Policies

Policy Catalog

Zuplo includes policies for any solution you need for securing and sharing your API. See the policy introduction to learn about using policies.

In addition to the built-in policies, Zuplo is fully programmable so developers can simply write code to customize any aspect of Zuplo.

Plan:

Inbound Policies

A/B Test Inbound

Access Control List

Add or Set Query Parameters

Add or Set Request Headers

Amberflo Metering / Billing

API Key Authentication

Archive Request to AWS S3

Archive Request to Azure Storage

Archive Request to GCP Storage

Add-On

Audit Logs

Auth0 JWT Auth

AuthZEN Authorization

AWS Cognito JWT Auth

Axiomatics Authorization

Clear Request Headers

Clerk JWT Auth

Add-On

Complex Rate Limiting

Composite Inbound (Group Policies)

Curity Phantom Token Auth

Custom Code Inbound

Firebase JWT Auth

Form Data to JSON

Geo-location filtering

GraphQL Complexity Limit

GraphQL Disable Introspection

Moesif Analytics & Billing

Add-On

mTLS Auth

Okta FGA Authorization

Okta JWT Auth

OpenFGA Authorization

OpenMeter

PropelAuth JWT Auth

Query Parameter to Header

Remove Query Parameters

Remove Request Headers

Transform Request Body

Upstream Azure AD Service Auth

Upstream Firebase Admin Auth

Upstream Firebase User Auth

Add-On

Upstream GCP Federated Auth

Upstream GCP Self-Signed JWT

Upstream GCP Service Auth

Add-On

Upstream Zuplo JWT

Web Bot Auth

Outbound Policies

A/B Test Outbound

Archive Response to AWS S3

Archive Response to Azure Storage

Clear Response Headers

Composite Outbound (Group Policies)

Custom Code Outbound

GraphQL Introspection Filter

HTTP Deprecation

Prompt Injection Detection

Remove Response Headers

Replace String in Response Body

Secret Masking

Set Headers

Set Status Code

Transform Response Body

XML to JSON Outbound

Edit this page

Last modified on October 3, 2025

Rename/Move Project Policy Fundamentals