

AWS API Gateway is a managed service that runs on AWS. AWS API Gateway integrates deeply with other AWS services such as ESC and Lambda. Setup and deployment of AWS API Gateway is handled through the AWS console, via AWS APIs, or using tools like Cloudformation or Terraform. AWS API Gateway is often the default solution for developers building solely on AWS, and while it lacks many features of other products, it's deep AWS integration is generally the biggest selling point. Conversely, the product is AWS only so there is complete vendor lock-in.

About Zuplo

Zuplo is the best way for developers to share and secure their API with other developers. The Zuplo API Gateway is fully programmable to allow developers to customize every aspect of their gateway.


Most customers we speak with are building on AWS and have an obvious question... why would I choose Zuplo over AWS API Gateway?

Here’s a rundown of why Zuplo will get you to market faster, with the right features and with lower on-going maintenance burden:

FeatureAWS API GatewayZuplo
API Key Authentication❌ [1]✅ Unlimited keys
API Key Portal
Rate LimitingPer API Key onlyDynamic - can write code to set rate limits on each request (demo)
Edge deployment✅ (100s of datacenters WW)
Multi-cloud✅ [2]
Open API support
Policy Library✅ 32 built-in (more coming)
Max response time29s120s+
Custom Policies✅ (demo)
Dynamic Routing✅ (demo)
Hosted Developer Portal
Programmabilityvia call to Lambda - slow✅ Runs inside the gateway - fast! (demo)
Cognito JWT Auth
Open ID JWT Auth❌ requires a custom authorizer✅ built-in policy
Lifecycle Management (versioning)
Direct AWS Lambda proxy✅ (high performance)
SDK Generation❌ [3]
VPC Connectivity✅ via secure tunnel provided by CloudFlare
Reliability✅ Serving Billions of requests every month, with zero downtime to date
Stripe quality developer experience 🙌


AWS API Gateway

AWS API Gateway is primarily driven by configuration. Features are generally limited to built-in functionality. Developers can partially customize their Gateway with custom authorization policies that are written with AWS Lambda. However, due to the nature of Lambda running outside of the gateway process, there can be significant performance impacts.


Zuplo offers developers both configuration and code driven customization. For your primary uses, like configuring routing and adding authentication, simple configuration enables Zuplo to be deployed in minutes. And when those custom business rules or complex requirements inevitably surface, Zuplo is fully programmable using Javascript/Typescript that runs entirely in the gateway's process. With Zuplo, customization isn't traded for performance.


AWS API Gateway

AWS API Gateway offers good performance when exposing services hosted in AWS - especially when the consumers of those services are geographically close to the AWS Region. When dealing with multiple regions or services where performance is important, developers typically augment their Gateway solution with load balancers and caching solutions such as AWS Cloudfront or AWS Lambda Edge Cache.


Zuplo is built on the most reliable and fastest network in the world. The default Zuplo deployment is to more than 250 locations around the world with more than 90% of the global population within 50ms of an edge location. By running at the edge close to your customers, Zuplo gateway out-performs AWS API Gateway calling AWS, even when calling Lambda. Median latency is approximately the same - but Zuplo’s 0ms cold-start platform means less spikes, more consistency. Coupled with Zuplo's built-in edge caching capabilities and programmability, developers transform slow APIs into blazing fast solutions in only a few hours.

Security & Protection

AWS API Gateway

AWS API Gateway provides basic out-of-the box protections for your API including DDoS and rate-limiting. More advanced features such as filtering out common security vulnerabilities requires adding additional services like AWS WAF.


Zuplo provides best-in-class security and protection services in a single service. Zuplo uses Cloudflare's global network for the best DDoS protection and for sophisticated security mitigation. With Zuplo and Cloudflare your API is safe from common to advanced security vulnerabilities. Many new vulnerabilities (i.e. the log4j vulnerability) are patched within hours, protecting your API before any damage is done.

Deployment Options

AWS API Gateway

AWS API Gateway is deployed exclusively as a managed service on the AWS cloud.


Zuplo's default deployment is to 250+ data centers at the edge around the world. Over 90% of the world's population is within 50ms ping of our edge locations. The easiest deployment model for Zuplo is simply to deploy it everywhere with a single click in seconds. The edge deployment model works extremely well when your gateway runs in a single or many cloud or private data centers.

Additionally, Zuplo offers managed dedicated deployments for customers who want to run within their own data center. Zuplo can be deployed to Virtual Machines in Azure, AWS, GCP, etc. as well as to Kubernetes.


[1] I thought AWS API Gateway had API Keys?

Yes, but these are not recommended for authentication. See best practices in their docs. AWS API Gateway Keys are primarily for use with usage plans. Also, you are limited to 500 API Keys by default. Also, we think API Keys are the best choice for public APIs - read more.

[2] Multi-cloud

By default, we deploy your production Zuplo gateway to the edge in 100s of datacenters worldwide, it works well with any cloud (btw - you can contact us if you’re interested in a private deployment of Zuplo).

[3] Why no SDK Generation?

We believe software developers are craftspeople who feel pride in what they create; they’re passionate about sharing great developer experiences with others. We haven’t seen an approach to SDK generation that meets that pride. Generally, the feedback on SDKs generated by tools is that they are ‘meh’ at best. We don’t want to tackle this problem until we’re sure we can deliver something our customers would be proud to share with their developers.