What Is the Zuplo API Gateway?

Most API gateways still feel like they were designed for a 2014 ops team. You write YAML, you wrestle with a control plane, and you wait for someone with cluster access to push your changes. Zuplo flips that model. It is a programmable, edge-native API gateway where your routes live in a Git repo, your policies are TypeScript, and every commit deploys to 300+ global locations in seconds.

Try Apidog today

This guide breaks down what the Zuplo API gateway does, how it differs from Kong and AWS API Gateway, the pricing, and how to deploy your first gateway in under thirty minutes. You'll get practical code examples for routing, authentication, rate limiting, and see how to test every endpoint with Apidog before production.

Zuplo sits in a category previously dominated by Kong, Apigee, and AWS API Gateway. The core value: developers get a real programming language, ops gets a managed service, and product teams get a built-in monetization layer. The workflow is built for speed and automation.

TL;DR

• Edge-native deployment: Zuplo is a fully managed API gateway running across 300+ Cloudflare data centers, delivering sub-50ms latency with zero cold starts.
• GitOps-native config: All configuration is done in a Git repository. CI/CD pipelines handle deployments.
• TypeScript policies: Define policies in TypeScript with full IDE support—no YAML or Lua.
• Free tier: 100K requests/month, unlimited environments, API keys, and developer portals.
• Built-in features: API key/JWT/OAuth2 auth, rate limiting, request validation, auto-generated developer portal, Stripe monetization.
• MCP Server Handler: Expose any gateway route to Claude, Codex, Cursor, or any MCP client.
• Testing: Test every Zuplo route end-to-end with Apidog before production.

What is Zuplo?

Zuplo is an API management platform focused on:

• Code over config: Write policies and logic in TypeScript, not YAML.
• Edge over region: Deploys automatically to 300+ Cloudflare data centers.
• Git over GUI: Every change flows through Git; no manual UI steps.

You get:

• routes.oas.json: OpenAPI spec describing your endpoints.
• TypeScript modules for custom logic.
• Config files for wiring policies.
• GitHub integration for CI/CD builds and deployments.

Supported: REST, GraphQL, gRPC, WebSockets, SOAP. SOC 2 Type II compliant. Multi-cloud backends (AWS, Azure, GCP) and a self-hosted Kubernetes option. Pricing starts free and scales with usage. Full details on the Zuplo pricing page.

Why Developers Pick Zuplo Over Kong, Apigee, and AWS API Gateway

• Kong: Open-source, maximum control, requires Lua.
• Apigee: Enterprise focus, deep analytics, steep learning curve.
• AWS API Gateway: AWS-native, but limited developer portal and Lambda cold starts.

Zuplo targets small teams needing enterprise features without heavy ops.

Key differences:

• TypeScript, not YAML: Write policies (e.g., rate limiting) in TypeScript, not long YAML files.
• Developer portal included: Auto-generated from your OpenAPI spec—no extra setup, even on free tier.
• GitOps workflow: Every change is a pull request with reviews, audit logs, and instant rollback via git revert.
• Edge-native: Cloudflare Workers provide fast, cold-start-free execution globally.

If you’re starting fresh or want to escape operational overhead, Zuplo’s workflow is a major upgrade.

Core Features of the Zuplo API Gateway

TypeScript-First Programmability

Define gateway logic in TypeScript next to your routes. Write custom inbound/outbound policies as async functions.

Example: Strip internal headers before responding:

import { ZuploRequest, ZuploContext } from "@zuplo/runtime";

export default async function (
  response: Response,
  request: ZuploRequest,
  context: ZuploContext,
) {
  response.headers.delete("x-internal-trace-id");
  return response;
}

Place this in modules/strip-internal-header.ts, reference in your route, push to Git, and deploy.

60+ Pre-Built Policies

No need to write code for common needs. Zuplo includes pre-built policies for:

• API key/JWT/OAuth2 authentication
• Multiple rate limiting strategies
• Request/response validation (OpenAPI schema)
• CORS, IP allowlists, request transformation, and more

Simply edit the route definition to apply them—no custom code required.

Auto-Generated Developer Portal

Point the portal at your OpenAPI spec to get:

• Hosted documentation with interactive consoles
• Code samples (cURL, JS, Python, Go)
• Self-serve API key issuance and user signup

This dramatically simplifies onboarding for API consumers.

Built-In API Monetization

Integrated Stripe billing lets you:

• Define free/pro/enterprise plans
• Connect Stripe for checkout and subscription management
• Automate usage-based billing

No need to build monetization from scratch.

MCP Server Handler for AI Agents

Expose your API to MCP-compatible AI agents (Claude, Codex, Cursor):

• Point handler at your OpenAPI spec
• Select operations to expose
• Apply existing auth/rate-limiting policies

See the Zuplo MCP Server Handler walkthrough.

Edge Deployment, Sub-50ms Latency

Zuplo deploys your gateway to 300+ Cloudflare edge locations by default. Users connect to the nearest region automatically. No configuration needed.

How Zuplo Works Under the Hood

Every request passes through:

1. Route match: Matches request against routes.oas.json.
2. Inbound policies: Runs configured policies (auth, rate limiting, validation).
3. Handler: Proxies to origin, serves static, runs custom TypeScript, or invokes MCP handler.
4. Outbound policies: Applies response transformations, header management, etc.
5. Response: Returns to client; logs and metrics sent to observability layer.

All processing runs in a Cloudflare Worker for low latency and efficient scaling.

Setting Up Your First Zuplo Gateway

You can deploy a working gateway in ~30 minutes.

Step-by-step:

1. Sign up at zuplo.com and create a project. Use the GitHub integration for repo sync.
2. Import your OpenAPI spec. If you have one, import it; otherwise, sketch routes in the UI.
3. Add API key auth: In the route editor, add api-key-inbound. Zuplo auto-generates the consumer DB and key issuance UI.
4. Add rate limiting: Add rate-limit-inbound with your request budget (e.g., 100 requests/min per API key).
5. Deploy: Push to your branch. Zuplo builds a preview environment. Promote to production via merge.
6. Test end-to-end: Use Apidog to send requests to your gateway—validate auth, rate limiting, and error handling.

The initial deployment is quick. Focus on clear route naming and placing custom logic as needed.

Writing Custom Policies in TypeScript

For advanced scenarios, write custom policies. For example, enrich a request with data from an internal service:

import { ZuploRequest, ZuploContext } from "@zuplo/runtime";

interface UserContext {
  userId: string;
  plan: "free" | "pro" | "enterprise";
}

export default async function (
  request: ZuploRequest,
  context: ZuploContext,
): Promise<ZuploRequest | Response> {
  const apiKey = request.user?.sub;
  if (!apiKey) {
    return new Response("Unauthorized", { status: 401 });
  }

  const lookupUrl = `https://internal.example.com/users/${apiKey}`;
  const userResponse = await fetch(lookupUrl, {
    headers: { authorization: `Bearer ${context.environment.INTERNAL_TOKEN}` },
  });

  if (!userResponse.ok) {
    return new Response("User lookup failed", { status: 502 });
  }

  const user = (await userResponse.json()) as UserContext;
  request.headers.set("x-user-id", user.userId);
  request.headers.set("x-user-plan", user.plan);
  return request;
}

Notes:

• Policies are async functions—easy to unit test.
• Environment variables are accessed via context.environment.
• Returning a Response ends the pipeline for errors or early exits.

Zuplo Pricing in 2026

Three main plans:

• Free ($0/month): 100K requests/month, unlimited environments, API keys, developer portals, 1 GB egress, 2 developers, deploys to all edge locations.
• Builder ($25/month): Up to 1M requests/month, two custom domains, scalable egress, community support.
• Enterprise (custom, starts ~$1,000/month): Unlimited requests/domains, SLA options, advanced integrations, SSO, RBAC, observability.

AI Gateway and Developer Portal have additional tiers, including an open-source, self-hosted portal at $0/month. See the Zuplo pricing page for full details.

Comparisons:

AWS API Gateway: $3.50/million REST requests + egress + Lambda costs.

Kong’s enterprise tier is usually pricier than Zuplo’s Enterprise plan.

Zuplo’s free tier is production-ready and ideal for early-stage projects.

When Zuplo Is the Right Call (And When It Is Not)

Use Zuplo if:

• You want a managed gateway, not self-hosted Kong.
• Your team uses TypeScript or JavaScript.
• You need a built-in developer portal.
• You plan to monetize via Stripe.
• You want MCP support for AI agent integrations.
• Edge performance and global reach are important.

Consider alternatives if:

• You require full open-source gateway control (use Kong).
• Your stack is fully on-prem with no internet egress (Kong/Tyk).
• You need deep NGINX customization.
• You’re heavily invested in Apigee or MuleSoft with high migration cost.

Testing Your Zuplo Gateway With Apidog

Before pushing to production, test every route and policy thoroughly. Apidog streamlines this:

• Directly import your OpenAPI spec—same as Zuplo routes.
• Call routes with valid/invalid API keys to verify auth.
• Send malformed payloads to test request validation.
• Hammer endpoints to check rate limiting.
• Manage environment variables for preview/production URLs and API keys.
• Generate code samples (cURL, JS, Python, Go) for your docs/runbooks.
• Use Apidog’s automated test scenarios for rapid coverage.

If you haven’t tried Apidog, check out the VS Code extension and the API testing without Postman guide for migration tips. Download Apidog to get started.

Common Questions About the Zuplo API Gateway

Is Zuplo open source?

The core runtime is closed source. The developer portal and some libraries are open-sourced. For self-hosting, use the open-source portal plus a self-hosted Kubernetes gateway. Most teams use the managed service.

Can Zuplo run on my infrastructure?

Yes—Enterprise plan includes a self-hosted Kubernetes option. You trade global edge deployment for cluster management and data residency.

How does Zuplo compare to Cloudflare API Shield?

API Shield offers security (schema validation, mTLS) in front of origins. Zuplo provides full API management (routing, policies, portal, monetization, MCP). Use API Shield for security only; use Zuplo for lifecycle management.

Does Zuplo work with my existing OpenAPI spec?

Yes. OpenAPI is the source of truth: import your spec, auto-generate routes/portal, and validate requests against schemas.

Can I expose my Zuplo gateway to AI agents like Claude or Codex?

Yes, via the MCP Server Handler. Point to your OpenAPI spec, select operations, and your gateway is callable by any MCP-compatible client (with policies applied).

How long does a Zuplo deployment take?

A typical deploy to preview takes <60 seconds. Production promotions are even faster. No maintenance windows; atomic deployments.

What happens if Cloudflare goes down?

Zuplo runs on Cloudflare’s edge. Regional outages affect only that region. Enterprise plans offer multi-cloud failover for 99.999% SLA.

Conclusion

Zuplo delivers enterprise-grade API gateway features with minimal ops overhead: TypeScript policies, GitOps deployments, auto-generated portals, built-in monetization, and MCP support for AI. The free tier is production-ready; Enterprise covers advanced needs.

To evaluate, set up a gateway with your API in thirty minutes, test with Apidog, and base your decision on hands-on results—not just vendor claims. The combination of a managed edge gateway and a robust API client is the fastest way to turn an API into a product. Download Apidog and start testing.