Scale your APIs with
confidence.

Start for free or book a demo with our team.
Book a demoStart for Free
SOC 2 TYPE 2High Performer Spring 2025Momentum Leader Spring 2025Best Estimated ROI Spring 2025Easiest To Use Spring 2025Fastest Implementation Spring 2025

Get Updates From Zuplo

Zuplo logo
© 2026 zuplo. All rights reserved.
Products & Features
API ManagementAI GatewayMCP ServersMCP GatewayDeveloper PortalRate LimitingOpenAPI NativeGitOpsProgrammableAPI Key ManagementMulti-cloudAPI GovernanceMonetizationSelf-Serve DevX
Developers
DocumentationBlogLearning CenterCommunityChangelogIntegrations
Product
PricingSupportSign InCustomer Stories
Company
About UsMedia KitCareersStatusTrust & Compliance
Privacy PolicySecurity PoliciesTerms of ServiceTrust & Compliance
Docs
Pricing
Sign Up
Login
ContactBook a demoFAQ
Zuplo logo
DocsPricingSign Up
Login

Changelog

We release improvements, new features, and fixes daily. Follow along here to see the most important updates.

ALL
DEV PORTAL
DOCS
CLI
MONETIZATION
POLICY
PORTAL
RUNTIME
SECURITY
Sep 1, 2025

Managed DDoS Protection

SECURITY

Zuplo provides automatic DDoS (Distributed Denial of Service) protection for all APIs deployed on the platform. This service detects and mitigates attacks in real-time, ensuring your APIs remain available even under attack.

No configuration required - protection is active immediately upon deployment.

Key Features

  • Always-on protection against both network (Layer 3/4) and application (Layer 7) attacks
  • Multi-layered defense covering UDP floods, SYN floods, HTTP floods, and slowloris attacks
  • Smart detection with minimal false positives to keep legitimate traffic flowing
  • Unmetered protection with no bandwidth limits during attacks
  • Cost protection - blocked malicious requests don't count toward your usage limits

Protection Levels

  • Working Copy environments: Medium sensitivity by default
  • Preview/Production environments: Medium sensitivity with Enterprise customization options
  • Enterprise add-on: Four sensitivity levels (High, Medium, Low, Essentially Off) with advanced analytics and custom rule configuration

How It Works

The system analyzes traffic patterns in real-time, examining request rates, IP reputation, geographic distribution, and behavioral anomalies. When attacks are detected, malicious traffic is automatically filtered at the edge before reaching your API.

Note: This feature is available for managed edge deployments. Customers using managed dedicated deployments should refer to the Managed Dedicated WAF Options documentation.

Jul 4, 2025

Release v6.55.0

RUNTIMESECURITYPOLICYDEV PORTALDOCS

This release introduces powerful JWT authentication capabilities with the new JWT service plugin and upstream policy, enhances MCP (Model Context Protocol) support with improved URL pattern handling and custom tools, improves developer portal redirect handling, and includes numerous documentation updates across our policy suite.

New Features 🎉

  • JWT Service Plugin - Added a new JWT service plugin that enables advanced JWT token generation and management capabilities within Zuplo. This plugin provides developers with tools to create, sign, and manage JWT tokens directly in their API gateway workflows. Learn more about JWT authentication

  • Zuplo JWT Auth Upstream Policy - Introduced a new upstream policy specifically designed for JWT authentication. This policy simplifies the process of securing backend services with JWT tokens, providing seamless integration with existing authentication systems. Read about Policy

  • MCP Spec Support for 2025-06-18 - Updated MCP (Model Context Protocol) support to comply with the latest specification version 2025-06-18, ensuring compatibility with the newest features and improvements in the protocol. Explore MCP Capabilities

  • Enhanced MCP Server Logging - Improved logging capabilities for MCP servers, providing better visibility into server operations and making it easier to debug and monitor MCP-based integrations. Explore MCP Capabilities

  • Multi-Factor Authentication (MFA) Support - Enhanced security with new MFA configuration endpoints and login validation. This includes the ability to enforce MFA at the account level and manage MFA settings through dedicated API endpoints. Read about MFA

Bug Fixes 🐛

  • MCP URL Path Pattern Unification - Fixed inconsistencies in URL path pattern handling when invoking routes on the gateway, ensuring more reliable routing for MCP-based services.

  • Developer Portal Redirect Issue - Resolved an issue with developer portal redirects that was causing incorrect navigation behavior in certain scenarios. Migrating to the new Zuplo developer portal

  • MCP Schema Defaults Update - Updated the default values for includeOutputSchema and includeStructuredContent to better align with common use cases and improve developer experience.

  • OpenMeter Policy Fix - Resolved issues with the OpenMeter policy to ensure accurate metering and usage tracking for API monetization scenarios.

Documentation 📚

Comprehensive documentation updates were made across multiple policy configurations to improve clarity and provide better examples.

May 5, 2025

Support for Multifactor Authentication (MFA)

PORTALSECURITY

You can now enable multifactor authentication (MFA) to add an extra layer of security to your Zuplo account. MFA requires a second form of verification, such as an authenticator app or security key, in addition to your password.

Zuplo Multifactor Authentication settings screen showing three MFA options: One-time Password, WebAuthn with FIDO Security Keys (enrolled), and WebAuthn with FIDO Device Biometrics. Each option has an Enroll or Remove button.

To enable MFA:

  • Go to your user profile by clicking your avatar in the top right corner of the Zuplo Portal and selecting Profile
  • Find the Multifactor Authentication section
  • Click Enroll on the method you want to use (authenticator app or security key)
  • Follow the setup instructions for your chosen method

Once enabled, you'll be prompted to enter your second factor when logging in to you Zuplo account.

For more details, see the Multifactor Authentication documentation.

Jun 5, 2024

Role-Based Access Control (RBAC)

PORTALSECURITY

Role-Based Access Control allows you to assign specific roles to users who access the Zuplo Portal. These roles determine the permissions that users have and the actions they can perform. For example, you can assign roles such as "Admin", "Developer", or "Viewer", each with different levels of access to resources and functionality.

With RBAC, you can:

  • Assign roles to users based on their responsibilities and access requirements.
  • Limit access to production resources to only select users.
  • Enable more users access to the Zuplo Portal, such as API Analytics, without compromising security.

See the Account Members & Roles documentation for more information.

Account Members

Jun 5, 2024

Fine-Grained API Keys

PORTALSECURITY

Developers can use Zuplo's CLI and API to automate tasks with the Zuplo platform. For example, you can create a custom CI/CD process to publish your Zuplo API or automate the management of environment variables. Previously, each account had only a single API key, which granted full access to all resources and functionality. With Fine-Grained API Keys, you can create multiple API keys with limited permissions.

These new capabilities allow:

  • Create API keys with specific permissions for specific tasks, environments, or projects.
  • Set expiration dates on API Keys to ensure that they are only valid for a limited time.
  • Administrators can view and manage all API keys in the Zuplo portal to maintain security of their resources.

See the Zuplo API Key documentation for more information.

Create API Key