Zuplo Changelog

This release introduces improved support for special characters in OpenAPI URL paths, adds redirect functionality to the URL forward handler, and includes important compatibility date changes that affect log initialization.

Breaking Changes 🛠#

Breaking changes are always behind a compatibility date

• Enhanced support for special characters in OpenAPI URL paths - Zuplo now properly handles special characters in OpenAPI-formatted URL paths, improving compatibility with APIs that use non-standard characters in their routes. This change ensures better compliance with OpenAPI specifications and more flexible path matching. See our advanced path matching documentation for more details.

• Legacy log initialization removed for compatibility date 2025-02-06 - Starting with compatibility date 2025-02-06, the legacy log initialization system has been removed in favor of the modern logging infrastructure. This change provides better performance and more consistent logging behavior across your API gateway.

New Features 🎉#

• URL forward handler now supports redirects - The URL forward handler has been enhanced with a new option to handle HTTP redirects. This feature allows you to configure whether the handler should follow redirects automatically or return the redirect response to the client, giving you more control over how your API gateway handles upstream redirect responses.

The wave of fresh logging plugins continues this week with the addition of Splunk. Now available for use direct from your Zuplo API project.

To add the Splunk logging plugin to your Zuplo project, add the following code to your zuplo.runtime.ts file. Set the url parameter to your Splunk HEC endpoint and the token parameter to your Splunk HEC token.

import {
  RuntimeExtensions,
  SplunkLoggingPlugin,
  environment,
} from "@zuplo/runtime";

export function runtimeInit(runtime: RuntimeExtensions) {
  runtime.addPlugin(
    new SplunkLoggingPlugin({
      // For Splunk Cloud
      url: "https://<your-instance>.splunkcloud.com:8088/services/collector",
      token: environment.SPLUNK_TOKEN,
      // Channel ID for Splunk HEC with indexer acknowledgment
      channel: "FE0ECFAD-13D5-401B-847D-77833BD77131",
      // Optional parameters with defaults
      index: "main",
      sourcetype: "json",
      host: "zuplo-api",
      fields: {
        environment: "production",
        application: "my-api",
      },
    }),
  );
}

As with all our loggers, the Splunk Plugin supports custom fields via the fields object, in addition to the standard fields.

Full details can be found in the documentation.

We have added the ability to specify redirect behavior for the URL Forward handler using a new forwardRedirects option.

You can implement this manually from routes.oas.json in your Zuplo project by adding it to the options object for urlForwardHandler on any route you want to use it on.

"paths": {
  "/v1/links": {
    "x-zuplo-path": {
      "pathMode": "open-api"
    },
    "get": {
      "summary": "Gets a list of links",
      "x-zuplo-route": {
        "corsPolicy": "none",
        "handler": {
          "export": "urlForwardHandler",
          "module": "$import(@zuplo/runtime)",
          "options": {
            "baseUrl": "${env.BASE_URL}",
            "forwardRedirects": true
          }
        },
        "policies": {
          "inbound": []
        }
      }
    }
  }
}

When set to false or not specified, redirects won't be followed - the status and location header will be returned as received.

We’ve introduced a new default compatibility date for projects created after
March 27, 2025, which includes some breaking changes that improve the overall behavior of Zuplo APIs.

The new default compatibility date is 2025-02-06.

Previously, special characters in open-api formatted URLs were not escaped. This led to unintended behavior where regex patterns could be included, even though OpenAPI format URLs don’t support regex. This has now been fixed—all special characters are escaped.

Additionally, some Zuplo log plugins could be enabled using undocumented environment variables and special properties on context.custom to set global log attributes.

These legacy features, which predate the current plugin system, have now been removed.

Log plugins should now be enabled using the documented plugin system.

For full details on compatibility dates and the changes they include, see our documentation.

This release introduces new logging integrations with New Relic and Splunk, fixes several issues with the CLI and runtime, and improves documentation for fine-grained authorization policies.

New Features 🎉#

• Added New Relic logging and metrics plugin - Enable comprehensive observability by sending logs and metrics to New Relic for monitoring and analysis
• Added Splunk log transport - Stream your API logs directly to Splunk for centralized log management and analysis

Bug Fixes 🐛#

• Fixed excessive error logging in rate limiter - Rate limiter failures no longer generate unnecessary error logs, reducing log noise
• Fixed typos in CLI OpenAPI merge functionality - Corrected command syntax issues that prevented proper OpenAPI specification merging
• Fixed tunnel list command authentication - The tunnel-list command now properly supports the updated authentication mechanism
• Fixed AWS Lambda handler query string handling - Multi-value query strings are now correctly parsed and passed to Lambda functions

Documentation 📚#

• Added documentation for Fine-Grained Authorization (FGA) policy - Learn how to implement fine-grained access control using OpenFGA

Other Changes 🔄#

• Added build script to Zudoku template - The developer portal template now includes a build script for easier deployment
• Fixed API quota documentation - Updated quota configuration examples and clarified usage limits

We've expanded our range of third-party logging plugins yet again—this time with the addition of New Relic.

Full details can be found in the documentation, but usage follows the same pattern as all the other loggers.

Add the plugin to the Zuplo runtime and configure your options.

import {
  RuntimeExtensions,
  NewRelicLoggingPlugin,
  environment,
} from "@zuplo/runtime";

export function runtimeInit(runtime: RuntimeExtensions) {
  runtime.addPlugin(
    new NewRelicLoggingPlugin({
      // Optional, defaults to "https://log-api.newrelic.com/log/v1"
      url: "https://log-api.newrelic.com/log/v1",
      apiKey: environment.NEW_RELIC_API_KEY,
      service: "MyAPI", // Optional, defaults to "Zuplo"
      fields: {
        field1: "value1",
        field2: "value2",
      },
    }),
  );
}

As with all our loggers, the New Relic Plugin supports custom fields in addition to the standard fields.