---
title: "Best API Lifecycle Management Platforms (2026): Design, Govern, and Retire APIs Compared"
description: "Compare the best API lifecycle management platforms in 2026. We evaluate Zuplo, Kong, Apigee, MuleSoft, AWS, Azure, Tyk, Gravitee, WSO2, Postman, and SwaggerHub."
canonicalUrl: "https://zuplo.com/learning-center/best-api-lifecycle-management-platforms-2026"
pageType: "learning-center"
authors: "nate"
tags: "API Lifecycle Management"
image: "https://zuplo.com/og?text=Best%20API%20Lifecycle%20Management%20Platforms%20(2026)"
---
Managing an API doesn't end when you deploy it. The real challenge is everything
that comes before and after: designing a spec that won't break consumers,
governing changes across teams, versioning without disruption, and eventually
[sunsetting endpoints](/learning-center/how-to-sunset-an-api) gracefully. That's
[API lifecycle management](/learning-center/api-lifecycle-strategies) — and in
2026, the platforms that handle it well look very different from the ones that
just proxy traffic.

If you want a platform that covers the full lifecycle — design through
deprecation — in a single developer-friendly package, [Zuplo](https://zuplo.com)
is the strongest option available today.
[Get started free](https://portal.zuplo.com/signup).

This guide evaluates eleven platforms on how well they support every stage of
the API lifecycle, not just the runtime middle. If you're looking for a broader
comparison of
[API management platforms](/learning-center/best-api-management-platforms-2026)
or a focused [API gateway comparison](/learning-center/best-api-gateways-2026),
we've published dedicated guides for those as well.

## What API Lifecycle Management Covers in 2026

The API lifecycle isn't a marketing concept — it's the sequence of stages every
API passes through, whether you manage them intentionally or not.

- **Design**: Author an OpenAPI spec, define schemas, agree on contracts before
  writing code
- **Develop**: Implement handlers, write policies, connect to backends
- **Test**: Validate contracts in CI, run integration tests against preview
  environments
- **Publish**: Deploy to production, generate a developer portal, distribute API
  keys
- **Govern**: Enforce authentication, rate limiting, input validation, and
  compliance rules at runtime
- **Version**: Ship breaking changes safely with URL-based versioning and
  parallel version support
- **Deprecate**: Signal retirement with HTTP deprecation and sunset headers, run
  brownout windows, and migrate consumers

A true lifecycle management platform helps you at every stage. Many tools
labeled "lifecycle platforms" only cover two or three of these — typically
develop, publish, and govern. The gaps at the edges (design-time validation and
end-of-life management) are where teams accumulate the most technical debt.

## How We Evaluated These Platforms

We assessed each platform across seven criteria that map to the lifecycle stages
above.

- **OpenAPI-first design** — Does the platform use the OpenAPI spec as the
  native configuration format, or does it treat specs as a one-time import?
- **CI/CD and GitOps** — Can you validate, test, and deploy API changes through
  a standard Git workflow with branch-based environments?
- **Developer portal** — Is there a built-in portal for publishing docs, API
  keys, and usage analytics to consumers?
- **Runtime governance** — Can you enforce authentication, rate limiting, input
  validation, and custom policies at the gateway layer?
- **Versioning support** — Can you run multiple API versions simultaneously with
  a clear consumer-facing version selector?
- **Deprecation and sunset** — Does the platform support IETF-standard
  deprecation headers, sunset dates, and brownout policies?
- **Pricing model** — Is the pricing transparent and predictable, or does it
  scale unpredictably with environments, API calls, or add-on features?

## Platform Breakdown

### 1. Zuplo

**Best for**: Teams that want full lifecycle coverage — design through
deprecation — in a single platform with no infrastructure to manage.

Zuplo is an
[OpenAPI-native API gateway](/learning-center/openapi-first-api-gateway) where
the spec _is_ the configuration. Your `routes.oas.json` file defines routes,
policies, and handler bindings in a standard OpenAPI 3.1 document extended with
Zuplo-specific vendor properties (`x-zuplo-route`, `x-zuplo-path`). This
eliminates the configuration drift that plagues platforms where you import a
spec once and then manage routes separately.

**Design and validation**: Because the OpenAPI file is both the design artifact
and the runtime config, you can lint it with tools like Vacuum or Spectral in
CI. Zuplo provides a [built-in testing framework](/docs/articles/testing)
(`npx zuplo test`) for running integration tests against any deployed
environment, and you can enforce governance rules — like requiring specific
policies on every route — with custom CI linting scripts.

**Branch-based environments**: Every Git branch automatically creates a
[preview environment](/docs/articles/environments) deployed to the same 300+
edge locations as production. Environments deploy globally in under 20 seconds.
This means every pull request gets a live, testable URL before merge — no
staging environment to manage manually.

**Runtime governance**: Zuplo's
[programmable policy framework](/docs/articles/policies) lets you write custom
inbound and outbound policies in TypeScript, running in V8 isolates at the edge.
Built-in policies cover API key authentication, JWT validation, rate limiting,
request validation against your OpenAPI schemas, and more. Composite policies
bundle multiple governance rules into a reusable package that you can apply to
every route with a single reference.

**Developer portal**: A
[built-in developer portal](/docs/dev-portal/introduction) (powered by the
open-source Zudoku framework) is auto-generated from your OpenAPI spec on every
deploy. It includes an interactive API explorer, self-serve API key management,
and consumer-facing usage analytics. When you run multiple API versions via
separate `.oas.json` files, the portal automatically renders a version selector
dropdown.

**Deprecation**: Zuplo's
[HTTP Deprecation outbound policy](/docs/policies/http-deprecation-outbound)
follows the IETF HTTP Deprecation Header standard. You configure a deprecation
date, a sunset date, and a migration link — and the gateway automatically
attaches `Deprecation`, `Sunset`, and `Link` headers to every response on that
route. Pair it with a brownout policy to return periodic `503` responses on
deprecated endpoints, forcing stragglers to migrate.

**Monetization**: Zuplo's built-in
[API monetization](/docs/articles/monetization) (currently in beta) supports
metered usage tracking, tiered plans, quota enforcement, and Stripe-integrated
billing — all managed from the same platform and exposed through the developer
portal.

**Pricing**: Free tier available. Paid plans scale with projects and features,
not per-API-call metering. No per-environment fees.

---

### 2. Kong (Konnect)

**Best for**: Platform teams that need a proven runtime gateway with a large
plugin ecosystem and Kubernetes-native deployment.

Kong Gateway is one of the most widely deployed API gateways, built on NGINX
with an extensible plugin architecture supporting Lua, Go, Python, and
JavaScript. Kong Konnect adds a managed control plane, analytics, and a
developer portal (on paid tiers).

**Lifecycle strengths**: Kong's runtime governance is excellent — the plugin
ecosystem covers authentication, rate limiting, traffic control, and
observability out of the box. Kubernetes-native deployment via the Kong Ingress
Controller fits well into GitOps workflows. The Insomnia desktop app (acquired
by Kong) provides spec design and testing capabilities.

**Lifecycle gaps**: Kong's design-time and deprecation coverage is weaker. The
OpenAPI spec is not the native gateway configuration — you define routes and
plugins through Kong's own declarative config (`kong.yaml`) or Admin API, then
optionally import an OpenAPI spec. This creates a potential drift between the
spec consumers see and the routing config actually running. There's no built-in
deprecation or sunset header support. Advanced developer portal features (SSO,
audit logs) require a Konnect Enterprise subscription.

**Pricing**: Kong Konnect Plus has a published base price but total costs scale
with gateway instances, API requests, and add-on features — often reaching
$1,000+/month for production workloads. Enterprise pricing requires a sales
conversation. The open-source Kong Gateway is free but lacks the portal,
analytics, and managed control plane.

---

### 3. Google Apigee

**Best for**: Enterprises already invested in Google Cloud that need deep
analytics, AI-assisted development, and formal API lifecycle governance.

Apigee is Google Cloud's full-lifecycle API management platform. It provides
explicit lifecycle states (Design → Develop → Pre-launch → Live → Deprecated →
Retired) with role-based transitions, deep analytics, and monetization
capabilities.

**Lifecycle strengths**: Apigee covers more lifecycle stages than most
competitors. API Hub provides a centralized catalog with lifecycle tracking.
Built-in monetization supports multiple billing models. Analytics are
best-in-class for understanding API usage patterns. The APIM Operator (GA
in 2025) enables Kubernetes-native deployment.

**Lifecycle gaps**: Configuration is XML-based (proxy bundles), which creates a
steep learning curve and poor developer experience compared to TypeScript or
declarative YAML. Apigee is tightly coupled to Google Cloud — running it outside
GCP is possible with Apigee Hybrid, but adds significant operational complexity.
Environment provisioning is slow compared to branch-based systems. Pay-as-you-go
pricing starts at $20 per million API calls (for standard proxies) plus
per-environment charges, and costs can escalate quickly at scale.

**Pricing**: Pay-as-you-go scales with API call volume and environment count.
Enterprise subscription tiers range from roughly $25,000 to over $100,000+
annually depending on features and scale.

---

### 4. MuleSoft Anypoint

**Best for**: Salesforce-ecosystem enterprises that need iPaaS + API management
in one platform and are willing to invest in a comprehensive (and expensive)
integration suite.

MuleSoft Anypoint Platform combines integration (iPaaS) with API management,
offering design, build, deploy, manage, and govern capabilities across the full
API lifecycle within the Salesforce ecosystem.

**Lifecycle strengths**: Anypoint Design Center provides collaborative spec
authoring. API Governance applies rulesets from Anypoint Exchange for
design-time and runtime compliance. Anypoint Exchange serves as both an asset
catalog and a developer portal. Flex Gateway (the lightweight runtime) supports
Kubernetes and Docker deployments. Agent Fabric enables MCP and A2A protocol
support for AI-agent scenarios.

**Lifecycle gaps**: MuleSoft is deeply tied to the Salesforce ecosystem —
pricing is enterprise-only (typically $50,000+ annually, often six figures),
making it inaccessible for startups and mid-market teams. The Java-based runtime
(Mule Runtime) carries operational overhead for teams without JVM expertise.
Deployment speed and developer experience lag behind cloud-native alternatives.
Deprecation workflows exist but require custom configuration.

**Pricing**: Enterprise-only with vCore-based licensing. Contracts typically
start around $50,000/year and often reach six figures. Total cost of ownership
exceeds initial licensing due to integration specialists and infrastructure
requirements.

---

### 5. AWS API Gateway

**Best for**: Teams running serverless workloads on AWS that need a
pay-per-request gateway tightly integrated with Lambda, Cognito, and CloudWatch.

AWS API Gateway offers two flavors: REST APIs (full-featured, more expensive)
and HTTP APIs (cheaper, fewer features). It's the default choice for
Lambda-backed APIs on AWS.

**Lifecycle strengths**: Pay-per-request pricing is genuinely cost-effective for
low-to-medium traffic APIs. Deep integration with the AWS ecosystem (Lambda,
Cognito, CloudWatch, X-Ray, WAF) means you don't need third-party tools for
basic governance. AWS launched a Managed Portal in late 2025. OpenAPI import is
supported for defining routes.

**Lifecycle gaps**: AWS API Gateway is a _runtime_ tool, not a lifecycle
platform. There's no built-in spec design tooling — you author OpenAPI specs
externally and import them. The imported spec becomes AWS-specific configuration
(not a living document). There's no built-in deprecation or sunset header
support. Versioning is manual via stages or path-based routing. The developer
portal (Managed Portal) is new and limited compared to purpose-built options.
Regional deployment only — no global edge network (use CloudFront separately).
Per-environment costs add up in multi-stage setups.

**Pricing**: HTTP APIs start at $1.00 per million requests. REST APIs start at
$3.50 per million. Free tier includes 1 million HTTP API calls/month for 12
months.

---

### 6. Azure API Management

**Best for**: Microsoft-ecosystem enterprises that need a full-featured API
management platform integrated with Azure Active Directory, Azure Functions, and
Azure Monitor.

Azure API Management is a comprehensive platform with a developer portal, policy
engine, analytics, and multi-protocol support (REST, SOAP, WebSocket, GraphQL).

**Lifecycle strengths**: Built-in developer portal with customization options.
API Center provides a centralized catalog with lifecycle metadata and governance
rules. Policy engine supports XML and C# expressions for fine-grained traffic
control. OpenAI integration enables AI gateway scenarios. Supports versioning
via URL path, header, or query string with version sets.

**Lifecycle gaps**: Per-tier, per-environment pricing is expensive and
unpredictable — the Standard tier starts around $700/month per unit, and
provisioning a new environment takes 30+ minutes. Configuration is XML-based
(policies) with C# expressions, which is less developer-friendly than TypeScript
or declarative formats. The Developer tier (for testing) has strict resource
limits. No native deprecation header support. GitOps integration exists via
Azure DevOps but isn't as seamless as branch-based deployment models.

**Pricing**: Consumption tier starts at ~$4.20 per million calls. Standard tier
is ~$700/month. Premium tier starts at ~$2,800/month per unit. Each environment
(instance) incurs its own cost.

---

### 7. Tyk

**Best for**: Teams that want an open-source API gateway with native GraphQL
support and the option to self-host or use a managed cloud.

Tyk is an open-source API gateway written in Go, with a commercial dashboard,
developer portal, and analytics layer. It's one of the few gateways with native
GraphQL support (not just proxying, but schema-aware federation).

**Lifecycle strengths**: The open-source gateway is genuinely free for
self-hosted deployments. Native GraphQL support covers schema stitching and
federation. The Tyk Dashboard provides a developer portal and analytics. Tyk OAS
APIs use OpenAPI 3.0 as the API definition format. Tyk AI Studio (open-sourced
in March 2026) adds AI gateway capabilities.

**Lifecycle gaps**: Design-time tooling is limited — spec authoring happens
externally. The open-source version lacks the developer portal, dashboard
analytics, and multi-team governance features (those require the commercial
license). Self-hosting adds operational overhead (Redis dependency, separate
dashboard/gateway/pump components). No built-in deprecation or sunset header
support. GitOps workflows require custom scripting with `tykctl` or the Tyk
Operator for Kubernetes.

**Pricing**: Open-source gateway is free. Tyk Cloud starts at $600/month. Tyk
Self-Managed commercial license pricing requires a sales conversation.

---

### 8. Gravitee

**Best for**: Teams that need to manage REST, async (Kafka, MQTT), and
event-driven APIs from a single platform.

Gravitee is an API management platform recognized as a Leader in the 2025
Gartner Magic Quadrant. It stands out for its multi-protocol support, covering
REST, WebSocket, Kafka, MQTT, and other event-driven protocols in one platform.

**Lifecycle strengths**: Full lifecycle stages are modeled in the platform
(Created → Published → Deprecated → Closed). Multi-protocol support is genuinely
differentiated — most competitors only handle REST. The v4 API definition model
is more modern than many alternatives. Gravitee 4.10 added an AI Gateway and AI
IAM for MCP proxy with OAuth 2.0 support. The developer portal supports API
discovery and subscription management.

**Lifecycle gaps**: Gravitee's ecosystem is smaller than Kong's or Apigee's,
which means fewer third-party integrations and community plugins. Self-hosted
deployment requires managing multiple components (Gateway, Management API,
Management Console, Developer Portal). OpenAPI is supported but not the native
configuration format — Gravitee has its own API definition model. Documentation
and community resources are less extensive than larger competitors.

**Pricing**: Free community edition (limited features). Enterprise pricing is
not publicly listed — requires a sales conversation.

---

### 9. WSO2 API Manager

**Best for**: Government, financial services, and public-sector organizations
that need a fully open-source API management platform with no vendor lock-in.

WSO2 API Manager is an open-source, full-lifecycle API management platform with
a strong presence in regulated industries. The March 2026 release added
agent-ready API capabilities with MCP proxy and multi-gateway federation
support.

**Lifecycle strengths**: Genuinely open-source under the Apache 2.0 license — no
open-core bait-and-switch. Full lifecycle support including a publisher portal,
developer portal, analytics, and gateway. Explicit lifecycle states (Created →
Prototyped → Published → Deprecated → Retired → Blocked) with role-based
transitions. API governance with custom rulesets. Strong compliance story for
government and regulated industries.

**Lifecycle gaps**: The Java-based runtime carries significant operational
overhead — deployment, tuning, and debugging require JVM expertise. Self-hosted
deployment is complex (multiple components: Gateway, Key Manager, Traffic
Manager, Analytics). The developer experience lags behind cloud-native platforms
— configuration involves XML, admin consoles, and multi-step UI workflows.
Cloud-hosted option (Choreo) simplifies operations but reduces the flexibility
that draws teams to WSO2 in the first place.

**Pricing**: Open-source is free. WSO2 commercial support and Choreo (managed
cloud) pricing require a sales conversation.

---

### 10. Postman

**Best for**: API development teams that need best-in-class design, testing, and
collaboration tooling — paired with a separate runtime gateway for production.

Postman is the most widely used API development platform, excelling at spec
design, collection-based testing, mock servers, and team collaboration. It is
_not_ a runtime API gateway.

**Lifecycle strengths**: Unmatched developer adoption (40M+ users). Excellent
spec design and editing tools. Collection-based testing with automated test
runs. Mock servers for prototyping before implementation. Postman Flows for
visual API orchestration. AI Agent Builder and MCP support (as of 2026). API
governance via configurable rulesets.

**Lifecycle gaps**: Postman does not proxy production traffic. It has no runtime
gateway, no rate limiting, no authentication enforcement, no developer portal
for consumers, and no deprecation header support. You need to pair Postman with
a gateway like
[Zuplo](/learning-center/zuplo-vs-postman-api-gateway-vs-api-development-platform),
Kong, or Apigee for production lifecycle management. Design-time specs in
Postman can drift from the runtime config in your gateway if you're not careful
about sync.

**Pricing**: Free tier for individuals. Team plan at $19/user/month. Enterprise
pricing requires a sales conversation.

---

### 11. SmartBear SwaggerHub

**Best for**: Teams focused on API design governance and spec-first development
that use separate tools for runtime management.

SwaggerHub (now part of SmartBear's API Hub) is the commercial evolution of the
Swagger toolchain. It provides collaborative OpenAPI spec editing, design
governance, and a hosted mock server.

**Lifecycle strengths**: Strong design-first workflow with collaborative spec
editing, style validation, and auto-generated mock servers. Integration with
SwaggerHub Explore for API testing. SmartBear's April 2026 release added new
governance capabilities and AI-readiness features. MCP tools allow AI-assisted
spec authoring.

**Lifecycle gaps**: SwaggerHub is a design-time tool — it does not provide
runtime gateway capabilities, rate limiting, authentication enforcement, or
traffic management. Like Postman, you need a separate gateway for production.
There's no built-in developer portal for consumer self-service (beyond hosted
docs). No deprecation or sunset header support. The pricing model
(per-seat/per-API) can become expensive for teams with many specs.

**Pricing**: Free tier available (limited APIs). Paid plans scale per-user and
per-API. Enterprise pricing requires a sales conversation.

## Decision Framework: Which Platform Fits Your Team?

The right platform depends less on feature checklists and more on your team's
context. Here's how to think about it by team archetype.

### Greenfield Startup (< 20 engineers)

You need full lifecycle coverage with minimal operational overhead.
Infrastructure time is engineering time you don't have.

**Recommended**: Zuplo. Free tier gets you started, the built-in developer
portal eliminates a separate tool, and GitOps deploys mean your existing GitHub
workflow is your API management workflow. Zero infrastructure to manage.

**Also consider**: AWS API Gateway if you're already all-in on Lambda and don't
need a developer portal yet.

### Regulated Enterprise (finance, healthcare, government)

You need audit trails, compliance evidence, and formal lifecycle state
management. Vendor lock-in is a concern because procurement cycles are long.

**Recommended**: Zuplo for teams that want modern DX with enterprise governance
— the immutable audit log, composite policies, and Git-based change history
provide SOC 2 evidence out of the box. WSO2 for organizations that require fully
open-source licensing.

**Also consider**: Apigee if you're committed to Google Cloud. Azure API
Management if you're a Microsoft shop.

### Internal Platform Team

You're building a shared API platform for multiple product teams. Governance
consistency matters more than any single API's needs.

**Recommended**: Zuplo's composite policies let you define a "production-ready"
bundle (authentication + rate limiting + validation + logging) and require it on
every route via CI checks. Teams get autonomy on their API logic while platform
governance is enforced automatically.

**Also consider**: Kong Konnect if you need the breadth of the plugin ecosystem
and have Kubernetes expertise. MuleSoft if you're in the Salesforce ecosystem
and budget isn't a constraint.

### API-as-Product Team

You're monetizing your API. Developer portal quality, self-serve key management,
and billing integration are table stakes.

**Recommended**: Zuplo. Built-in developer portal with self-serve API key
management, consumer-facing usage analytics, and native Stripe-integrated
monetization — all in one platform. No need to stitch together separate portal,
billing, and gateway tools.

**Also consider**: Apigee if you need its advanced analytics for usage
optimization. Gravitee if you need multi-protocol support (REST + Kafka/MQTT).

Ready to see how Zuplo handles the full lifecycle?
[Get started free](https://portal.zuplo.com/signup) — no credit card required.

## Lifecycle Implementation Playbook

Regardless of which platform you choose, the stages of the API lifecycle follow
a consistent pattern. Here's how to implement each stage with modern tooling.

### Stage 1: Design (OpenAPI)

Start with the spec, not the code. Write an OpenAPI 3.1 document that defines
your paths, schemas, and error responses before implementing anything. This is
the [design-first approach](/learning-center/api-lifecycle-strategies) that
prevents the most common lifecycle problems.

Lint the spec in CI with tools like Vacuum or Spectral to enforce naming
conventions, require descriptions on every endpoint, and validate schema
consistency.

### Stage 2: Validate (CI)

Run your spec through automated checks on every pull request. At minimum,
validate that the spec is syntactically correct and passes your linting rules.
Better: run contract tests against a preview environment to verify that the
deployed API matches the spec.

With Zuplo, the `request-validation-inbound` policy automatically validates
incoming requests against your OpenAPI schemas at runtime — so the spec isn't
just documentation, it's enforcement.

### Stage 3: Publish (Developer Portal)

Deploy the API and publish documentation simultaneously. A good
[developer portal](/learning-center/developer-portal-comparison) auto-generates
docs from your spec, provides an interactive API explorer, and lets consumers
create and manage their own API keys.

Avoid the trap of treating docs as a separate project. When the portal is
auto-generated from the same spec that configures the gateway, documentation can
never drift from reality.

### Stage 4: Govern (Policies)

Runtime governance is where lifecycle management becomes tangible. Enforce
authentication on every endpoint, apply
[rate limiting](/learning-center/api-rate-limiting) to prevent abuse, validate
request payloads against your schemas, and log every request for audit.

The key is making governance _default_, not optional. Composite policies (in
Zuplo) or reusable policy bundles let platform teams define a baseline that
every API inherits. New routes get governance for free; skipping it requires an
intentional exception.

### Stage 5: Version (Deploy)

When you need to ship breaking changes, run old and new versions simultaneously.
URL-based versioning (`/v1/`, `/v2/`) is the clearest approach for consumers.

With Zuplo, separate `.oas.json` files per major version let you run versions in
parallel within the same project. The developer portal automatically shows a
version selector. You can even implement version transformations at the gateway
layer without changing the upstream API.

### Stage 6: Deprecate (Sunset)

[Deprecation](/learning-center/deprecating-rest-apis) is the most neglected
lifecycle stage — and the one that causes the most consumer pain when handled
poorly. A proper deprecation workflow includes:

1. **Announce**: Set the `Deprecation` header on affected endpoints
2. **Set a deadline**: Add a `Sunset` header with the removal date
3. **Provide a migration path**: Include a `Link` header pointing to migration
   docs
4. **Enforce**: Run brownout windows (periodic `503` responses) to identify
   consumers who haven't migrated
5. **Retire**: Remove the endpoint after the sunset date

Zuplo's HTTP Deprecation outbound policy handles steps 1–3 with a single policy
configuration. The brownout policy handles step 4.

## How the Full Lifecycle Works in Zuplo

The playbook above is platform-agnostic. Here's what the same six stages look
like concretely in Zuplo — from first commit to final sunset.

**Design**: Author your API in `config/routes.oas.json` — a standard OpenAPI 3.1
document. The spec defines routes, request/response schemas, and Zuplo-specific
handler and policy bindings. Lint it in CI with Vacuum or Spectral.

**Validate**: On every pull request, Zuplo automatically deploys a preview
environment in under 20 seconds. Run `npx zuplo test` against the preview URL to
verify behavior. Add custom CI rules that parse the OpenAPI file and reject PRs
missing required policies.

**Publish**: Merge to main. Zuplo deploys to 300+ edge locations in seconds. The
developer portal updates automatically with the latest spec, interactive
explorer, and consumer-facing API key management.

**Govern**: Composite policies bundle your governance requirements (API key auth
→ rate limiting → request validation → audit logging) into a single reusable
reference. Apply it to every route. New endpoints inherit the full governance
stack with one line of configuration.

**Version**: Add a second `.oas.json` file for your v2 routes. Both versions run
on the same deployment. The developer portal shows a version dropdown. Use
outbound policies on v2 routes to transform responses without changing your
upstream backend.

**Deprecate**: Apply the `http-deprecation-outbound` policy to v1 routes with a
sunset date and migration link. Add a brownout policy when the deadline
approaches. Monitor which consumers are still hitting deprecated endpoints via
API analytics. Remove v1 routes after the sunset date.

This entire workflow runs through Git. Every change is a pull request, every
environment is a branch, and every deployment is an atomic push. No portal
clicking, no XML editing, no environment provisioning delays.

[Try Zuplo free](https://portal.zuplo.com/signup) and cover the full API
lifecycle from your first commit.

## Related Resources

**Lifecycle and governance guides**

- [API Lifecycle Strategies and Platform Comparison](/learning-center/api-lifecycle-strategies)
- [What Is API Management?](/learning-center/what-is-api-management)
- [API Management Maturity Model](/learning-center/api-management-maturity-model)
- [How to Sunset an API](/learning-center/how-to-sunset-an-api)
- [How to Deprecate a REST API](/learning-center/deprecating-rest-apis)

**Platform comparisons**

- [Best API Management Platforms (2026)](/learning-center/best-api-management-platforms-2026)
- [Best API Gateways (2026)](/learning-center/best-api-gateways-2026)
- [API Gateway Pricing Comparison (2026)](/learning-center/api-gateway-pricing-comparison-2026)
- [GitOps for API Management: Platform Comparison](/learning-center/gitops-api-management-comparison)
- [OpenAPI-First API Gateway](/learning-center/openapi-first-api-gateway)
- [Developer Portal Comparison](/learning-center/developer-portal-comparison)