Monetization Policy Reference
The MonetizationInboundPolicy is the gateway enforcement mechanism. It runs on
every request to a protected route, authenticates the API key, checks the
customer's subscription and payment status, enforces quota, meters the request,
and allows or blocks access.
Working with monetization in code? See Reading Subscription Data to inspect the plan and entitlements, Dynamic Metering to set meter values at runtime, and Programmatic Monetization to gate operations by plan.
Basic configuration
Add the policy to your policies.json:
Code
Then reference it in your route's inbound policy pipeline:
Code
The MonetizationInboundPolicy handles API key authentication internally. It
reads the API key from the Authorization header, validates it, and sets
request.user. You do not need a separate API key authentication policy
(api-key-inbound) on monetized routes — the monetization policy replaces it.
Configuration options
| Option | Type | Default | Description |
|---|---|---|---|
meters | object | (none) | Map of meter keys to increment values |
meterOnStatusCodes | string or number[] | "200-299" | Status code range to meter |
authHeader | string | "authorization" | Header to read the API key from |
authScheme | string | "Bearer" | Expected auth scheme prefix |
cacheTtlSeconds | number | 60 | How long to cache subscription data (minimum 60s) |
meters
The meters option defines which meters to increment and by how much when a
request is processed. Values must be non-negative numbers.
If meters is omitted, the policy still authenticates the API key and validates
the subscription's payment status, but no usage is recorded. If meters is
provided, it must contain at least one entry — an empty object throws a
configuration error. To track usage at runtime instead of from static config,
see the Dynamic Metering guide.
Code
meterOnStatusCodes
Controls which responses count toward metering. By default, only successful responses (2xx) are metered.
Code
The wildcard "*" is not a valid value for meterOnStatusCodes and throws a
configuration error. Use a specific range like "200-599" if you want to meter
most responses.
This is important for fairness: if your backend returns a 500 error, you probably don't want to charge the customer for that request.
authHeader
The header to read the API key from. Defaults to "authorization".
authScheme
The expected auth scheme prefix. Defaults to "Bearer". The policy expects the
header value in the format {authScheme} {apiKey}.
cacheTtlSeconds
How long to cache subscription and entitlement data, in seconds. Defaults to
60 with a minimum of 60. Increasing this value reduces calls to the gateway
service but means entitlement changes take longer to propagate.
Subscription and payment validation
The policy checks payment status on every request. Access is granted when:
- The subscription is active and not expired
- Payment status is
paidornot_required(free plans)
When payment fails, a configurable grace period (default 3 days) allows continued access while retries are attempted. After the grace period, access is blocked until payment succeeds.
The grace period resolves in this order, with each level overriding the one below it:
- Customer metadata —
zuplo_max_payment_overdue_dayson the customer - Plan metadata —
zuplo_max_payment_overdue_dayson the plan - Bucket configuration —
maxPaymentOverdueDayson the bucket's monetization configuration - Default —
3days
Set the value to 0 to block requests immediately when payment is overdue.
Read the subscription's plan, entitlements, and payment status in your own code
with getSubscriptionData.
Multiple policies for different routes
Different routes can have different metering configurations. Define multiple
policy instances in policies.json:
Code
Apply each to the appropriate routes:
Code
Dynamic metering
For variable-cost endpoints — billing by tokens returned, records processed, or
any value computed at runtime — set meter values from code with setMeters,
addMeters, and getMeters instead of static config. See the
Dynamic Metering guide for the full API and merge
rules, and Programmatic Monetization for
gating operations and enforcing quotas on runtime meters.
Error responses
The policy returns 403 Forbidden for all error conditions. Responses follow
the RFC 7807 Problem Details format:
Code
Common error details:
| Condition | detail message |
|---|---|
| No auth header | "No Authorization Header" |
| Wrong auth scheme | "Invalid Authorization Scheme" |
| Empty key after the auth scheme | "No key present" |
| Cached invalid key or 401 | "Authorization Failed" |
| Invalid API key | "API Key is invalid or does not have access to the API" |
| Expired API key | "API Key has expired." |
| Expired subscription | "API Key has an expired subscription." |
| Subscription has no payment | "Subscription payment status is not available." |
| Payment not made | "Payment has not been made." |
| Payment overdue | "Payment is overdue. Please update your payment method." |
| Subscription has no entitlements | "Subscription entitlements are not available." |
| Meter not in subscription | "API Key does not have \"X\" meter provided by the subscription." |
| Quota exhausted | "API Key has exceeded the allowed limit for \"X\" meter." |
| Meter access denied | "API Key does not have access to \"X\" meter." |
Pipeline ordering
The monetization policy should be the first policy in the inbound pipeline since it handles authentication:
Code
If you still want per-second or per-minute rate limiting on top of monthly quotas, add a standalone rate-limiting policy after the monetization policy. These serve different purposes: monetization enforces billing quotas, while rate limiting protects against traffic spikes.
Related guides
- Reading Subscription Data — inspect the plan, entitlements, and payment status in code.
- Dynamic Metering — set meter values at runtime with
setMeters,addMeters, andgetMeters. - Programmatic Monetization — gate operations by plan and enforce quotas on response-derived meters.