Changelog

This release introduces new logging integrations with New Relic and Splunk, fixes several issues with the CLI and runtime, and improves documentation for fine-grained authorization policies.

New Features 🎉

• Added New Relic logging and metrics plugin - Enable comprehensive observability by sending logs and metrics to New Relic for monitoring and analysis
• Added Splunk log transport - Stream your API logs directly to Splunk for centralized log management and analysis

Bug Fixes 🐛

• Fixed excessive error logging in rate limiter - Rate limiter failures no longer generate unnecessary error logs, reducing log noise
• Fixed typos in CLI OpenAPI merge functionality - Corrected command syntax issues that prevented proper OpenAPI specification merging
• Fixed tunnel list command authentication - The tunnel-list command now properly supports the updated authentication mechanism
• Fixed AWS Lambda handler query string handling - Multi-value query strings are now correctly parsed and passed to Lambda functions

Documentation 📚

• Added documentation for Fine-Grained Authorization (FGA) policy - Learn how to implement fine-grained access control using OpenFGA

Other Changes 🔄

• Added build script to Zudoku template - The developer portal template now includes a build script for easier deployment
• Fixed API quota documentation - Updated quota configuration examples and clarified usage limits

Federated Identity increases the security of your Zuplo API by removing the need to share sensitive service account keys with your Zuplo API. Instead, Zuplo will use the Zuplo Identity Token to authenticate with Google Cloud Services on your behalf.

A new policy has been added to Zuplo that enables Federated Identity with Google Cloud Services. By utilizing this policy developers can secure their GCP API or other Google Cloud Resources (Storage, Pub/Sub, etc.) with GCP IAM and allow Zuplo to call these services on their behalf.

Federated Identity with GCP is available as a paid-addon to customers on enterprise plans. Contact your account manager or sales@zuplo.com to inquire about pricing.

For more information on how to configure Federated Identity with GCP, see the Federated Identity with GCP documentation.

We added a new plugin for API Brownouts, which allows developers to simulate outages of their API. This is useful for migrating users off of old versions of their API. You can read more about API Brownouts in our blog post here.

To learn more, please view our Policy documentation.

We have added a new plugin for Curity Phantom Tokens, which allows developers to take advantage of the Curity Identity Management solution. This plugin uses Curity's unique Phantom Token approach which is a privacy-preserving token usage pattern for microservices. It combines the benefits of opaque and structured tokens. To read more about phantom tokens see this document.

To learn more, please view our Policy documentation.

The new Request Body Validation policy allows validating incoming request bodies based on the schema in your OpenAPI file. This policy can be configured to reject requests with invalid body schemas or write logs to your preferred logging provider.

The Request Validation policy no supports validation of headers, query strings, and URL parameters.

The Mock API Response policy enables rapid mocking of an API using the examples inside of your OpenAPI document. Return a single example or random examples to build a proof-of-concept for your API or enable clients to begin development while the backend is being built out.