Skip to main content

2 posts tagged with "api management"

View All Tags

· 2 min read
Josh Twist

Today we’re excited to introduce the Zuplo Free plan (beta), offering the fastest way to ship your public API. Zuplo is fully-managed API management that adds authentication, rate limiting, and developer documentation to any API — on any stack or cloud — in minutes.

We take care of all the boring stuff that makes a great API so that you can focus on whatever differentiates your business.

Our Free plan is perfect for developers who are building an API to share with other developers. Maybe you are building the next big API-first startup? Or you have a weekend side-gig, hackathon or hobby project that needs an API? Maybe you’re just learning how to build APIs or exploring API management and API gateways? Zuplo’s Free plan is the perfect solution, and you can relax knowing that Zuplo can grow with you - we’re already handling billions of requests per month for tiny startups and large enterprises alike.

Why free? Why now?

Zuplo was founded by Josh Twist and Nathan Totten with the goal of making API Management accessible to all. Josh founded Azure API Management at Microsoft, and Nate built much of the developer experience at Auth0.

API Management is traditionally only used by large organizations, but we believe that every business can benefit from the power of API management that is optimized for developers.

We want to democratize API management, and we do that by making it much easier to use and more affordable.

Today we’re announcing a Free (forever) plan for folks looking to get started with API management, whether you’re a total beginner or a veteran of other legacy solutions. Weekend project, hackathon, side-gig? Give Zuplo and try and let us know what you think.

Great! What do I do next?

Watch this 2-minute demo to see what makes Zuplo different in this Demo video.

Ready to start? [Sign up for free]( and explore the todo-list sample.

Come talk APIs with us and other developers Join our community on Discord.

· 2 min read
Josh Twist

One of the best things about Zuplo is it's programmable nature. That combined with our approach to making policies composable means you can do some amazing things with them, like our rate-limiter. In this video we show how you can have the rate-limiter interact with external services and data. Here we use supabase as a data-source for the limits.

Here's the key code from the sample

import {
} from "@zuplo/runtime";
import { createClient } from "@supabase/supabase-js";

const fallBackLimits = {
requestsAllowed: 10000,
timeWindowMinutes: 1,

const CACHE_NAME = "rate-limit-cache";
const CACHE_KEY = "rate-limit-data";

export async function getRateLimit(
request: ZuploRequest,
context: ZuploContext,
policyName: string
) {
const limitResponse: CustomRateLimitDetails = {
key: request.user.sub,

const userGroup =;
const cache = new ZoneCache(CACHE_NAME, context);

const cached: any = await cache.get(CACHE_KEY);

if (cached) {
context.log.debug("cache hit");
const item = cached.find((row) => row.userGroup === userGroup);
limitResponse.requestsAllowed = item.reqPerMinute;
return limitResponse;

context.log.debug("cache miss");
const supabase = createClient(
const { data, error } = await supabase.from("rate-limits").select();

if (error) {
context.log.error(`Error reading data from supabase`, error);
// return fallback rate-limit - don't want API downtime
// if this dependency is down.
return limitResponse;

const item = data.find((row) => row.userGroup === userGroup);

if (!item) {
context.log.warn(`No row rateLimitId '${userGroup}' found, using fallback`);
// return fallback
return limitResponse;

void cache.put(CACHE_KEY, data, 10);

limitResponse.requestsAllowed = item.reqPerMinute;
return limitResponse;

You could make this even higher performance by having the cache have a longer expiry, but periodically reloading the data from supabase asynchronously and pushing the results back into the cache; something like an SWR (stale, while revalidate) approach.

Get started with Zuplo for free today: Sign Up Free

See also:

Shipping a public API backed by Supabase

API Authentication using Supabase JWT tokens