Zuplo Changelog

This release introduces powerful JWT authentication capabilities with the new JWT service plugin and upstream policy, enhances MCP (Model Context Protocol) support with improved URL pattern handling and custom tools, improves developer portal redirect handling, and includes numerous documentation updates across our policy suite.

New Features 🎉#

• JWT Service Plugin - Added a new JWT service plugin that enables advanced JWT token generation and management capabilities within Zuplo. This plugin provides developers with tools to create, sign, and manage JWT tokens directly in their API gateway workflows. Learn more about JWT authentication

• Zuplo JWT Auth Upstream Policy - Introduced a new upstream policy specifically designed for JWT authentication. This policy simplifies the process of securing backend services with JWT tokens, providing seamless integration with existing authentication systems. Read about Policy

• MCP Spec Support for 2025-06-18 - Updated MCP (Model Context Protocol) support to comply with the latest specification version 2025-06-18, ensuring compatibility with the newest features and improvements in the protocol. Explore MCP Capabilities

• Enhanced MCP Server Logging - Improved logging capabilities for MCP servers, providing better visibility into server operations and making it easier to debug and monitor MCP-based integrations. Explore MCP Capabilities

• Multi-Factor Authentication (MFA) Support - Enhanced security with new MFA configuration endpoints and login validation. This includes the ability to enforce MFA at the account level and manage MFA settings through dedicated API endpoints. Read about MFA

Bug Fixes 🐛#

• MCP URL Path Pattern Unification - Fixed inconsistencies in URL path pattern handling when invoking routes on the gateway, ensuring more reliable routing for MCP-based services.

• Developer Portal Redirect Issue - Resolved an issue with developer portal redirects that was causing incorrect navigation behavior in certain scenarios. Migrating to the new Zuplo developer portal

• MCP Schema Defaults Update - Updated the default values for includeOutputSchema and includeStructuredContent to better align with common use cases and improve developer experience.

• OpenMeter Policy Fix - Resolved issues with the OpenMeter policy to ensure accurate metering and usage tracking for API monetization scenarios.

Documentation 📚#

Comprehensive documentation updates were made across multiple policy configurations to improve clarity and provide better examples.

You can now enable multifactor authentication (MFA) to add an extra layer of security to your Zuplo account. MFA requires a second form of verification, such as an authenticator app or security key, in addition to your password.

To enable MFA:

• Go to your user profile by clicking your avatar in the top right corner of the Zuplo Portal and selecting Profile
• Find the Multifactor Authentication section
• Click Enroll on the method you want to use (authenticator app or security key)
• Follow the setup instructions for your chosen method

Once enabled, you'll be prompted to enter your second factor when logging in to you Zuplo account.

For more details, see the Multifactor Authentication documentation.

Role-Based Access Control allows you to assign specific roles to users who access the Zuplo Portal. These roles determine the permissions that users have and the actions they can perform. For example, you can assign roles such as "Admin", "Developer", or "Viewer", each with different levels of access to resources and functionality.

With RBAC, you can:

• Assign roles to users based on their responsibilities and access requirements.
• Limit access to production resources to only select users.
• Enable more users access to the Zuplo Portal, such as API Analytics, without compromising security.

See the Account Members & Roles documentation for more information.

Developers can use Zuplo's CLI and API to automate tasks with the Zuplo platform. For example, you can create a custom CI/CD process to publish your Zuplo API or automate the management of environment variables. Previously, each account had only a single API key, which granted full access to all resources and functionality. With Fine-Grained API Keys, you can create multiple API keys with limited permissions.

These new capabilities allow:

• Create API keys with specific permissions for specific tasks, environments, or projects.
• Set expiration dates on API Keys to ensure that they are only valid for a limited time.
• Administrators can view and manage all API keys in the Zuplo portal to maintain security of their resources.

See the Zuplo API Key documentation for more information.