ZuploZuplo
LoginStart for Free
  • Documentation
  • API Reference
Introduction
Getting Started
    Develop on the web portal
      1 - Setup Your Gateway2 - Rate Limiting3 - API Key Auth4 - Deploy5 - Dynamic Rate LimitingDynamic MCP Server - Quickstart
    Develop locally with the CLI
      1 - Setup Your Gateway2 - Rate Limiting3 - API Key Auth4 - Deploy5 - Dynamic Rate LimitingDynamic MCP Server - Quickstart
Concepts
Development
Policies
Handlers
API Keys
Rate Limiting
MCP Server
MCP Gateway
AI Gateway
Developer Portal
Monetization
GraphQL
    OverviewSet up an endpointSecure your GraphQL APICache responses
Deploying & Source Control
Analytics
Observability
Networking & Infrastructure
Account Management
Programming API
Build with AI
Zuplo CLI
Migration Guides
Platform LimitsSecuritySupportTrust & ComplianceChangelog
powered by Zudoku
GraphQL

GraphQL support on Zuplo

Zuplo treats GraphQL as a first-class backend. Proxy your existing GraphQL server through the gateway, then layer on security, caching, analytics, and documentation using policies built for the GraphQL request shape — where every operation is a POST to a single URL, so URL-based gateway features don't apply.

This page summarizes what Zuplo supports for GraphQL and links to each guide and policy reference.

New here?

Start with Set up an endpoint to proxy your GraphQL API through the gateway, then come back to layer on the capabilities below.

Connect and route

Proxy any GraphQL server through a POST /graphql route using the URL Rewrite handler. The Route Designer ships a GraphQL Endpoint template, and the x-graphql route extension marks a route as GraphQL so the gateway and Dev Portal treat it accordingly.

  • Set up an endpoint — add or mark a GraphQL route

Secure the endpoint

GraphQL's flexibility is also its attack surface: a single request can nest arbitrarily deep, fan out into thousands of resolver calls, or map your whole schema through introspection. Zuplo closes these gaps at the edge.

RiskWhat Zuplo does
Deep / costly queryReject queries over a depth or complexity score
Schema discoveryBlock introspection in production
Schema over-sharingStrip chosen types and fields from introspection
  • Secure your GraphQL API — complexity limits and introspection controls

Accelerate with caching

A normal CDN keys on the URL, so it can't cache GraphQL queries sent as request bodies. The GraphQL cache parses each query, normalizes it into a canonical form, and serves semantically identical queries from one edge cache entry.

  • Cache GraphQL responses — serve repeated queries from the edge

Observe traffic

Report GraphQL operations and their errors to analytics, even when the upstream returns errors inside a 200 response. The GraphQL analytics dashboard surfaces operation volume, latency, and error classes once traffic flows.

  • GraphQL analytics — monitor operations, latency, and errors

Document in the Dev Portal

The @zudoku/plugin-graphql package renders a browsable type reference and an interactive playground in your Dev Portal, generated from your schema or a live endpoint. Register one instance per API.

  • Document the API in your Dev Portal — add the GraphQL plugin

Expose GraphQL to AI agents

Turn GraphQL queries into MCP tools so AI agents can call your API through the Model Context Protocol, with the same policies and auth applied.

  • MCP Server GraphQL endpoints — expose queries as MCP tools

Policies at a glance

Every GraphQL-aware policy Zuplo ships, with its direction and purpose:

PolicyDirectionPurpose
graphql-cache-inboundInboundCache repeated queries at the edge
graphql-complexity-limit-inboundInboundReject queries that are too deep or too expensive
graphql-disable-introspection-inboundInboundBlock schema introspection in production
graphql-introspection-filter-outboundOutboundHide chosen types and fields from introspection
graphql-analytics-outboundOutboundReport operations and errors to analytics

Next steps

  • Set up an endpoint — proxy your GraphQL API through the gateway
  • Secure your GraphQL API — complexity limits and introspection controls
  • Cache GraphQL responses — cut latency with edge caching
  • MCP Server GraphQL endpoints — expose queries to AI agents
Edit this page
Last modified on June 30, 2026
Custom MonetizationSet up an endpoint
On this page
  • Connect and route
  • Secure the endpoint
  • Accelerate with caching
  • Observe traffic
  • Document in the Dev Portal
  • Expose GraphQL to AI agents
  • Policies at a glance
  • Next steps