--- title: "Blog - Zuplo" description: "Tutorials, best practices, product updates, and deep dives on APIs and developer tools from the Zuplo team." canonicalUrl: "https://zuplo.com/blog" sourceUrl: "https://zuplo.com/blog" pageType: "other" generatedAt: "2026-04-22" --- # Insights on APIs and Developer Tools > The Zuplo blog covers API security, rate limiting, monetization, MCP/AI > agents, developer tooling, and product updates. 213 posts, newest first. Each > post links to `/blog/`. ## Recent Posts ### April 2026 - **[How to Write Your First Custom API Gateway Policy in TypeScript](/blog/write-your-first-custom-api-gateway-policy-in-typescript)** — Apr 17, 2026 Custom gateway logic usually means Lua, VTL, or C# smuggled inside XML. Zuplo lets you write middleware in TypeScript instead. - **[Custom Enterprise API Pricing with Private Plans](/blog/custom-enterprise-api-pricing-without-cpq)** — Apr 16, 2026 Every enterprise deal that needs custom pricing is a hole in your self-serve funnel. Learn how to handle it without a CPQ. - **[Meter Only Successful API Responses, Not Errors](/blog/stop-paying-for-500s)** — Apr 15, 2026 Your gateway is counting every 500, timeout, and retry against your customers. Here's how to meter only successful responses. - **[6 Stats That Should Change How You Think About API Security](/blog/q1-2026-api-agent-security-scorecard)** — Apr 14, 2026 Q1 2026 produced record-breaking API attack data and a new class of AI agent exploits. - **[Build a NestJS API with OpenAPI and Zuplo](/blog/nestjs-api-tutorial)** — Apr 13, 2026 Build a REST API with NestJS and TypeScript, generate OpenAPI docs, and secure it with Zuplo. - **[Azure APIM's New Limits Make the Case for Zuplo](/blog/azure-api-management-new-service-limits-migration-guide)** — Apr 10, 2026 Azure APIM is rolling out new resource limits across all tiers. Here's how to evaluate a migration. - **[Stanford Found 1,748 API Keys on the Open Web — Here's How to Prevent It](/blog/stanford-keys-on-doormats-api-key-security-lessons)** — Apr 9, 2026 A Stanford study scanned 10 million websites and found 1,748 live API keys. Key security lessons for API builders. - **[Apigee Needed a Simplification Tool. Zuplo Did Not.](/blog/google-open-sources-apigee-feature-templater)** — Apr 8, 2026 Google's new Apigee Feature Templater admits Apigee is too complex for most teams. - **[OpenAPI Arazzo & Overlay: Workflows and Spec Management](/blog/openapi-arazzo-overlay-specifications-guide)** — Apr 7, 2026 Learn how the OpenAPI Overlay and Arazzo specifications enable repeatable API workflow definitions. - **[AI Is Eating SaaS: Your Data Is the Product Now](/blog/ai-is-eating-saas)** — Apr 6, 2026 The SaaS UI is becoming irrelevant. As AI agents replace human workflows, the API becomes the product. - **[Building a Monetized API, Part 4: Polishing the Developer Portal](/blog/building-a-monetized-api-part-4)** — Apr 3, 2026 Connect your Zuplo project to GitHub, use Claude Code to generate documentation, and publish a polished dev portal. - **[Building a Monetized API, Part 3: Adding a Gated MCP Server](/blog/building-a-monetized-api-part-3)** — Apr 2, 2026 Add an MCP server to your monetized API and gate access to paid subscribers only. - **[How to Make AI Coding Agents Understand Your API Gateway](/blog/ai-coding-agents-understand-api-gateway)** — Apr 2, 2026 AI coding agents generate outdated Zuplo config from stale training data. Fix it with llms.txt and inline context. - **[Building a Monetized API, Part 2: Adding Monetization](/blog/building-a-monetized-api-part-2)** — Apr 1, 2026 Add usage-based billing, metered plans, and Stripe checkout to your API gateway. - **[10 API Monetization Anti-Patterns: What Not To Do](/blog/api-monetization-anti-patterns)** — Apr 1, 2026 Common mistakes teams make when charging for API access — and how to avoid them. ### March 2026 - **[Building a Monetized API, Part 1: Setting Up the Gateway](/blog/building-a-monetized-api-part-1)** — Mar 31, 2026 Before you can charge for your API, you need the gateway configured correctly. Start here. - **[Monetize Your API with Zuplo](/blog/monetize-your-api-in-10-mins)** — Mar 30, 2026 API monetization is now self-serve in Zuplo: set up plans, metering, Stripe checkout, and a developer portal. - **[Shadow APIs Outnumber Known APIs 10-to-1 in Financial Services](/blog/shadow-apis-fintech-api-gateway-governance)** — Mar 27, 2026 Shadow APIs outnumber known APIs 10-to-1 in fintech. Why API gateway governance is critical. - **[87% of Organizations Were Hit by API Attacks in 2025 — Akamai SOTI 2026](/blog/apis-number-one-attack-surface-2026-akamai-soti-report)** — Mar 26, 2026 Akamai's 2026 State of the Internet report reveals the scale of the API attack problem. - **[Why MCP Is The Doorway To API-Based Business](/blog/why-mcp-is-the-doorway-to-api-based-business)** — Mar 25, 2026 MCP is really about APIs — and the vast opportunity for companies that expose clean, well-governed APIs to AI agents. - **[How Stripe MPP Lets AI Agents Pay for Your API](/blog/stripe-mpp-for-agentic-payments)** — Mar 23, 2026 MPP is an open standard from Stripe and Tempo that lets AI agents pay for API calls autonomously. - **[Build and Secure an Express.js REST API with Zuplo](/blog/expressjs-api-tutorial)** — Mar 20, 2026 Build a REST API with Express.js, generate an OpenAPI spec, and put it behind Zuplo for auth and rate limiting. - **[APIs Are Now the #1 Exploited Attack Surface](/blog/wallarm-2026-api-threatstats-api-security)** — Mar 19, 2026 Wallarm's 2026 API ThreatStats report: APIs account for 43% of CISA's Known Exploited Vulnerabilities. - **[Apigee Edge Is Reaching End of Life — Here's a Better Path Forward](/blog/apigee-edge-end-of-life-migrate-to-zuplo)** — Mar 19, 2026 Apigee Edge is reaching end of life, and migrating to Apigee X isn't your only option. - **[5 API Monetization Success Stories](/blog/5-api-monetization-success-stories)** — Mar 18, 2026 Case studies from Plaid, AssemblyAI, OpenAI, and others on how they turned APIs into revenue. - **[How to Implement a Circuit Breaker at the API Gateway](/blog/how-to-implement-circuit-breaker-at-the-api-gateway)** — Mar 17, 2026 When a backend fails, retry storms make recovery harder. Learn how to implement circuit breaking at the gateway layer. - **[WebMCP: How Websites Will Expose Tools to AI Agents](/blog/what-is-webmcp)** — Mar 13, 2026 WebMCP is a proposed W3C standard that lets websites declare their MCP-compatible tools to agents. - **[Why Your API Gateway Should Be TypeScript-Native](/blog/typescript-number-one-language-api-gateway)** — Mar 12, 2026 TypeScript is now GitHub's most-used language. Your API gateway should match your team's stack. - **[Why API Monetization Should Be Flexible](/blog/why-api-monetization-should-be-flexible)** — Mar 11, 2026 There's no one-size-fits-all model for API pricing. Flexible monetization is a competitive advantage. - **[Make Your Lovable App's API Production-Ready with Zuplo](/blog/add-api-gateway-to-lovable-project)** — Mar 10, 2026 Walk through adding API key auth, rate limiting, schema validation, and a developer portal to a Lovable-generated app. ### Earlier 2026 - **[Google API Key Gemini Vulnerability Lessons](/blog/google-api-key-gemini-vulnerability)** — Mar 8, 2026 - **[Why API Gateways Should Handle Monetization](/blog/why-api-gateways-should-handle-monetization)** — Mar 5, 2026 - **[The Complete Guide to API Monetization](/blog/api-monetization-guide-to-charging-for-your-api)** — Feb 27, 2026 - **[Use AI to Plan API Pricing](/blog/use-ai-to-plan-api-pricing)** — Feb 26, 2026 - **[Control AI Costs at the API Gateway](/blog/control-ai-costs-api-gateway)** — Feb 26, 2026 - **[API Management for Startups](/blog/api-management-for-startups)** — Feb 26, 2026 - **[8 Types of API Pricing Models](/blog/8-types-of-api-pricing-models)** — Feb 26, 2026 - **[API Monetization Pricing Plans and Phases](/blog/api-monetization-pricing-plans-phases)** — Feb 25, 2026 - **[API Monetization Metering and Enforcement](/blog/api-monetization-metering-and-enforcement)** — Feb 24, 2026 - **[API Monetization Matters More Than Ever](/blog/api-monetization-matters-more-than-ever)** — Feb 24, 2026 - **[Zuplo API Monetization](/blog/zuplo-api-monetization)** — Feb 23, 2026 - **[Manage Your APIs with GitOps](/blog/manage-your-apis-with-gitops)** — Feb 18, 2026 - **[Geolocation Routing for APIs](/blog/geolocation-routing-for-apis)** — Feb 11, 2026 - **[What Is Canary Routing?](/blog/what-is-canary-routing)** — Feb 4, 2026 - **[Route API Requests to Different Backends](/blog/route-api-requests-to-different-backends)** — Feb 2, 2026 - **[The Ultimate Guide to API Monetization](/blog/api-monetization-ultimate-guide)** — Jan 21, 2026 - **[What Is Semantic Caching?](/blog/what-is-semantic-caching)** — Jan 15, 2026 - **[CLI or MCP?](/blog/cli-or-mcp)** — Jan 14, 2026 - **[MCP Survey Results](/blog/mcp-survey)** — Jan 13, 2026 - **[MCP + OpenAI Apps SDK](/blog/mcp-openai-apps-sdk)** — Jan 8, 2026 ## Topics Covered The blog covers these recurring topics: - **API Security** — authentication, API keys, JWT, attack surfaces, breach post-mortems - **Rate Limiting** — per-user limits, dynamic limits, enterprise throttling - **API Monetization** — metering, billing, Stripe integration, pricing models, usage-based billing - **MCP & AI Agents** — Model Context Protocol, agentic API access, WebMCP - **Tutorials** — NestJS, Express.js, Supabase, Next.js, Lovable integrations - **Product Updates** — new Zuplo features, changelog highlights - **Industry Analysis** — Akamai SOTI, Wallarm ThreatStats, competitor comparisons (Apigee, Azure APIM, Kong) - **Developer Portal** — OpenAPI, documentation, self-serve developer experience ## Feeds - RSS: [/blog/rss.xml](/blog/rss.xml) - Atom: [/blog/atom.xml](/blog/atom.xml) ## Next steps - [Start a free Zuplo account](https://portal.zuplo.com/signup) - [Read the docs](https://zuplo.com/docs) - [View the full changelog](/changelog)