Zuplo Changelog
We release improvements, new features, and fixes daily. Follow along here to see the most important updates.
Federated Identity increases the security of your Zuplo API by removing the need to share sensitive service account keys with your Zuplo API. Instead, Zuplo will use the Zuplo Identity Token to authenticate with Google Cloud Services on your behalf.
A new policy has been added to Zuplo that enables Federated Identity with Google Cloud Services. By utilizing this policy developers can secure their GCP API or other Google Cloud Resources (Storage, Pub/Sub, etc.) with GCP IAM and allow Zuplo to call these services on their behalf.
Federated Identity with GCP is available as a paid-addon to customers on enterprise plans. Contact your account manager or sales@zuplo.com to inquire about pricing.
For more information on how to configure Federated Identity with GCP, see the Federated Identity with GCP documentation.
We added a new plugin for API Brownouts, which allows developers to simulate outages of their API. This is useful for migrating users off of old versions of their API. You can read more about API Brownouts in our blog post here.
To learn more, please view our Policy documentation.
We have added a new plugin for Curity Phantom Tokens, which allows developers to take advantage of the Curity Identity Management solution. This plugin uses Curity's unique Phantom Token approach which is a privacy-preserving token usage pattern for microservices. It combines the benefits of opaque and structured tokens. To read more about phantom tokens see this document.
To learn more, please view our Policy documentation.
The new Request Body Validation policy allows validating incoming request bodies based on the schema in your OpenAPI file. This policy can be configured to reject requests with invalid body schemas or write logs to your preferred logging provider.
The Request Validation policy no supports validation of headers, query strings, and URL parameters.
The Mock API Response policy enables rapid mocking of an API using the examples inside of your OpenAPI document. Return a single example or random examples to build a proof-of-concept for your API or enable clients to begin development while the backend is being built out.
Proxy data or services from Firestore through Zuplo using two new policies.
- Upstream Firebase Admin Auth - authorizes requests using a Firebase Admin Token that can be used to call any Firebase API.
- Upstream Firebase User Auth - authorizes requests as a specific user which allows securing Firebase resources using security rules
