Tutorials, best practices, product updates, and deep dives from the Zuplo team.
191 posts
No posts found. Try a different search or topic.
Wallarm's 2026 API ThreatStats Report reveals APIs account for 43% of CISA's exploited vulnerabilities. Here's what the data means and how to protect your APIs.
Apigee Edge is reaching end of life, and migrating to Apigee X isn't your only option. Learn why teams are choosing Zuplo as a modern, developer-first alternative.
Explore five API monetization success stories from Plaid, AssemblyAI, OpenAI, Algolia, and SendGrid to see how usage-based pricing drives revenue at scale.
When a backend fails, retry storms can make recovery even harder. Learn how to implement the circuit breaker pattern as custom TypeScript policies in Zuplo to automatically stop traffic to failing services, with per-route thresholds and RFC 7807 error responses.
WebMCP is a proposed W3C standard that lets websites declare their capabilities as structured tools that AI agents can call directly in the browser.
TypeScript surged 66% to become GitHub's most-used language, driven by AI coding tools. Learn why a TypeScript-native API gateway gives you a real edge.
There's no one-size-fits-all model for modern API pricing. Monetization engines should go beyond default pricing models with granular control and programmability when needed.
Walk through adding API key auth, rate limiting, schema validation, a developer portal with self-serve keys, and an MCP server to a Lovable app using Zuplo and an OpenAPI spec.
Thousands of public Google API keys silently gained Gemini AI access, leading to data exposure and an $82K bill. Here's what went wrong and how to stop it.
Piecing together separate systems to monetize an API is a hassle. That's why we put native metering and billing into the API gateway itself.
A three-part series on API monetization: what to count, how to structure plans, and how to decide what to charge. Start here for the full picture.
Get clear tiers, a comparison table, and reasoning so you can price your API with confidence and move on to implementation faster.
Five concrete ways to reduce AI and LLM costs using your API gateway — semantic caching, rate limiting, spend limits, model routing, and token-based billing.
A practical guide for startup teams choosing an API management platform — must-have features, common traps, and why you don't need enterprise pricing to get enterprise features.
Learn the most common API pricing models and how to choose the right one to optimize how you generate revenue from API-based products.
Learn how API pricing plans and phases work: tiers, trials, rate cards, included usage, overages, and modeling what you're selling.
Welcome to API Monetization 101! Learn how API metering and quota enforcement work: meters, features, hard vs soft limits, and how to enforce usage at the gateway.
As AI technologies usher in more backend API calls, organizations are well-positioned to monetize access to valuable data and functionality.
Highly flexible metering, product catalog, Stripe integration, and real-time enforcement, all built into your API gateway. Now available in private beta.
Why GitOps matters for your API gateway: PR reviews, branch environments, and a single source of truth. Learn how Zuplo gives you all of it by default, with no extra tooling.
Learn what geolocation routing is and how to implement it on your API gateway to route requests to region-specific backends for better performance, compliance, or data residency requirements.
Learn what canary routing is and how to implement it on your API gateway to safely test new backends with a subset of traffic before rolling out to all users.
Learn how to implement Stripe-style environment-based routing using API key metadata to direct requests to sandbox or production backends through a single API endpoint.
The API economy has shifted entirely to revenue. Learn the best billing models, how to implement them in minutes, and why programmable gateways like Zuplo have made legacy solutions obsolete.
Semantic caching returns cached responses for requests with similar meaning, not just exact matches. Learn how it reduces costs, speeds up responses, and how to implement it with Zuplo.
AI coding assistants are now excellent at using CLIs, so when does building an MCP server actually make sense? The answer has less to do with developers and more to do with everyone else in your user's organization.
Everyone has an opinion on MCP's future. We asked the people actually building with it what they think about adoption, security challenges, and whether the protocol has staying power for our State of MCP report.
MCP Apps are a new standardized way for users to interface with services and agentic capabilities in tools they already use every day, like ChatGPT. Zuplo MCP Server Handler is a perfect companion for building robust apps with delightful user experiences and agentic capabilities!
Explore how to secure your API using both API Keys and JSON Web Tokens (JWT), understanding their benefits, challenges, and implementation strategies.
A comprehensive evaluation of the top 10 API management tools for 2026, focusing on edge performance, AI agent readiness, MCP support, and GitOps workflows for modern architects.
Catch up on our most recent MCP Week. Featuring MCP prompts, custom tools, GraphQL-to-MCP, enterprise governance with MCP Gateway, and building ChatGPT apps with the OpenAI Apps SDK.
Zuplo now supports the OpenAI Apps SDK for building interactive widgets inside ChatGPT using an MCP server. See how to create MCP resources, configure the required metadata, and render custom apps directly in the chat interface.
Zuplo's MCP Gateway gives enterprises a single control plane for all their MCP servers. Create virtual servers with team-specific tools, enforce RBAC policies, and stop shadow MCP sprawl without blocking productivity.
Turn any GraphQL API into an MCP server in minutes with Zuplo. Add authentication, rate limiting, and let AI agents query your GraphQL schema automatically.
Direct API-to-tool mapping works for simple operations, but complex workflows need more. Learn how to use Zuplo to build custom MCP tools that orchestrate multiple API calls and apply business logic server-side.
MCP tools give agents capabilities. MCP prompts tell them how to use those capabilities. Learn how to implement reusable prompt templates in your Zuplo MCP server.
A look back at how the Model Context Protocol went from quiet launch to rapid industry adoption, solving the AI integration problem and winning over OpenAI, Google, and thousands of developers along the way.
The new Galileo Tracing policy for Zuplo AI Gateway gives you automatic observability for LLM applications. Track performance, debug issues, and optimize costs without writing instrumentation code.
x402 is an open payment protocol that lets AI agents autonomously pay for APIs and MCP servers with stablecoins. No accounts, subscriptions, or manual approvals required.
From Runtime Errors to Compile-Time Guarantees
Learn what MCP Resources are and how they differ from MCP Tools. Discover how application-controlled context works in the Model Context Protocol and when to use Resources for AI interactions.
To celebrate the launch of Zuplo's AI Gateway, we released a week of videos and blog posts covering spec-driven development, observability, and autonomous agent preparedness as well as deeper dives into getting started with the gateway itself. Catch up on AI Week here.
AI agents need fundamentally different APIs than human developers. Emmanuel Paraskakis breaks down the authentication, billing, and design challenges most companies face when preparing their APIs for autonomous agent traffic, plus his top three priorities for getting ready.
Set up goose, Block's open-source AI agent, with Zuplo AI Gateway for better visibility into token usage, costs, and security.
Unlike traditional ML, GenAI apps don't learn from production data. See how Opik and Zuplo AI Gateway enable continuous optimization for LLM applications.
Learn how to configure Claude Code with Zuplo AI Gateway for team-based cost controls, self-serve API keys, and real-time monitoring of your AI spend.
Tessl CEO Guy Podjarny explains spec-driven development: defining software through specifications instead of code. Learn the three stages of adoption and how Tessl's framework makes AI agents reliable for production use.
Managing OpenAI API keys for LangChain apps is challenging. Learn how to add usage tracking, cost controls, and security features to your LangChain application with two simple code changes using Zuplo AI Gateway.
Transform how your organization builds AI applications with Zuplo's AI Gateway. Including centralized cost controls, security guardrails, and provider flexibility, all without vendor lock-in.
As one of the world’s leading weather data providers, AccuWeather delivers trusted, hyper-local forecasts through hundreds of APIs that power applications across industries. With this launch, developers can now access those APIs through a modern, streamlined portal built on Zuplo.
How to build reusable prompt templates using Zuplo's MCP Server capabilities. Complete implementation guide with code examples, best practices, and configuration steps for standardizing AI interactions.
Learn how prompt injection attacks threaten MCP servers and AI agents. Discover detection techniques and implement Zuplo's protection policy to secure your AI-powered APIs from malicious prompts.
Learn how to add a Model Context Protocol (MCP) server with OAuth authentication to your existing API in Zuplo, making it accessible to AI agents while maintaining enterprise-grade security.
A major update to Zuplo's built-in developer portal delivers a sleeker interface, modernized architecture, and smarter tools for API testing and exploration that enables enhanced API documentation and developer experience.
We recently released the ability to create remote Model Context Protocol (MCP) servers for any API in Zuplo. To coincide with this we release a whole week of videos covering that, and other related topics such as AI agents, LLM API discovery, security policies and best practices.
AI agents are revolutionizing API usage and why smart companies are racing to embrace rather than block this unstoppable wave of traffic. It uncovers the technical challenges and massive opportunities that come with autonomous agent access to help engineering teams get ahead of the curve.
Prompt Injection Detection blocks malicious prompt poisoning attempts, while Secret Masking automatically redacts sensitive information from outbound requests. Essential protection for MCP servers and any API endpoints that interface with LLMs.
AI agents connecting to APIs fail 75% of the time due to poor planning, tool overload, and complex business logic. In this article, Superface CTO Zdenek "Z" Nemec explains how specialist agents and the 10-tool rule can to help fix that.
Using our new MCP Server Handler you can transform any API you manage through Zuplo into a remote Model Context Protocol (MCP) server.
As part of MCP Week, API Strategy Expert Kevin Swiber shares key insights into MCP Server design challenges and how it will help to inspire the next generation of developers.
Learn how to securely identify and verify bots and agents with HTTP Message Signatures (RFC9421) using Zuplo’s Web Bot Auth policy.
Learn how to generate OpenAPI documentation for your Rails API using OasRails.
Learn about CentralMind a universal MCP-Server for your Databases optimized for LLMs and AI-Agents.
Learn about ORPC a TypeScript library for API routing, validation, documentation, and type safety.
Learn how to deal with different units and quantities consistently and cleanly in your API using unitsnet - a library that makes compatibility and conversion simple.
Learn how to build a REST API using Go and Huma - a lightweight framework with built-in support for OpenAPI.
Learn how to build a REST API using C# and .Net. This tutorial covers build a Web API, connecting a database, hosting on azure, adding authentication, and generating a developer portal.
Learn how to build Ruby on Rails compatible REST APIs that are fast, modern, and developer-friendly using Rage.
Learn how to adopt API-first practices in Scala using modern tooling like OpenApi4s.
Learn how to expose REST API endpoints for your gRPC server using gRPC API gateway - a framework that includes OpenAPI support, documentation, error handling, and streaming support.
Learn how to build an API with Java and Spring Boot. Implement API rate limiting, API key authentication and build an API developer documentation portal.
Learn how to define and document API workflows using the Arazzo spec, and how to work with this spec in PHP.
Learn how to build an API with Python and Flask. Implement API rate limiting, API key authentication and build an API developer documentation portal.
Learn how to automatically document your API's behavior us a local-first tool called Demystify.
Explore the benefits, trade-offs, and real-world applications of deploying APIs at the edge.
Learn why you should start treating APIs as complete ecosystems – covering development, deployment, maintenance, and consumption.
Learn how to build a PHP API using Laravel, generate OpenAPI documentation with Scramble, and secure it with Zuplo - all for free!
Learn how to create a fully server-driven Go CLI from your REST API using OpenAPI and Climate.
Learn how to build, host, and secure an API with Python and FastAPI for free using Render and Zuplo. Implement auth, rate limiting, and autogenerate documentation.
Learn how to build an API with Ruby and Sinatra. Implement API rate limiting, API key authentication and build an API developer documentation portal.
Learn how to extract data from a JWT and use it to implement access control on your API.
Zuplo launches dedicated managed and full self-hosted versions of their popular programmable API gateway.
Learn how to reduce the number of API calls your client application has to make. Using orchestration to combine calls in parallel via a single request will improve performance and create a better experience for your users.
Developers hould be able to build great API references and documentation for free, that's why we've open-sourced our framework so everyone can use it.
Discover why linting your OpenAPI specification is so important and how you, and your users will benefit from adding it to your development workflow.
Learn how to quota an API in minutes with Zuplo
APIs are the connectors that link AI models to the wild and tangled world of data and applications, ensuring everything runs smoothly behind the scenes. Without APIs, AI would be pointless.
Master JSON Schema to enhance data integrity and streamline your API development. Discover how to design robust schemas, validate JSON data, and apply best practices for data-driven projects with our detailed guide.
Ride the AI wave with your Firestore API
Start monetizing your Firestore API users. Learn how to add API monetization to your Firebase API.
Build a great DevX for your Firestore API users. Easily create a beautiful developer portal for your API, and protect it with API request validation.
Get your Firestore API secured using API key authentication
Learn how to use Zuplo and Firebase to securely expose your Firestore data via REST API
Zuplo and OktaFGA have teamed up to offer an integration that enhances your organization’s API security and simplifies access control
Let's face it, bugs happen. Here's how you can use Zuplo to solve them
Learn how Zuplo's Complex Rate Limiting policy makes building a customizable, dynamic rate limiting system easy.
Announcing the release of our OpenTelemetry plugin, created to help you collect and export telemetry data from your Zuplo API efficiently. It implements tracing
Introducing API monetization, improved portal, new policies, AI-powered doc search, and unified infrastructure on Zuplo.
Learn how to build a custom query language & parser using Peggy.js and Github Copilot. See how to securely let users query using Zuplo's programmable API Gateway
Learn how to integrate Clerk with Zuplo for seamless API authentication
Discover six ways to market your API in today's crowded tech market
A rebuttal to critics of API key authentication. We think that API keys are the best way to secure your API for these reasons.
Learn about Zuplo's new native API monetization feature.
Learn how to build a ridiculously good API developer experience with these important tips.
Want to increase API revenue? Focus on your API quality - primarily on documentation, performance, and monetization experience.
Learn how to make API governance easier for your team to adopt, through your API gateway, OpenAPI, and automation.
Discovery the powerful new AI feedback feature in RateMyOpenAPI that can even suggest fixes for your OpenAPI file!
Learn the benefits of deploying your API to the edge, and how a global deployment can make international API business expansion easy.
New years updates for 2024
Learn about our new pricing at Zuplo
Learn how to create a business around your API, turning it from a hobby project to a revenue generator.
Monetizing APIs has never been easier with Zuplo and Moesif. Combine Moesif's flexible API monetization with Zuplo's powerful API gateway.
Imburse Payments are a leading payments middleware provider in the insurance market. They shared why they chose Zuplo API management over Azure API management
Learn how to build feedback loops within your API product development.
GitOps is eating infrastructure. APIs are next.
Zuplo raises $9M to democratize API Management
How API key authentication can improve your API's Time To First Call (TTFC)
Rate and fix your OpenAPI spec with RateMyOpenAPI
All Zuplo Developer portals now include a playground that makes it super easy for end-users to test your API.
Learn how to rate limit your OpenAI API requests to save money and improve security
We're excited to announce that you can now run Zuplo locally on your machine using the Zuplo CLI
Learn how to cache OpenAI API responses to save money and improve performance
Learn how to use Supabase's easy Auth in your API Developer Portal
Making money from your API is easy with Zuplo - let's see how! Learn to monetize your Supabase API.
Now that you have the API, you'll be surprised at how easy it is to get the documentation
Let's see how to handle each user's request differently in your API
The first day of the Supaweek will start with a production-ready API using OpenAI
Learn how to quickly setup PropelAuth authentication on your API, at the API Gateway layer.
Learn about Backend for Frontend (BFF) authentication and how to implement it with a Javascript backend.
We like to move fast... so fast we're already updating to v2
Latest updates to the API Developer portal, including key rolling.
Self-serve analytics for the developers using your API
Announcing Zuplo's Open source API key manager component for React
Announcing a week of API Key related content
We introduce a video interview and series of posts on one facet of Facebook's incredible culture - posters!
Learn how Zuplo's API Gateway helps build the right abstraction of your services in order to allow zero-downtime migration of authentication providers.
Imburse Payments, a UK fintech, selected Zuplo over Azure API Management to optimize the API experience for their customers and have the best workflow for their engineering team
Accelerating time to market for API builders everywhere and making API management accessible to the masses
Create a JWT token for your Firebase user easily with firebasejwt.com
Easily transform Firebase Firestore Data into a user-authenticated API using Firebase.
Easily transform Firebase Firestore Data into a public API using Firebase admin authentication.
Announcing our new Mock API policy that allows you to develop a mock API in record time using examples in your OpenAPI document
Ben Garvey, CTO at Common Paper talks about how they accelerated their API program using Zuplo
Choosing REST APIs for your external users provides a quicker onboarding experience. Learn how to translate your existing GraphQL API into a simplified REST API
Because Zuplo is OpenAPI-native, shipping a ChatGPT plugin couldn't be easier, let us walk you through it
Understand API Rate Limiting techniques and best practices from the founder of Azure API Management.
A list of some of our most popular content
A discussion with Tom Carden of Rewiring America about how they
An easier way to design APIs with Microsoft's new language TypeSpec
Better API errors with the Problem Details standard
Firebase JWT tokens are a little unusual because they don't use secrets or JWKS but have public X509 certs
useEffect can make you your own worst enemy, protect yourself with rate-limiting
Ship your ChatGPT plugin safely and quickly with Zuplo
Mirroring Docker Images to external registries with Github Actions
Zuplo now uses the OpenAPI specification standard at its core
Use Zuplo to protect your Open AI API key and rate-limit-usage
Consolidate multiple endpoints behind a single API with smart routing
How to add user-based rate limits to Supabase in minutes
How to implement a simple Query Parameter validation approach using Custom Policies
A free tool to help you sign in and get a supabase JWT token using your public anon key.
Introducing the Zuplo Free plan, the fastest way to ship your public API. This plan is perfect for developers building APIs to share with other developers
In this video, you'll learn how to make rate-limiting extraordinarily dynamic by making the rate-limiter interact with external services like Supabase & Xata
Learn the best practices for API Key Management, including api key authentication, API key security, design tradeoffs, and technical implementation details.
How to use Zuplo to take your supabase backend and make it a developer friendly, public API.
How to use Zuplo to add Supabase JWT auth to any API
Use Cloudflare Workers to force Auth0 to use a single connection for every authorization request.
Zuplo offers API Key Scanning on GitHub for API keys generated in Zuplo. API Key Leak Prevention is part of our Business and Enterprise subscriptions.
GitHub handles API versioning differently from other companies like Stripe, Twilio, etc. We think their approach is asking for trouble and limits your options
Want to know how to move clients off the old version of your API? We explain why using an API gateway for brownouts is effective your clients and for you.
Learn the best way to manage different versions of your API, and how companies like Github still get it wrong.
Learn about the 3 most important features of modern APIs - Authentication, Documentation, and Protection. Explore API Keys, Developer Portal, and Rate Limiting.
Learn how to quickly add API key authentication to your API using Zuplo.
Learn why the best API companies choose API keys over other API security methods. Explore why Time To First Call (TTFC) matters for APIs.
Learn how to run Github actions after your deploy your Cloudflare Pages.
Learn about why your API should have rate limiting, and how to implement Dynamic Rate Limiting in Zuplo.
Learn about Machine to Machine authentication and why its a good fit for securing your API. Compare using JWT vs API Key approaches.
A collection of video tutorials showcasing the power of Zuplo's API gateway.
Zuplo is the best way to build an API over AWS Lambda. Zuplo is faster and has a better developer experience than AWS API Gateway.
Get a tour of Zuplo's API management portal, exploring Zuplo's logging and analytics features. You'll be impressed by how fast Zuplo can deploy.
Learn the fastest way to set up an API Mock server using an API Gateway. Create mocks while you build out your services.
Learn how to proxy Airtable's API and connect it to a form via Zuplo.
Learn how to proxy SaaS APIs like Airtable with your Zuplo API Gateway.
Learn how easily archive every API request to AWS's S3 storage. Archive your API requests to replay them later.
Learn about Basic Authentication and how to easily implement Basic Authentication in your API using Zuplo
Protect your API from bad inputs using JSON Schema validation and Zuplo. Learn how to validate API requests using JSON schema.
Learn how to add smart routing based on token claims to your API authentication.
Learn how to quickly add JWT Authentication to your API using Auth0 and Zuplo.
Learn how to build a simple API at the Edge using Zuplo - the programmable API gateway.
Learn how to proxy an API with Zuplo and protect it with rate limiting.
Learn how to solve the "The script will never generate a response" error encountered while using CloudFlare Workers.
Tired of outdated API management? Explore the challenges in API management, unfulfilled promises, and learn about Zuplo as a solution.
