Zuplo
API Management

Programmable API Management

Write real code for your API logic, not XML workflows or JSON config files. Ship developer portals, auth, rate limiting, and monetization on a single platform — deployed globally via GitOps.

Talk to an API Expert Read the Docs
API Gateway

Inbound Policies

API Key Auth Active
Rate Limit · 100/min Active
Request Validation Active
CORS Policy Active

Everything you need to manage APIs at scale.

Authentication, rate limiting, developer portals, monetization, and full programmability — in one platform.

Programmable

If you can code it, Zuplo can do it.

Build exactly what you need with TypeScript. No XML workflows, no JSON-embedded snippets, no DSL to learn — the most extensible API gateway, period.

Learn more
Dev Portal

Developer portals that don't suck.

An auto-generated portal tied directly to your API. Customers subscribe, manage keys, and view usage analytics — always in sync with your routes and policies.

Learn more
MCP Server

Turn your API into an MCP server.

Auto-generate a fully compliant Model Context Protocol server from your OpenAPI spec. Endpoints become MCP tools that AI agents can discover and call safely.

Learn more
Rate Limit

Rate limiting, your way.

Throttle by endpoint, key, user, or any custom condition. Start with simple limits, evolve to programmable logic that reads payloads, headers, or custom metrics.

Learn more
Authentication

Authentication, without the pain.

API keys, JWT, OAuth, Basic Auth, mTLS, and secure tunnels — production-grade out of the box. GitHub secret scanning catches leaks before they ship.

Learn more
Open API

One standard through the lifecycle.

Built on OpenAPI from day one. Releases ship via git commit. Linting and CI pipelines give you developer-friendly governance without slowing teams down.

Learn more

Programmable

Real code, not config gymnastics.

Every policy is just a TypeScript function. Customize anything — roles, quotas, dynamic rate limits, transformations — and ship via git. Here's what role-based access looks like in practice.

custom-rbac-policy.ts
export default async function policy(
  request: ZuploRequest,
  context: ZuploContext,
  options: { role: string }
) {
  if (request.user.data.roles.includes(options.role)) {
    return request;
  }
  return new Response("User does not have the correct permissions", {
    status: 403,
  });
}

Need a hand writing your first policy?

Spend 30 minutes with a Zuplo architect — we'll map your APIs and sketch the policy you need, in TypeScript.

Talk to an Architect

Frequently Asked Questions

Learn about API management and how Zuplo helps your team build better APIs.

Want a demo of Zuplo? Talk to an API expert

Ship API management your way.

Free to start. Production-ready on day one. Built for teams that don't want to write XML.

Talk to an API Expert Read the Docs