Zuplo Changelog

The Zuplo Legacy Developer Portal will be sunset on November 15, 2025. Please ensure you migrate to the new portal experience before this date.

We're excited to announce the migration to our significantly upgraded Developer Portal experience, powered by Zudoku. This new portal delivers enhanced performance, modern design, and powerful new features for both you and your API consumers.

What's New#

Zudoku-powered Developer Portals offer a significant upgrade, including:

• Sleeker UI with improved layout and navigation
• Redesigned API Playground for more intuitive testing
• Built-in API key management interface
• Plugin-based auth with support for Auth0, Clerk, Supabase, and more
• Powerful custom page development with MDX support
• Install custom modules to extend the functionality of your documentation

You can see all the available features in our Developer Portal documentation.

Migration Required#

You must migrate your Developer Portal by November 15, 2025 when our legacy portal will be discontinued.

Check your migration status:

• Already migrated? Look for a docs folder with zudoku.config.tsx in your Zuplo project
• Need to migrate? No zudoku.config.tsx file means you need to migrate before November 15, 2025.

How to Migrate#

There are two options for migrating your legacy portal to the new experience:

• CLI Migration - Fastest approach using our command line tool
• Manual Migration - Hands-on approach with step-by-step guidance

Our migration guide has all the steps you need to follow.

We're announcing the end of life for Zuplo's v1 monetization product on November 15th, 2025. No new projects can be created with legacy monetization features, effective immediately.

Why We're Making This Change#

After extensive customer feedback, we've learned that our v1 monetization product lacked the flexibility you need, from pay-as-you-go pricing to self-service customer portals, advanced analytics, and multi-currency support.

Rather than building a subpar solution, we're focusing on what we do best: creating the most powerful API management platform while partnering with high quality products that provide superior monetization and billing experiences.

Our New Approach#

We're partnering with best-in-class monetization platforms to give you the best of both worlds: Zuplo's powerful API management plus specialized metering, billing and payment solutions with all the features you need.

Our first integration is with OpenMeter, a modern metering and billing platform. We've built a production-ready policy that tracks API requests in real-time, enforces usage limits, and integrates seamlessly with Zuplo's authentication system.

Plus, we've created a complete sample implementation to get you started quickly.

Migration Support#

We're committed to supporting existing monetization users through this transition:

• Continued functionality until November 15th, 2025
• Migration assistance to OpenMeter or other supported platforms
• Priority support and comprehensive documentation
• Complete examples to get you up and running quickly

Benefits#

This new approach gives you greater flexibility to choose the right monetization platform, faster innovation through specialized solutions that integrate easily with Zuplo's platform and API, better customer experiences with professional billing portals, and reduced complexity so you can focus on your API.

This release introduces significant improvements to the Zuplo CLI, rate limiting capabilities, and developer portal experience. Key highlights include a new CLI command for migrating to the redesigned developer portal, enhanced rate limiting with adaptive timeouts, and support for wildcard subdomains in CORS policies.

New Features 🎉#

• New Developer Portal Migration Command - Added zuplo source migrate dev-portal CLI command to help users migrate to the new Zuplo Developer Portal built on the Zudoku framework. This simplifies the transition to the enhanced portal experience.

• Enhanced Rate Limiting with Adaptive Timeouts - The rate limiter policy now supports adaptive and configurable timeouts, providing more flexible control over API rate limiting behavior and improved performance under varying load conditions.

• CLI Project Creation - New CLI command for creating Zuplo projects directly from the command line, streamlining the project setup workflow. See the CLI documentation for usage details.

Bug Fixes 🐛#

• OpenAPI Transpiler Type Handling - Fixed an issue where the OpenAPI transpiler now correctly defaults to "type: object" when properties are defined, ensuring proper schema generation and type safety.

• CLI Tunnel Command Validation - Added missing account argument validation for the create tunnel command in the Zuplo CLI, preventing errors when setting up local development tunnels.

Improvements 🔄#

• Wildcard Subdomain Support for CORS - The CORS policy now supports wildcard subdomains, enabling more flexible cross-origin configurations for APIs serving multiple subdomains or multi-tenant applications.

• Enhanced SSO and MFA Security - Improved security for enterprise accounts by enforcing SSO and MFA requirements, ensuring better access control and compliance with enterprise security policies.

Summary#

This release brings significant improvements to the Dev Portal, including enhanced authentication documentation, better cross-platform compatibility, and a new API key plugin feature. Key highlights include:

• Enhanced Authentication Support: Added comprehensive setup guides for 6 major authentication providers
• Improved Documentation System: Reverted to file-based routing for better performance and added admonition formatting validation
• Cross-Platform Fixes: Resolved Windows path issues for better developer experience
• API Key Enhancement: New ability to access user authentication context during API key creation

New Features 🎉#

ApiKeyPlugin Enhancement (#1360) The API key plugin now passes the auth object into the createKey callback, enabling API key services to access user authentication context during key creation. This allows for more sophisticated key generation workflows that can leverage user-specific data and permissions.

Documentation & Development Experience 📚#

Enhanced Authentication Documentation (#1258) Added comprehensive setup guides for integrating the Dev Portal with 6 major authentication providers:

• Auth0
• Azure AD
• Clerk
• Firebase
• PingFederate
• Supabase

Each guide includes step-by-step configuration instructions and best practices. Learn more about authentication setup →

Documentation Cleanup (#1265) General documentation improvements including formatting consistency and clarity enhancements across multiple pages.

Bug Fixes 🐛#

File-Based Routing Restoration (#1341) Reverted to file-based routing for documentation pages with a new serveAllFiles configuration option. This change improves performance and simplifies the documentation serving architecture.

Cross-Platform Path Resolution (#1357) Fixed a critical issue where Windows file paths (using backslashes) were not properly normalized to POSIX format (forward slashes). This ensures the Dev Portal works correctly across all operating systems.

BuildCheck Environment Type (#1356, #1358) Resolved an issue where precompiled components couldn't access environment-specific configurations. The environment type is now properly passed through the build process, enabling correct behavior in different deployment environments.

Template Link Correction (#1355) Fixed broken links in the Dev Portal template and added proper redirects for renamed configuration options to maintain backward compatibility.

Dependency Updates 📦#

Updated various dependencies to their latest versions for improved security and performance:

• zustand: 5.0.5 → 5.0.6
• @supabase/supabase-js: 2.50.0 → 2.51.0
• Shiki syntax highlighting dependencies (5 packages)
• Build tools: esbuild, fast-glob, ci-info
• Nx workspace dependencies (4 packages)

This release introduces enhanced debugging capabilities for MCP (Model Context Protocol) servers, implements OAuth protected resource discovery, and improves network reliability with automatic retry mechanisms. Additionally, we've fixed an issue with JWT service expiration times.

New Features 🎉#

MCP Server Handler Debug Mode We've added a debug mode for MCP Server handlers, making it easier to troubleshoot and develop your Model Context Protocol integrations. This enhancement provides better visibility into MCP server operations during development and testing. Learn more about MCP in Zuplo.

OAuth Protected Resource Discovery Implemented support for OAuth RFC 9728's .well-known/oauth-protected-resource endpoint for MCP OAuth flows. This standardized endpoint enables automatic discovery of OAuth-protected resources, simplifying the integration process for MCP-enabled applications. Read our guide on introducing remote MCP servers.

Enhanced Metrics Retry and Error Handling Improved the metrics functionality to automatically retry on network errors and timeouts, providing better resilience for API calls. This enhancement is now used when sending metrics to vector, ensuring more reliable telemetry data collection even during temporary network issues.

Bug Fixes 🐛#

JWT Service Expiration Time Fix Fixed an issue with JWT service expiration time handling and export options. This ensures proper token validation and prevents authentication issues related to incorrect expiration timestamps. For more information on JWT authentication, see our JWT API authentication guide.

This release introduces configurable memory sizing for the MemoryZoneReadThroughCache, improves runtime OpenAPI path handling, and fixes environment variable support for Zudoku dev portals.

New Features 🎉#

• Configurable memory size for MemoryZoneReadThroughCache - The runtime's MemoryZoneReadThroughCache now supports configurable memory size limits. This enhancement provides developers with greater control over memory allocation for cached data, helping to optimize performance while avoiding out-of-memory errors in memory-constrained environments.

Bug Fixes 🐛#

• Support for ZUDOKU_PUBLIC_ environment variables - Fixed an issue preventing the use of ZUDOKU_PUBLIC_ prefixed environment variables in Zudoku dev portals. These variables can now be properly exposed to the client-side for use in configuration and React components.

• Ignore non-method properties on OpenAPI operations - The runtime now properly ignores properties on OpenAPI opertations that are not methods. Perviously this could cause build errors.