TypeScript Policies
Write custom request and response policies in TypeScript — familiar, type-safe, and reviewed alongside your application code.
Customization
TypeScript-Programmable API Gateway
Write custom gateway logic in TypeScript. No proprietary DSLs, no cURL commands — just familiar, type-safe code that runs at the edge.
Full Request Context
Access the full request, response, user, API key metadata, and environment variables in your policy code.
Runs at the Edge
Your custom code runs at the edge in 300+ locations, adding zero latency to policy execution.
Customization
Custom Request Policies
Write TypeScript functions that intercept incoming requests. Transform headers, validate custom logic, enrich requests with data from external APIs, or implement any business rule your API requires.
Learn more in the docs
Customization
Custom Response Policies
Transform or enrich API responses before they're returned to the caller. Add headers, modify response bodies, implement caching logic, or format responses for different client types.
Learn more in the docs
Customization
Reusable Policy Library
Share policies across routes and projects. Publish internal policies as npm packages and use them across your organization's API gateways.
Learn more in the docs
Frequently Asked Questions
Common questions about Programmable Gateway.
What TypeScript/Node.js APIs are available in policies?
Zuplo policies run in the WinterTC (WinterCG) runtime, which supports the Fetch API, Web Streams, Crypto API, and other web-standard APIs. Most modern TypeScript patterns work out of the box.
Can I use npm packages in my policies?
Yes. You can import any npm package that is compatible with the WinterCG runtime. Most utility libraries and HTTP clients work without modification.
How do I test my custom policies?
Zuplo policies are standard TypeScript functions that can be unit tested with any test framework (Jest, Vitest, etc.). You can also use branch preview environments to test policies end-to-end before deploying to production.
Is there a performance penalty for custom policies?
No significant penalty. Policies run in the same edge runtime as Zuplo's built-in policies. Execution overhead is typically sub-millisecond for simple policies.
Ready to get started?
Join thousands of developers who trust Zuplo to secure, scale, and monetize their APIs.