Developer Portal

Config (dev-portal.json)

The dev-portal.json file is the code that drives most of the configuration of your Zuplo Gateway. The primary uses of the dev-portal.json file are:

  • Enabling or disabling features of the Developer Portal
  • Setting custom values to various configuration
  • Mapping environment variables to settings


The dev-portal.json file can be edited through a more rich experience in the Zuplo Portal.

Below is an example of a dev-portal.json file that is used to configure custom authentication to the Developer Portal.

{ "enableAuthentication": true, "requireAuthentication": false, "generateExamples": true, "authentication": { "issuer": "", "provider": "okta", "clientId": "XXXXXXXXXXXX", "audience": "api://my-api" } }


  • enabled - Determines whether the Developer Portal is enabled or disabled. Default: true
  • pageTitle - The title of the Developer Portal as seen in the tabs of most browsers. Default: Zuplo Dev Portal.
  • faviconUrl - The icon or 'favicon' for your Developer Portal, as seen in the tabs of most browsers. This should be a full, valid https URL. Default:
  • sitePathname - The path on your gateway's domain at which the Developer Portal is accessed. By default it is '/docs' but you can customize this to be anything nested in the root folder. Note, it must start with a / but cannot be / alone.
  • generateExamples - Use the schema property on your route's requestBody and responses entries to generate example request and response bodies in the Developer Portal.
  • enableAuthentication - Do you want to enable sign-in to your Developer Portal? This is required to enable self-serve of API keys. You must select an Auth Provider if this is enabled - by default we give you a demo Auth0 configuration (you should not use this in production).
  • requireAuthentication - If set to true, all users are required to authenticate to your Developer Portal. Users who navigate to your Developer Portal will immediately be directed to the login page. The developer portal will not be accessible to anonymous users (including bots such as Google's crawler).
  • authentication - Authentication settings. Checkout the setup guide to get started.
    • provider - Choose your preferred identity provider (Auth0, Okta, etc.). Note, we provide you with a demonstration identity provider - this is fine for learning how Zuplo works but should not be used in production or on real APIs.
    • issuer - The full URL of the authorization server (e.g. This must be a https URL.
    • clientId - The OAuth Client ID used by the Developer Portal for the Authorization Code OAuth flow
    • audience - The audience of you Zuplo API

Mapping environment variables to settings#

Environment variables can be used instead of hard-coded settings inside of the dev-portal.json file. This is the best practice when setting secret values like apiKey. Using environment variables is also useful when settings change by environment. For example, if you use different OAuth Clients depending on environment.

Any whole value in the dev-portal.json file can be substituted for an environment variable. Substitution is done by setting the string value to $env(ZUPLO_PUBLIC_MY_VARIABLE_NAME) where ZUPLO_PUBLIC_MY_VARIABLE_NAME is the name of your config or secret environment variable. Variable names must start with ZUPLO_PUBLIC in order to be substituted.

Below is an example dev-portal.json file with several values substituted by environment variables.

{ "enableAuthentication": true, "authentication": { "issuer": "$env(ZUPLO_PUBLIC_OKTA_ISSUER)", "provider": "okta", "clientId": "$env(ZUPLO_PUBLIC_OKTA_CLIENT_ID", "audience": "api://my-api" } }
Sidebar Configuration