zuplo 6.67.32 → 6.68.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (644) hide show
  1. package/README.md +9 -0
  2. package/docs/_index.md +44 -0
  3. package/docs/ai-gateway/apps.mdx +28 -0
  4. package/docs/ai-gateway/custom-providers.mdx +54 -0
  5. package/docs/ai-gateway/getting-started.mdx +224 -0
  6. package/docs/ai-gateway/guardrails.mdx +65 -0
  7. package/docs/ai-gateway/integrations/ai-sdk.mdx +109 -0
  8. package/docs/ai-gateway/integrations/claude-code.mdx +49 -0
  9. package/docs/ai-gateway/integrations/codex.mdx +78 -0
  10. package/docs/ai-gateway/integrations/goose.mdx +104 -0
  11. package/docs/ai-gateway/integrations/langchain.mdx +66 -0
  12. package/docs/ai-gateway/integrations/openai.mdx +99 -0
  13. package/docs/ai-gateway/introduction.mdx +85 -0
  14. package/docs/ai-gateway/managing-apps.mdx +46 -0
  15. package/docs/ai-gateway/managing-providers.mdx +66 -0
  16. package/docs/ai-gateway/managing-teams.mdx +63 -0
  17. package/docs/ai-gateway/policies/akamai-ai-firewall.mdx +125 -0
  18. package/docs/ai-gateway/policies/comet-opik-tracing.mdx +139 -0
  19. package/docs/ai-gateway/policies/galileo-tracing.mdx +147 -0
  20. package/docs/ai-gateway/providers.mdx +32 -0
  21. package/docs/ai-gateway/teams.mdx +38 -0
  22. package/docs/ai-gateway/universal-api.mdx +43 -0
  23. package/docs/ai-gateway/usage-limits.mdx +89 -0
  24. package/docs/api-management/introduction.md +127 -0
  25. package/docs/articles/accounts/audit-logs.mdx +227 -0
  26. package/docs/articles/accounts/billing.mdx +25 -0
  27. package/docs/articles/accounts/default-api-key.mdx +30 -0
  28. package/docs/articles/accounts/delete-account.mdx +36 -0
  29. package/docs/articles/accounts/enterprise-sso.mdx +116 -0
  30. package/docs/articles/accounts/managing-account-members.mdx +45 -0
  31. package/docs/articles/accounts/managing-project-members.mdx +37 -0
  32. package/docs/articles/accounts/members-and-roles.mdx +21 -0
  33. package/docs/articles/accounts/roles-and-permissions.mdx +115 -0
  34. package/docs/articles/accounts/zuplo-api-keys.mdx +94 -0
  35. package/docs/articles/add-api-to-backstage.mdx +216 -0
  36. package/docs/articles/advanced-path-matching.mdx +139 -0
  37. package/docs/articles/api-key-administration.mdx +47 -0
  38. package/docs/articles/api-key-api.mdx +220 -0
  39. package/docs/articles/api-key-authentication.mdx +195 -0
  40. package/docs/articles/api-key-buckets.mdx +61 -0
  41. package/docs/articles/api-key-end-users.mdx +52 -0
  42. package/docs/articles/api-key-leak-detection.mdx +75 -0
  43. package/docs/articles/api-key-management.mdx +100 -0
  44. package/docs/articles/api-key-react-component.mdx +90 -0
  45. package/docs/articles/api-key-service-limits.mdx +14 -0
  46. package/docs/articles/archiving-requests-to-storage.mdx +119 -0
  47. package/docs/articles/branch-based-deployments.mdx +184 -0
  48. package/docs/articles/bypass-policy-for-testing.mdx +117 -0
  49. package/docs/articles/check-ip-address.mdx +17 -0
  50. package/docs/articles/ci-cd-azure/basic-deployment.mdx +49 -0
  51. package/docs/articles/ci-cd-azure/deploy-and-test.mdx +47 -0
  52. package/docs/articles/ci-cd-azure/local-testing.mdx +59 -0
  53. package/docs/articles/ci-cd-azure/multi-stage-deployment.mdx +88 -0
  54. package/docs/articles/ci-cd-azure/pr-preview-environments.mdx +50 -0
  55. package/docs/articles/ci-cd-azure/tag-based-releases.mdx +37 -0
  56. package/docs/articles/ci-cd-bitbucket/basic-deployment.mdx +27 -0
  57. package/docs/articles/ci-cd-bitbucket/deploy-and-test.mdx +41 -0
  58. package/docs/articles/ci-cd-bitbucket/local-testing.mdx +34 -0
  59. package/docs/articles/ci-cd-bitbucket/multi-stage-deployment.mdx +52 -0
  60. package/docs/articles/ci-cd-bitbucket/pr-preview-environments.mdx +46 -0
  61. package/docs/articles/ci-cd-bitbucket/tag-based-releases.mdx +27 -0
  62. package/docs/articles/ci-cd-circleci/basic-deployment.mdx +34 -0
  63. package/docs/articles/ci-cd-circleci/deploy-and-test.mdx +44 -0
  64. package/docs/articles/ci-cd-circleci/local-testing.mdx +50 -0
  65. package/docs/articles/ci-cd-circleci/multi-stage-deployment.mdx +82 -0
  66. package/docs/articles/ci-cd-circleci/pr-preview-environments.mdx +47 -0
  67. package/docs/articles/ci-cd-circleci/tag-based-releases.mdx +38 -0
  68. package/docs/articles/ci-cd-github/basic-deployment.mdx +48 -0
  69. package/docs/articles/ci-cd-github/cleanup-on-branch-delete.mdx +123 -0
  70. package/docs/articles/ci-cd-github/deploy-and-test.mdx +82 -0
  71. package/docs/articles/ci-cd-github/local-testing.mdx +102 -0
  72. package/docs/articles/ci-cd-github/multi-stage-deployment.mdx +136 -0
  73. package/docs/articles/ci-cd-github/pr-preview-environments.mdx +106 -0
  74. package/docs/articles/ci-cd-github/tag-based-releases.mdx +99 -0
  75. package/docs/articles/ci-cd-gitlab/basic-deployment.mdx +28 -0
  76. package/docs/articles/ci-cd-gitlab/deploy-and-test.mdx +44 -0
  77. package/docs/articles/ci-cd-gitlab/local-testing.mdx +39 -0
  78. package/docs/articles/ci-cd-gitlab/mr-preview-environments.mdx +52 -0
  79. package/docs/articles/ci-cd-gitlab/multi-stage-deployment.mdx +64 -0
  80. package/docs/articles/ci-cd-gitlab/tag-based-releases.mdx +28 -0
  81. package/docs/articles/composite-policy-reference.mdx +284 -0
  82. package/docs/articles/configuring-auth0-for-mcp-auth.mdx +186 -0
  83. package/docs/articles/configuring-okta-for-mcp-auth.mdx +208 -0
  84. package/docs/articles/convert-urls-to-openapi.mdx +62 -0
  85. package/docs/articles/cors.mdx +447 -0
  86. package/docs/articles/custom-audit-log-policy.mdx +95 -0
  87. package/docs/articles/custom-ci-cd-azure.mdx +81 -0
  88. package/docs/articles/custom-ci-cd-bitbucket.mdx +80 -0
  89. package/docs/articles/custom-ci-cd-circleci.mdx +78 -0
  90. package/docs/articles/custom-ci-cd-github.mdx +99 -0
  91. package/docs/articles/custom-ci-cd-gitlab.mdx +79 -0
  92. package/docs/articles/custom-ci-cd.mdx +82 -0
  93. package/docs/articles/custom-code-patterns.md +418 -0
  94. package/docs/articles/custom-domains.mdx +258 -0
  95. package/docs/articles/custom-logging-example.mdx +139 -0
  96. package/docs/articles/ddos-protection.mdx +138 -0
  97. package/docs/articles/development-options.mdx +49 -0
  98. package/docs/articles/environment-variables.mdx +134 -0
  99. package/docs/articles/environments.mdx +143 -0
  100. package/docs/articles/fastly-zuplo-host-setup.mdx +41 -0
  101. package/docs/articles/github-deployment-testing.mdx +101 -0
  102. package/docs/articles/gke-with-upstream-auth-policy.mdx +192 -0
  103. package/docs/articles/graphql-security.mdx +180 -0
  104. package/docs/articles/handling-form-data.mdx +61 -0
  105. package/docs/articles/health-checks.mdx +109 -0
  106. package/docs/articles/hosting-options.mdx +70 -0
  107. package/docs/articles/lazy-load-configuration-into-cache.mdx +92 -0
  108. package/docs/articles/limits.mdx +98 -0
  109. package/docs/articles/local-development-debugging.mdx +44 -0
  110. package/docs/articles/local-development-env-variables.mdx +23 -0
  111. package/docs/articles/local-development-installing-packages.mdx +23 -0
  112. package/docs/articles/local-development-routes-designer.mdx +27 -0
  113. package/docs/articles/local-development-services.mdx +40 -0
  114. package/docs/articles/local-development-troubleshooting.mdx +56 -0
  115. package/docs/articles/local-development.mdx +81 -0
  116. package/docs/articles/log-plugin-aws-cloudwatch.mdx +83 -0
  117. package/docs/articles/log-plugin-datadog.mdx +84 -0
  118. package/docs/articles/log-plugin-dynatrace.mdx +75 -0
  119. package/docs/articles/log-plugin-gcp.mdx +75 -0
  120. package/docs/articles/log-plugin-loki.mdx +136 -0
  121. package/docs/articles/log-plugin-new-relic.mdx +84 -0
  122. package/docs/articles/log-plugin-splunk.mdx +104 -0
  123. package/docs/articles/log-plugin-sumo.mdx +73 -0
  124. package/docs/articles/log-plugin-vmware-log-insight.mdx +154 -0
  125. package/docs/articles/log-request-response-data.mdx +398 -0
  126. package/docs/articles/logging.mdx +115 -0
  127. package/docs/articles/manual-mcp-oauth-testing.mdx +193 -0
  128. package/docs/articles/mcp-quickstart.mdx +135 -0
  129. package/docs/articles/metrics-plugins.mdx +371 -0
  130. package/docs/articles/migrate-from-apigee.md +408 -0
  131. package/docs/articles/migrate-from-aws-api-gateway.md +248 -0
  132. package/docs/articles/migrate-from-azure-apim.md +292 -0
  133. package/docs/articles/migrate-from-kong.md +300 -0
  134. package/docs/articles/migration-overview.md +81 -0
  135. package/docs/articles/monetization/api-access.mdx +69 -0
  136. package/docs/articles/monetization/billing-models.md +520 -0
  137. package/docs/articles/monetization/developer-portal.md +167 -0
  138. package/docs/articles/monetization/features.mdx +98 -0
  139. package/docs/articles/monetization/index.mdx +113 -0
  140. package/docs/articles/monetization/meters.mdx +135 -0
  141. package/docs/articles/monetization/monetization-policy.md +314 -0
  142. package/docs/articles/monetization/plan-examples.mdx +366 -0
  143. package/docs/articles/monetization/plans.mdx +266 -0
  144. package/docs/articles/monetization/pricing-models.mdx +225 -0
  145. package/docs/articles/monetization/private-plans.md +154 -0
  146. package/docs/articles/monetization/quickstart.md +355 -0
  147. package/docs/articles/monetization/rate-cards.mdx +171 -0
  148. package/docs/articles/monetization/stripe-integration.md +195 -0
  149. package/docs/articles/monetization/subscription-lifecycle.md +298 -0
  150. package/docs/articles/monetization/tax-collection.md +166 -0
  151. package/docs/articles/monetization/troubleshooting.md +272 -0
  152. package/docs/articles/monetization-custom.mdx +71 -0
  153. package/docs/articles/monetization-integrations.mdx +104 -0
  154. package/docs/articles/monitoring-your-gateway.mdx +53 -0
  155. package/docs/articles/monorepo-deployment.mdx +350 -0
  156. package/docs/articles/multiple-auth-policies.mdx +81 -0
  157. package/docs/articles/non-standard-ports.mdx +30 -0
  158. package/docs/articles/oauth-authentication.mdx +54 -0
  159. package/docs/articles/openapi-server-urls.mdx +60 -0
  160. package/docs/articles/openapi.mdx +130 -0
  161. package/docs/articles/opentelemetry.mdx +250 -0
  162. package/docs/articles/per-user-rate-limits-using-db.mdx +112 -0
  163. package/docs/articles/performance-testing.mdx +304 -0
  164. package/docs/articles/plugin-akamai-api-security.mdx +76 -0
  165. package/docs/articles/plugin-azure-blob.mdx +73 -0
  166. package/docs/articles/plugin-azure-event-hubs.mdx +64 -0
  167. package/docs/articles/plugin-hydrolix-traffic-peak.mdx +147 -0
  168. package/docs/articles/policies.mdx +33 -0
  169. package/docs/articles/rename-or-move-project.mdx +39 -0
  170. package/docs/articles/rick-and-morty-api-developer-portal-example.mdx +23 -0
  171. package/docs/articles/routing.mdx +193 -0
  172. package/docs/articles/s3-signed-url-uploads.mdx +521 -0
  173. package/docs/articles/secure-tunnel.mdx +84 -0
  174. package/docs/articles/securing-backend-mtls.mdx +268 -0
  175. package/docs/articles/securing-your-backend.mdx +148 -0
  176. package/docs/articles/security.mdx +105 -0
  177. package/docs/articles/sharing-code-across-projects.mdx +412 -0
  178. package/docs/articles/source-control-setup-azure.mdx +13 -0
  179. package/docs/articles/source-control-setup-bitbucket.mdx +43 -0
  180. package/docs/articles/source-control-setup-github.mdx +172 -0
  181. package/docs/articles/source-control-setup-gitlab.mdx +12 -0
  182. package/docs/articles/source-control.mdx +80 -0
  183. package/docs/articles/step-1-setup-basic-gateway-local.mdx +136 -0
  184. package/docs/articles/step-1-setup-basic-gateway.mdx +118 -0
  185. package/docs/articles/step-2-add-rate-limiting-local.mdx +126 -0
  186. package/docs/articles/step-2-add-rate-limiting.mdx +82 -0
  187. package/docs/articles/step-3-add-api-key-auth-local.mdx +199 -0
  188. package/docs/articles/step-3-add-api-key-auth.mdx +166 -0
  189. package/docs/articles/step-4-deploying-to-the-edge.mdx +220 -0
  190. package/docs/articles/step-5-dynamic-rate-limiting.mdx +167 -0
  191. package/docs/articles/support.mdx +144 -0
  192. package/docs/articles/terraform.mdx +114 -0
  193. package/docs/articles/testing-graphql.mdx +34 -0
  194. package/docs/articles/testing.mdx +522 -0
  195. package/docs/articles/troubleshooting-slow-responses.mdx +301 -0
  196. package/docs/articles/troubleshooting.md +302 -0
  197. package/docs/articles/tsconfig.mdx +105 -0
  198. package/docs/articles/tunnel-setup.mdx +195 -0
  199. package/docs/articles/tunnel-troubleshooting.mdx +50 -0
  200. package/docs/articles/update-zup-in-github-action.mdx +110 -0
  201. package/docs/articles/use-openapi-extension-data.mdx +79 -0
  202. package/docs/articles/users/multifactor-authentication.mdx +64 -0
  203. package/docs/articles/users/profile.mdx +13 -0
  204. package/docs/articles/versioning-on-zuplo.mdx +89 -0
  205. package/docs/articles/waf-ddos-akamai.md +133 -0
  206. package/docs/articles/waf-ddos-aws-waf-shield.mdx +85 -0
  207. package/docs/articles/waf-ddos-fastly.mdx +251 -0
  208. package/docs/articles/waf-ddos.mdx +140 -0
  209. package/docs/articles/zuplo-waf.mdx +156 -0
  210. package/docs/ask.mdx +3 -0
  211. package/docs/cli/authentication.mdx +56 -0
  212. package/docs/cli/connectivity.mdx +38 -0
  213. package/docs/cli/create-zuplo-api.mdx +80 -0
  214. package/docs/cli/delete.mdx +79 -0
  215. package/docs/cli/deploy.mdx +156 -0
  216. package/docs/cli/deploy.partial.mdx +46 -0
  217. package/docs/cli/dev.mdx +115 -0
  218. package/docs/cli/docs.mdx +66 -0
  219. package/docs/cli/editor.mdx +50 -0
  220. package/docs/cli/global-options.mdx +19 -0
  221. package/docs/cli/init.mdx +74 -0
  222. package/docs/cli/link.mdx +74 -0
  223. package/docs/cli/list.mdx +55 -0
  224. package/docs/cli/mtls-certificate-create.mdx +94 -0
  225. package/docs/cli/mtls-certificate-delete.mdx +55 -0
  226. package/docs/cli/mtls-certificate-describe.mdx +55 -0
  227. package/docs/cli/mtls-certificate-disable.mdx +55 -0
  228. package/docs/cli/mtls-certificate-list.mdx +47 -0
  229. package/docs/cli/mtls-certificate-update.mdx +72 -0
  230. package/docs/cli/openapi-convert.mdx +111 -0
  231. package/docs/cli/openapi-merge.mdx +138 -0
  232. package/docs/cli/openapi-merge.partial.mdx +29 -0
  233. package/docs/cli/openapi-overlay.mdx +123 -0
  234. package/docs/cli/overview.mdx +78 -0
  235. package/docs/cli/project-create.mdx +43 -0
  236. package/docs/cli/source-migrate.mdx +18 -0
  237. package/docs/cli/source-upgrade.mdx +41 -0
  238. package/docs/cli/test.mdx +70 -0
  239. package/docs/cli/test.partial.mdx +7 -0
  240. package/docs/cli/tunnel-create.mdx +53 -0
  241. package/docs/cli/tunnel-create.partial.mdx +9 -0
  242. package/docs/cli/tunnel-delete.mdx +35 -0
  243. package/docs/cli/tunnel-delete.partial.mdx +9 -0
  244. package/docs/cli/tunnel-describe.mdx +45 -0
  245. package/docs/cli/tunnel-describe.partial.mdx +5 -0
  246. package/docs/cli/tunnel-list.mdx +35 -0
  247. package/docs/cli/tunnel-list.partial.mdx +9 -0
  248. package/docs/cli/tunnel-rate-token.partial.mdx +9 -0
  249. package/docs/cli/tunnel-rotate-token.mdx +39 -0
  250. package/docs/cli/tunnel-services-describe.mdx +45 -0
  251. package/docs/cli/tunnel-services-describe.partial.mdx +9 -0
  252. package/docs/cli/tunnel-services-update.mdx +48 -0
  253. package/docs/cli/variable-create.mdx +91 -0
  254. package/docs/cli/variable-create.partial.mdx +5 -0
  255. package/docs/cli/variable-update.mdx +75 -0
  256. package/docs/cli/variable-update.partial.mdx +5 -0
  257. package/docs/concepts/api-keys.md +146 -0
  258. package/docs/concepts/authentication.mdx +109 -0
  259. package/docs/concepts/how-zuplo-works.mdx +120 -0
  260. package/docs/concepts/project-structure.mdx +174 -0
  261. package/docs/concepts/rate-limiting.md +246 -0
  262. package/docs/concepts/request-lifecycle.mdx +56 -0
  263. package/docs/concepts/source-control-and-deployment.mdx +229 -0
  264. package/docs/conferences/conference-prize-terms.mdx +80 -0
  265. package/docs/dedicated/akamai/ai-powered-applications.mdx +223 -0
  266. package/docs/dedicated/akamai/architecture.mdx +280 -0
  267. package/docs/dedicated/akamai/caching.mdx +212 -0
  268. package/docs/dedicated/akamai/cdn.mdx +156 -0
  269. package/docs/dedicated/architecture.mdx +208 -0
  270. package/docs/dedicated/custom-domains.mdx +31 -0
  271. package/docs/dedicated/federated-gateways.mdx +80 -0
  272. package/docs/dedicated/networking.mdx +69 -0
  273. package/docs/dedicated/overview.mdx +80 -0
  274. package/docs/dedicated/source-control.mdx +63 -0
  275. package/docs/dev-portal/dev-portal-create-consumer-on-auth.mdx +134 -0
  276. package/docs/dev-portal/introduction.mdx +65 -0
  277. package/docs/dev-portal/local-development.mdx +72 -0
  278. package/docs/dev-portal/migration.mdx +526 -0
  279. package/docs/dev-portal/node-modules.mdx +45 -0
  280. package/docs/dev-portal/updating.mdx +28 -0
  281. package/docs/dev-portal/zudoku/components/alert.mdx +130 -0
  282. package/docs/dev-portal/zudoku/components/badge.mdx +70 -0
  283. package/docs/dev-portal/zudoku/components/button.mdx +132 -0
  284. package/docs/dev-portal/zudoku/components/callout.mdx +112 -0
  285. package/docs/dev-portal/zudoku/components/card.mdx +104 -0
  286. package/docs/dev-portal/zudoku/components/checkbox.mdx +72 -0
  287. package/docs/dev-portal/zudoku/components/client-only.mdx +79 -0
  288. package/docs/dev-portal/zudoku/components/code-tabs.mdx +179 -0
  289. package/docs/dev-portal/zudoku/components/dialog.mdx +167 -0
  290. package/docs/dev-portal/zudoku/components/head.mdx +199 -0
  291. package/docs/dev-portal/zudoku/components/icons.mdx +27 -0
  292. package/docs/dev-portal/zudoku/components/input.mdx +96 -0
  293. package/docs/dev-portal/zudoku/components/label.mdx +86 -0
  294. package/docs/dev-portal/zudoku/components/link.mdx +242 -0
  295. package/docs/dev-portal/zudoku/components/markdown.mdx +151 -0
  296. package/docs/dev-portal/zudoku/components/mermaid.mdx +81 -0
  297. package/docs/dev-portal/zudoku/components/playground.mdx +87 -0
  298. package/docs/dev-portal/zudoku/components/secret.mdx +78 -0
  299. package/docs/dev-portal/zudoku/components/select.mdx +176 -0
  300. package/docs/dev-portal/zudoku/components/shadcn.mdx +73 -0
  301. package/docs/dev-portal/zudoku/components/slider.mdx +108 -0
  302. package/docs/dev-portal/zudoku/components/slot.mdx +119 -0
  303. package/docs/dev-portal/zudoku/components/stepper.mdx +138 -0
  304. package/docs/dev-portal/zudoku/components/switch.mdx +96 -0
  305. package/docs/dev-portal/zudoku/components/syntax-highlight.mdx +602 -0
  306. package/docs/dev-portal/zudoku/components/textarea.mdx +78 -0
  307. package/docs/dev-portal/zudoku/components/tooltip.mdx +195 -0
  308. package/docs/dev-portal/zudoku/components/typography.mdx +61 -0
  309. package/docs/dev-portal/zudoku/configuration/ai-assistants.md +64 -0
  310. package/docs/dev-portal/zudoku/configuration/api-catalog.md +108 -0
  311. package/docs/dev-portal/zudoku/configuration/api-reference.md +397 -0
  312. package/docs/dev-portal/zudoku/configuration/authentication-auth0.md +173 -0
  313. package/docs/dev-portal/zudoku/configuration/authentication-azure-ad.md +238 -0
  314. package/docs/dev-portal/zudoku/configuration/authentication-clerk.md +110 -0
  315. package/docs/dev-portal/zudoku/configuration/authentication-firebase.md +61 -0
  316. package/docs/dev-portal/zudoku/configuration/authentication-pingfederate.md +136 -0
  317. package/docs/dev-portal/zudoku/configuration/authentication-supabase.md +225 -0
  318. package/docs/dev-portal/zudoku/configuration/authentication.md +199 -0
  319. package/docs/dev-portal/zudoku/configuration/build-configuration.mdx +147 -0
  320. package/docs/dev-portal/zudoku/configuration/docs.md +282 -0
  321. package/docs/dev-portal/zudoku/configuration/footer.mdx +214 -0
  322. package/docs/dev-portal/zudoku/configuration/llms.md +89 -0
  323. package/docs/dev-portal/zudoku/configuration/navigation.mdx +408 -0
  324. package/docs/dev-portal/zudoku/configuration/overview.md +380 -0
  325. package/docs/dev-portal/zudoku/configuration/protected-routes.md +149 -0
  326. package/docs/dev-portal/zudoku/configuration/search.md +169 -0
  327. package/docs/dev-portal/zudoku/configuration/sentry.mdx +44 -0
  328. package/docs/dev-portal/zudoku/configuration/site.md +124 -0
  329. package/docs/dev-portal/zudoku/configuration/slots.mdx +124 -0
  330. package/docs/dev-portal/zudoku/configuration/vite-config.md +18 -0
  331. package/docs/dev-portal/zudoku/custom-plugins.md +287 -0
  332. package/docs/dev-portal/zudoku/customization/colors-theme.mdx +275 -0
  333. package/docs/dev-portal/zudoku/customization/fonts.md +110 -0
  334. package/docs/dev-portal/zudoku/extending/events.md +124 -0
  335. package/docs/dev-portal/zudoku/guides/custom-pages.md +106 -0
  336. package/docs/dev-portal/zudoku/guides/environment-variables.md +99 -0
  337. package/docs/dev-portal/zudoku/guides/mermaid.mdx +70 -0
  338. package/docs/dev-portal/zudoku/guides/navigation-migration.md +87 -0
  339. package/docs/dev-portal/zudoku/guides/navigation-rules.mdx +197 -0
  340. package/docs/dev-portal/zudoku/guides/processors.mdx +234 -0
  341. package/docs/dev-portal/zudoku/guides/static-files.md +55 -0
  342. package/docs/dev-portal/zudoku/guides/transforming-examples.md +156 -0
  343. package/docs/dev-portal/zudoku/guides/using-multiple-apis.md +87 -0
  344. package/docs/dev-portal/zudoku/markdown/admonitions.md +128 -0
  345. package/docs/dev-portal/zudoku/markdown/code-blocks.md +196 -0
  346. package/docs/dev-portal/zudoku/markdown/frontmatter.md +172 -0
  347. package/docs/dev-portal/zudoku/markdown/mdx.md +68 -0
  348. package/docs/dev-portal/zudoku/markdown/overview.md +275 -0
  349. package/docs/dev-portal/zudoku/plugins.md +5 -0
  350. package/docs/dev-portal/zudoku/writing.mdx +72 -0
  351. package/docs/errors/bad-request.mdx +39 -0
  352. package/docs/errors/build-error.mdx +45 -0
  353. package/docs/errors/fatal-project-error.mdx +39 -0
  354. package/docs/errors/gateway-timeout.mdx +33 -0
  355. package/docs/errors/get-head-body-error.mdx +41 -0
  356. package/docs/errors/main-mod-error.mdx +40 -0
  357. package/docs/errors/no-project-set.mdx +41 -0
  358. package/docs/errors/not-found.mdx +43 -0
  359. package/docs/errors/rate-limit-exceeded.mdx +31 -0
  360. package/docs/errors/schema-validation-failed.mdx +51 -0
  361. package/docs/errors/system-configuration-error.mdx +44 -0
  362. package/docs/errors/unauthorized.mdx +50 -0
  363. package/docs/errors/unknown-error.mdx +42 -0
  364. package/docs/errors.mdx +14 -0
  365. package/docs/guides/canary-routing-for-employees.mdx +385 -0
  366. package/docs/guides/geolocation-backend-routing.mdx +404 -0
  367. package/docs/guides/modify-openapi-paths.mdx +371 -0
  368. package/docs/guides/openapi-overlays.mdx +492 -0
  369. package/docs/guides/overview.mdx +12 -0
  370. package/docs/guides/user-based-backend-routing.mdx +437 -0
  371. package/docs/handlers/aws-lambda.mdx +201 -0
  372. package/docs/handlers/custom-handler.mdx +112 -0
  373. package/docs/handlers/legacy-dev-portal-handler.mdx +135 -0
  374. package/docs/handlers/mcp-server.mdx +730 -0
  375. package/docs/handlers/openapi.mdx +78 -0
  376. package/docs/handlers/redirect.mdx +115 -0
  377. package/docs/handlers/system-handlers.mdx +41 -0
  378. package/docs/handlers/url-forward.mdx +204 -0
  379. package/docs/handlers/url-rewrite.mdx +224 -0
  380. package/docs/handlers/websocket-handler.mdx +154 -0
  381. package/docs/home.mdx +6 -0
  382. package/docs/managed-edge/overview.md +78 -0
  383. package/docs/mcp-server/configuration-migration-guide.mdx +344 -0
  384. package/docs/mcp-server/custom-tools.mdx +487 -0
  385. package/docs/mcp-server/graphql.mdx +241 -0
  386. package/docs/mcp-server/introduction.mdx +122 -0
  387. package/docs/mcp-server/openai-apps-sdk.mdx +160 -0
  388. package/docs/mcp-server/prompts.mdx +283 -0
  389. package/docs/mcp-server/resources.mdx +288 -0
  390. package/docs/mcp-server/testing.mdx +53 -0
  391. package/docs/mcp-server/tools.mdx +306 -0
  392. package/docs/policies/_index.md +92 -0
  393. package/docs/policies/ab-test-inbound/intro.md +8 -0
  394. package/docs/policies/ab-test-inbound/policy.ts +14 -0
  395. package/docs/policies/ab-test-inbound/schema.json +27 -0
  396. package/docs/policies/ab-test-outbound/intro.md +8 -0
  397. package/docs/policies/ab-test-outbound/policy.ts +26 -0
  398. package/docs/policies/ab-test-outbound/schema.json +27 -0
  399. package/docs/policies/acl-policy-inbound/intro.md +5 -0
  400. package/docs/policies/acl-policy-inbound/policy.ts +32 -0
  401. package/docs/policies/acl-policy-inbound/schema.json +52 -0
  402. package/docs/policies/akamai-ai-firewall/schema.json +98 -0
  403. package/docs/policies/amberflo-metering-inbound/doc.md +183 -0
  404. package/docs/policies/amberflo-metering-inbound/intro.md +20 -0
  405. package/docs/policies/amberflo-metering-inbound/schema.json +108 -0
  406. package/docs/policies/api-key-inbound/doc.md +77 -0
  407. package/docs/policies/api-key-inbound/intro.md +30 -0
  408. package/docs/policies/api-key-inbound/schema.json +84 -0
  409. package/docs/policies/archive-request-aws-s3-inbound/intro.md +4 -0
  410. package/docs/policies/archive-request-aws-s3-inbound/policy.ts +58 -0
  411. package/docs/policies/archive-request-aws-s3-inbound/schema.json +68 -0
  412. package/docs/policies/archive-request-azure-storage-inbound/doc.md +31 -0
  413. package/docs/policies/archive-request-azure-storage-inbound/intro.md +4 -0
  414. package/docs/policies/archive-request-azure-storage-inbound/policy.ts +54 -0
  415. package/docs/policies/archive-request-azure-storage-inbound/schema.json +53 -0
  416. package/docs/policies/archive-request-gcp-storage-inbound/doc.md +63 -0
  417. package/docs/policies/archive-request-gcp-storage-inbound/intro.md +4 -0
  418. package/docs/policies/archive-request-gcp-storage-inbound/policy.ts +68 -0
  419. package/docs/policies/archive-request-gcp-storage-inbound/schema.json +47 -0
  420. package/docs/policies/archive-response-aws-s3-outbound/intro.md +2 -0
  421. package/docs/policies/archive-response-aws-s3-outbound/policy.ts +59 -0
  422. package/docs/policies/archive-response-aws-s3-outbound/schema.json +68 -0
  423. package/docs/policies/archive-response-azure-storage-outbound/doc.md +31 -0
  424. package/docs/policies/archive-response-azure-storage-outbound/intro.md +3 -0
  425. package/docs/policies/archive-response-azure-storage-outbound/policy.ts +54 -0
  426. package/docs/policies/archive-response-azure-storage-outbound/schema.json +53 -0
  427. package/docs/policies/audit-log-inbound/doc.md +78 -0
  428. package/docs/policies/audit-log-inbound/intro.md +10 -0
  429. package/docs/policies/audit-log-inbound/schema.json +81 -0
  430. package/docs/policies/auth0-jwt-auth-inbound/doc.md +125 -0
  431. package/docs/policies/auth0-jwt-auth-inbound/intro.md +17 -0
  432. package/docs/policies/auth0-jwt-auth-inbound/schema.json +74 -0
  433. package/docs/policies/authzen-inbound/doc.md +24 -0
  434. package/docs/policies/authzen-inbound/intro.md +31 -0
  435. package/docs/policies/authzen-inbound/schema.json +126 -0
  436. package/docs/policies/axiomatics-authz-inbound/doc.md +144 -0
  437. package/docs/policies/axiomatics-authz-inbound/intro.md +11 -0
  438. package/docs/policies/axiomatics-authz-inbound/schema.json +161 -0
  439. package/docs/policies/basic-auth-inbound/intro.md +9 -0
  440. package/docs/policies/basic-auth-inbound/schema.json +99 -0
  441. package/docs/policies/bot-detection-inbound/intro.md +4 -0
  442. package/docs/policies/bot-detection-inbound/schema.json +56 -0
  443. package/docs/policies/brownout-inbound/doc.md +55 -0
  444. package/docs/policies/brownout-inbound/intro.md +12 -0
  445. package/docs/policies/brownout-inbound/schema.json +115 -0
  446. package/docs/policies/caching-inbound/doc.md +209 -0
  447. package/docs/policies/caching-inbound/intro.md +23 -0
  448. package/docs/policies/caching-inbound/schema.json +98 -0
  449. package/docs/policies/change-method-inbound/schema.json +56 -0
  450. package/docs/policies/clear-headers-inbound/schema.json +59 -0
  451. package/docs/policies/clear-headers-outbound/schema.json +59 -0
  452. package/docs/policies/clerk-jwt-auth-inbound/doc.md +85 -0
  453. package/docs/policies/clerk-jwt-auth-inbound/intro.md +4 -0
  454. package/docs/policies/clerk-jwt-auth-inbound/schema.json +68 -0
  455. package/docs/policies/cognito-jwt-auth-inbound/intro.md +7 -0
  456. package/docs/policies/cognito-jwt-auth-inbound/schema.json +74 -0
  457. package/docs/policies/comet-opik-tracing-inbound/schema.json +65 -0
  458. package/docs/policies/complex-rate-limit-inbound/doc.md +20 -0
  459. package/docs/policies/complex-rate-limit-inbound/intro.md +23 -0
  460. package/docs/policies/complex-rate-limit-inbound/schema.json +142 -0
  461. package/docs/policies/composite-inbound/doc.md +69 -0
  462. package/docs/policies/composite-inbound/intro.md +15 -0
  463. package/docs/policies/composite-inbound/schema.json +59 -0
  464. package/docs/policies/composite-outbound/intro.md +6 -0
  465. package/docs/policies/composite-outbound/schema.json +59 -0
  466. package/docs/policies/curity-phantom-token-inbound/doc.md +109 -0
  467. package/docs/policies/curity-phantom-token-inbound/intro.md +3 -0
  468. package/docs/policies/curity-phantom-token-inbound/schema.json +68 -0
  469. package/docs/policies/custom-code-inbound/doc.md +267 -0
  470. package/docs/policies/custom-code-inbound/intro.md +2 -0
  471. package/docs/policies/custom-code-inbound/schema.json +48 -0
  472. package/docs/policies/custom-code-outbound/doc.md +235 -0
  473. package/docs/policies/custom-code-outbound/intro.md +2 -0
  474. package/docs/policies/custom-code-outbound/schema.json +43 -0
  475. package/docs/policies/firebase-jwt-inbound/intro.md +6 -0
  476. package/docs/policies/firebase-jwt-inbound/schema.json +68 -0
  477. package/docs/policies/formdata-to-json-inbound/schema.json +60 -0
  478. package/docs/policies/galileo-tracing-inbound/schema.json +65 -0
  479. package/docs/policies/geo-filter-inbound/doc.md +33 -0
  480. package/docs/policies/geo-filter-inbound/schema.json +108 -0
  481. package/docs/policies/graphql-complexity-limit-inbound/doc.md +48 -0
  482. package/docs/policies/graphql-complexity-limit-inbound/intro.md +2 -0
  483. package/docs/policies/graphql-complexity-limit-inbound/schema.json +90 -0
  484. package/docs/policies/graphql-disable-introspection-inbound/doc.md +66 -0
  485. package/docs/policies/graphql-disable-introspection-inbound/intro.md +15 -0
  486. package/docs/policies/graphql-disable-introspection-inbound/schema.json +48 -0
  487. package/docs/policies/graphql-introspection-filter-outbound/doc.md +148 -0
  488. package/docs/policies/graphql-introspection-filter-outbound/schema.json +79 -0
  489. package/docs/policies/hmac-auth-inbound/doc.md +30 -0
  490. package/docs/policies/hmac-auth-inbound/intro.md +10 -0
  491. package/docs/policies/hmac-auth-inbound/policy.ts +70 -0
  492. package/docs/policies/hmac-auth-inbound/schema.json +53 -0
  493. package/docs/policies/http-deprecation-outbound/doc.md +73 -0
  494. package/docs/policies/http-deprecation-outbound/schema.json +83 -0
  495. package/docs/policies/ip-restriction-inbound/intro.md +8 -0
  496. package/docs/policies/ip-restriction-inbound/policy.ts +40 -0
  497. package/docs/policies/ip-restriction-inbound/schema.json +58 -0
  498. package/docs/policies/jwt-scopes-inbound/schema.json +59 -0
  499. package/docs/policies/ldap-auth-inbound/schema.json +56 -0
  500. package/docs/policies/mock-api-inbound/schema.json +72 -0
  501. package/docs/policies/moesif-inbound/doc.md +44 -0
  502. package/docs/policies/moesif-inbound/intro.md +6 -0
  503. package/docs/policies/moesif-inbound/schema.json +68 -0
  504. package/docs/policies/monetization-inbound/doc.md +87 -0
  505. package/docs/policies/monetization-inbound/intro.md +6 -0
  506. package/docs/policies/monetization-inbound/schema.json +102 -0
  507. package/docs/policies/mtls-auth-inbound/intro.md +6 -0
  508. package/docs/policies/mtls-auth-inbound/schema.json +68 -0
  509. package/docs/policies/okta-fga-authz-inbound/doc.md +181 -0
  510. package/docs/policies/okta-fga-authz-inbound/intro.md +20 -0
  511. package/docs/policies/okta-fga-authz-inbound/schema.json +104 -0
  512. package/docs/policies/okta-jwt-auth-inbound/intro.md +7 -0
  513. package/docs/policies/okta-jwt-auth-inbound/schema.json +74 -0
  514. package/docs/policies/open-id-jwt-auth-inbound/doc.md +58 -0
  515. package/docs/policies/open-id-jwt-auth-inbound/intro.md +30 -0
  516. package/docs/policies/open-id-jwt-auth-inbound/schema.json +128 -0
  517. package/docs/policies/openfga-authz-inbound/doc.md +207 -0
  518. package/docs/policies/openfga-authz-inbound/intro.md +17 -0
  519. package/docs/policies/openfga-authz-inbound/schema.json +191 -0
  520. package/docs/policies/openmeter-inbound/doc.md +163 -0
  521. package/docs/policies/openmeter-inbound/intro.md +18 -0
  522. package/docs/policies/openmeter-inbound/schema.json +183 -0
  523. package/docs/policies/prompt-injection-outbound/doc.md +106 -0
  524. package/docs/policies/prompt-injection-outbound/intro.md +4 -0
  525. package/docs/policies/prompt-injection-outbound/schema.json +74 -0
  526. package/docs/policies/propel-auth-jwt-inbound/doc.md +88 -0
  527. package/docs/policies/propel-auth-jwt-inbound/intro.md +4 -0
  528. package/docs/policies/propel-auth-jwt-inbound/schema.json +74 -0
  529. package/docs/policies/query-param-to-header-inbound/doc.md +70 -0
  530. package/docs/policies/query-param-to-header-inbound/intro.md +5 -0
  531. package/docs/policies/query-param-to-header-inbound/schema.json +74 -0
  532. package/docs/policies/quota-inbound/doc.md +235 -0
  533. package/docs/policies/quota-inbound/intro.md +7 -0
  534. package/docs/policies/quota-inbound/schema.json +133 -0
  535. package/docs/policies/rate-limit-inbound/doc.md +78 -0
  536. package/docs/policies/rate-limit-inbound/intro.md +30 -0
  537. package/docs/policies/rate-limit-inbound/schema.json +134 -0
  538. package/docs/policies/rbac-policy-inbound/intro.md +3 -0
  539. package/docs/policies/rbac-policy-inbound/policy.ts +42 -0
  540. package/docs/policies/rbac-policy-inbound/schema.json +52 -0
  541. package/docs/policies/readme-metrics-inbound/doc.md +1 -0
  542. package/docs/policies/readme-metrics-inbound/intro.md +3 -0
  543. package/docs/policies/readme-metrics-inbound/schema.json +84 -0
  544. package/docs/policies/remove-headers-inbound/schema.json +59 -0
  545. package/docs/policies/remove-headers-outbound/schema.json +59 -0
  546. package/docs/policies/remove-query-params-inbound/schema.json +59 -0
  547. package/docs/policies/replace-string-outbound/schema.json +69 -0
  548. package/docs/policies/request-size-limit-inbound/schema.json +60 -0
  549. package/docs/policies/request-validation-inbound/doc.md +72 -0
  550. package/docs/policies/request-validation-inbound/intro.md +24 -0
  551. package/docs/policies/request-validation-inbound/schema.json +98 -0
  552. package/docs/policies/require-origin-inbound/intro.md +12 -0
  553. package/docs/policies/require-origin-inbound/schema.json +65 -0
  554. package/docs/policies/secret-masking-outbound/doc.md +41 -0
  555. package/docs/policies/secret-masking-outbound/intro.md +13 -0
  556. package/docs/policies/secret-masking-outbound/schema.json +65 -0
  557. package/docs/policies/semantic-cache-inbound/doc.md +63 -0
  558. package/docs/policies/semantic-cache-inbound/intro.md +4 -0
  559. package/docs/policies/semantic-cache-inbound/schema.json +179 -0
  560. package/docs/policies/set-body-inbound/intro.md +7 -0
  561. package/docs/policies/set-body-inbound/schema.json +56 -0
  562. package/docs/policies/set-headers-inbound/doc.md +41 -0
  563. package/docs/policies/set-headers-inbound/intro.md +2 -0
  564. package/docs/policies/set-headers-inbound/schema.json +83 -0
  565. package/docs/policies/set-headers-outbound/schema.json +83 -0
  566. package/docs/policies/set-query-params-inbound/schema.json +83 -0
  567. package/docs/policies/set-status-outbound/schema.json +62 -0
  568. package/docs/policies/sleep-inbound/schema.json +56 -0
  569. package/docs/policies/stripe-webhook-verification-inbound/intro.md +2 -0
  570. package/docs/policies/stripe-webhook-verification-inbound/schema.json +60 -0
  571. package/docs/policies/supabase-jwt-auth-inbound/doc.md +29 -0
  572. package/docs/policies/supabase-jwt-auth-inbound/intro.md +12 -0
  573. package/docs/policies/supabase-jwt-auth-inbound/schema.json +86 -0
  574. package/docs/policies/transform-body-inbound/intro.md +8 -0
  575. package/docs/policies/transform-body-inbound/policy.ts +16 -0
  576. package/docs/policies/transform-body-inbound/schema.json +27 -0
  577. package/docs/policies/transform-body-outbound/intro.md +8 -0
  578. package/docs/policies/transform-body-outbound/policy.ts +19 -0
  579. package/docs/policies/transform-body-outbound/schema.json +27 -0
  580. package/docs/policies/upstream-azure-ad-service-auth-inbound/doc.md +82 -0
  581. package/docs/policies/upstream-azure-ad-service-auth-inbound/intro.md +20 -0
  582. package/docs/policies/upstream-azure-ad-service-auth-inbound/schema.json +84 -0
  583. package/docs/policies/upstream-firebase-admin-auth-inbound/intro.md +10 -0
  584. package/docs/policies/upstream-firebase-admin-auth-inbound/schema.json +68 -0
  585. package/docs/policies/upstream-firebase-user-auth-inbound/intro.md +2 -0
  586. package/docs/policies/upstream-firebase-user-auth-inbound/schema.json +113 -0
  587. package/docs/policies/upstream-gcp-federated-auth-inbound/doc.md +139 -0
  588. package/docs/policies/upstream-gcp-federated-auth-inbound/intro.md +21 -0
  589. package/docs/policies/upstream-gcp-federated-auth-inbound/schema.json +96 -0
  590. package/docs/policies/upstream-gcp-jwt-inbound/intro.md +10 -0
  591. package/docs/policies/upstream-gcp-jwt-inbound/schema.json +62 -0
  592. package/docs/policies/upstream-gcp-service-auth-inbound/doc.md +132 -0
  593. package/docs/policies/upstream-gcp-service-auth-inbound/intro.md +25 -0
  594. package/docs/policies/upstream-gcp-service-auth-inbound/schema.json +95 -0
  595. package/docs/policies/upstream-zuplo-jwt-auth-inbound/doc.md +213 -0
  596. package/docs/policies/upstream-zuplo-jwt-auth-inbound/intro.md +16 -0
  597. package/docs/policies/upstream-zuplo-jwt-auth-inbound/schema.json +101 -0
  598. package/docs/policies/validate-json-schema-inbound/doc.md +129 -0
  599. package/docs/policies/validate-json-schema-inbound/intro.md +7 -0
  600. package/docs/policies/validate-json-schema-inbound/schema.json +56 -0
  601. package/docs/policies/web-bot-auth-inbound/doc.md +104 -0
  602. package/docs/policies/web-bot-auth-inbound/intro.md +16 -0
  603. package/docs/policies/web-bot-auth-inbound/schema.json +76 -0
  604. package/docs/policies/xml-to-json-outbound/doc.md +71 -0
  605. package/docs/policies/xml-to-json-outbound/intro.md +4 -0
  606. package/docs/policies/xml-to-json-outbound/schema.json +117 -0
  607. package/docs/programmable-api/audit-log.mdx +74 -0
  608. package/docs/programmable-api/background-dispatcher.mdx +124 -0
  609. package/docs/programmable-api/background-loader.mdx +104 -0
  610. package/docs/programmable-api/cache.mdx +186 -0
  611. package/docs/programmable-api/compatibility-dates.mdx +201 -0
  612. package/docs/programmable-api/console-logging.mdx +48 -0
  613. package/docs/programmable-api/context-data.mdx +127 -0
  614. package/docs/programmable-api/custom-cors-policy.mdx +64 -0
  615. package/docs/programmable-api/environment.mdx +328 -0
  616. package/docs/programmable-api/hooks.mdx +569 -0
  617. package/docs/programmable-api/http-problems.mdx +385 -0
  618. package/docs/programmable-api/jwt-service-plugin.mdx +420 -0
  619. package/docs/programmable-api/logger.mdx +223 -0
  620. package/docs/programmable-api/memory-zone-read-through-cache.mdx +96 -0
  621. package/docs/programmable-api/node-modules.mdx +67 -0
  622. package/docs/programmable-api/not-found-handler.mdx +47 -0
  623. package/docs/programmable-api/oauth-protected-resource-plugin.mdx +46 -0
  624. package/docs/programmable-api/overview.mdx +213 -0
  625. package/docs/programmable-api/problem-response-formatter.mdx +183 -0
  626. package/docs/programmable-api/request-user.mdx +289 -0
  627. package/docs/programmable-api/reusing-code.mdx +26 -0
  628. package/docs/programmable-api/route-raw.mdx +55 -0
  629. package/docs/programmable-api/runtime-behaviors.mdx +25 -0
  630. package/docs/programmable-api/runtime-errors.mdx +246 -0
  631. package/docs/programmable-api/runtime-extensions.mdx +340 -0
  632. package/docs/programmable-api/safely-clone-a-request-or-response.mdx +57 -0
  633. package/docs/programmable-api/streaming-zone-cache.mdx +155 -0
  634. package/docs/programmable-api/web-crypto-apis.mdx +219 -0
  635. package/docs/programmable-api/web-standard-apis.mdx +109 -0
  636. package/docs/programmable-api/zone-cache.mdx +131 -0
  637. package/docs/programmable-api/zp-body-removed.mdx +32 -0
  638. package/docs/programmable-api/zuplo-context.mdx +414 -0
  639. package/docs/programmable-api/zuplo-id-token.mdx +90 -0
  640. package/docs/programmable-api/zuplo-json.mdx +91 -0
  641. package/docs/programmable-api/zuplo-request.mdx +200 -0
  642. package/docs/sample-apis.mdx +78 -0
  643. package/docs/self-hosted/overview.md +60 -0
  644. package/package.json +6 -5
@@ -0,0 +1,101 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft-07/schema",
3
+ "$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
4
+ "type": "object",
5
+ "title": "Upstream Zuplo JWT",
6
+ "isDeprecated": false,
7
+ "isPaidAddOn": false,
8
+ "isEnterprise": true,
9
+ "isInternal": false,
10
+ "isBeta": false,
11
+ "isHidden": false,
12
+ "products": ["api-gateway"],
13
+ "description": "Generates a Zuplo JWT token and attaches it to the outgoing request. This policy creates a self-signed JWT using the Zuplo JWT plugin and adds it to the specified header for upstream authentication.",
14
+ "deprecatedMessage": "",
15
+ "required": ["handler"],
16
+ "properties": {
17
+ "handler": {
18
+ "type": "object",
19
+ "default": {},
20
+ "required": ["export", "module", "options"],
21
+ "properties": {
22
+ "export": {
23
+ "const": "UpstreamZuploJwtAuthInboundPolicy",
24
+ "description": "The name of the exported type"
25
+ },
26
+ "module": {
27
+ "const": "$import(@zuplo/runtime)",
28
+ "description": "The module containing the policy"
29
+ },
30
+ "options": {
31
+ "title": "UpstreamZuploJwtAuthInboundPolicyOptions",
32
+ "type": "object",
33
+ "description": "The options for the Upstream Zuplo JWT Auth Inbound policy.",
34
+ "additionalProperties": false,
35
+ "required": [],
36
+ "properties": {
37
+ "audience": {
38
+ "type": "string",
39
+ "examples": ["https://api.example.com", "my-service"],
40
+ "description": "The audience claim for the JWT."
41
+ },
42
+ "headerName": {
43
+ "type": "string",
44
+ "default": "Authorization",
45
+ "examples": ["Authorization", "X-API-Token"],
46
+ "description": "The header name where the JWT will be attached. Defaults to 'Authorization'."
47
+ },
48
+ "tokenPrefix": {
49
+ "type": "string",
50
+ "default": "Bearer",
51
+ "examples": ["Bearer", "Token"],
52
+ "description": "The prefix to use before the JWT token. Defaults to 'Bearer'. Set to an empty string to send the token without a prefix."
53
+ },
54
+ "additionalClaims": {
55
+ "type": "object",
56
+ "examples": [
57
+ {
58
+ "role": "admin",
59
+ "custom": "value"
60
+ }
61
+ ],
62
+ "description": "Additional claims to include in the JWT. These will be merged with the default claims.",
63
+ "additionalProperties": true
64
+ },
65
+ "expiresIn": {
66
+ "oneOf": [
67
+ {
68
+ "type": "number",
69
+ "description": "Expiration time in seconds."
70
+ },
71
+ {
72
+ "type": "string",
73
+ "description": "Expiration time as a string."
74
+ }
75
+ ],
76
+ "default": 300,
77
+ "examples": [300, "5m", "1h", "7d"],
78
+ "description": "JWT expiration time. Can be a number (seconds) or a string with units (e.g., '5m' for 5 minutes, '1h' for 1 hour, '7d' for 7 days). Defaults to 300 seconds (5 minutes)."
79
+ }
80
+ }
81
+ }
82
+ },
83
+ "examples": [
84
+ {
85
+ "export": "UpstreamZuploJwtAuthInboundPolicy",
86
+ "module": "$import(@zuplo/runtime)",
87
+ "options": {
88
+ "additionalClaims": {
89
+ "role": "admin",
90
+ "custom": "value"
91
+ },
92
+ "audience": "https://api.example.com",
93
+ "expiresIn": 300,
94
+ "headerName": "Authorization",
95
+ "tokenPrefix": "Bearer"
96
+ }
97
+ }
98
+ ]
99
+ }
100
+ }
101
+ }
@@ -0,0 +1,129 @@
1
+ Here's a simple, example JSON Schema
2
+
3
+ ```json
4
+ {
5
+ "title": "Car",
6
+ "type": "object",
7
+ "properties": {
8
+ "make": {
9
+ "type": "string"
10
+ },
11
+ "model": {
12
+ "type": "string"
13
+ },
14
+ "maxSpeed": {
15
+ "description": "Max Speed in Mile Per Hour (MPH)",
16
+ "type": "integer",
17
+ "minimum": 0
18
+ },
19
+ "color": {
20
+ "enum": ["black", "brown", "blue", "red", "silver"],
21
+ "type": "string"
22
+ }
23
+ },
24
+ "additionalProperties": false,
25
+ "required": ["make", "model"]
26
+ }
27
+ ```
28
+
29
+ > Note - "title" is a required property of JSON schema
30
+
31
+ This defines a body that should be of type object with required string
32
+ properties `make` and `model`. It also defines two optional properties
33
+ `maxSpeed` and `color`. The former must be an integer greater than or equal to
34
+ zero and `color` can (in this silly example) can be one of "black", "brown",
35
+ "red", "silver" or "blue". No other properties can be on this object.
36
+
37
+ The schemas file should live in the `schemas` folder of your project - for the
38
+ purposes of this example let's imagine it is called `car.json`.
39
+
40
+ <ZupIt repoUrl="https://github.com/zuplo/samples-basic-auth" />
41
+
42
+ ## Configuration
43
+
44
+ Here is an example configuration (this would go in `policies.json`).
45
+
46
+ ```json
47
+ {
48
+ "name": "validate-car-policy",
49
+ "policyType": "validate-json-schema-inbound",
50
+ "handler": {
51
+ "export": "ValidateJsonSchemaInbound",
52
+ "module": "$import(@zuplo/runtime)",
53
+ "options": {
54
+ "validator": "$import(./schemas/car.json)"
55
+ }
56
+ }
57
+ }
58
+ ```
59
+
60
+ - `name` the name of your policy instance, this is used to refer to your policy
61
+ from your routes, see below.
62
+ - `policyType` the identifier of the policy. This is used by the Zuplo UI. Value
63
+ should be `validate-json-schema-inbound`.
64
+ - `handler/export` The name of the exported type. Value should be
65
+ `ValidateJsonSchemaInboundPolicy`.
66
+ - `handler/module` the module containing the policy. Value should be
67
+ `@zuplo/runtime`.
68
+ - `handler/options` The options for this policy:
69
+ - `validator` a
70
+ '$import' reference to the schema - e.g. `$import(./schemas/car.json)`
71
+
72
+ This policy is then referenced from each route where you want the policy to be
73
+ enforced, for example:
74
+
75
+ ```json
76
+ {
77
+ "path": "/products/:123",
78
+ "methods": ["POST"],
79
+ "handler": {
80
+ "module": "$import(./modules/products)",
81
+ "export": "postProducts"
82
+ },
83
+ "corsPolicy": "None",
84
+ "policies": {
85
+ "inbound": ["validate-car-policy"]
86
+ }
87
+ }
88
+ ```
89
+
90
+ You can test this in the API Test Console with the following (correct) body
91
+
92
+ ```json
93
+ {
94
+ "make": "Alfa Romeo",
95
+ "model": "156",
96
+ "maxSpeed": 134,
97
+ "color": "silver"
98
+ }
99
+ ```
100
+
101
+ ## Errors
102
+
103
+ ### Missing fields
104
+
105
+ If the request body is missing a required field, an error similar to the
106
+ following will be returned.
107
+
108
+ ```json
109
+ {
110
+ "code": "SCHEMA_VALIDATION_FAILED",
111
+ "help_url": "https://zup.fail/SCHEMA_VALIDATION_FAILED",
112
+ "message": "Incoming body did not pass schema validation",
113
+ "errors": ["Body must have required property 'price'"]
114
+ }
115
+ ```
116
+
117
+ ### Invalid Field Type
118
+
119
+ If the request body contains a field that is not of the correct type, an error
120
+ similar to the following will be returned.
121
+
122
+ ```json
123
+ {
124
+ "code": "SCHEMA_VALIDATION_FAILED",
125
+ "help_url": "https://zup.fail/SCHEMA_VALIDATION_FAILED",
126
+ "message": "Incoming body did not pass schema validation",
127
+ "errors": ["price must be number"]
128
+ }
129
+ ```
@@ -0,0 +1,7 @@
1
+ The Validate JSON Schema policy is used to validate the body of incoming
2
+ requests. It works using JSON Schemas defined in the `Schemas` folder of your
3
+ project.
4
+
5
+ When configured, any requests that do not have a body conforming to your JSON
6
+ schema will be rejected with a `400: Bad Request` response containing a detailed
7
+ error message (in JSON) explaining why the body was not accepted.
@@ -0,0 +1,56 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft-07/schema",
3
+ "$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
4
+ "type": "object",
5
+ "title": "JSON Body Validation",
6
+ "isDeprecated": true,
7
+ "isPaidAddOn": false,
8
+ "isEnterprise": false,
9
+ "isInternal": false,
10
+ "isBeta": false,
11
+ "isHidden": false,
12
+ "products": ["api-gateway"],
13
+ "description": "Validates the body of an incoming request based on a JSON schema.",
14
+ "deprecatedMessage": "Use the new [Request Validation Policy](https://zuplo.com/docs/policies/request-validation-inbound). The new policy validates JSON bodies like this policy, but also supports validation of parameters, query strings, etc.",
15
+ "required": ["handler"],
16
+ "properties": {
17
+ "handler": {
18
+ "type": "object",
19
+ "default": {},
20
+ "required": ["export", "module", "options"],
21
+ "properties": {
22
+ "export": {
23
+ "const": "ValidateJsonSchemaInbound",
24
+ "description": "The name of the exported type"
25
+ },
26
+ "module": {
27
+ "const": "$import(@zuplo/runtime)",
28
+ "description": "The module containing the policy"
29
+ },
30
+ "options": {
31
+ "title": "ValidateJsonSchemaInboundOptions",
32
+ "type": "object",
33
+ "description": "The options for this policy.",
34
+ "additionalProperties": false,
35
+ "required": ["validator"],
36
+ "properties": {
37
+ "validator": {
38
+ "type": "string",
39
+ "examples": ["$import(./schemas/example-schema.json)"],
40
+ "description": "The JSON schema to validate against."
41
+ }
42
+ }
43
+ }
44
+ },
45
+ "examples": [
46
+ {
47
+ "export": "ValidateJsonSchemaInbound",
48
+ "module": "$import(@zuplo/runtime)",
49
+ "options": {
50
+ "validator": "$import(./schemas/example-schema.json)"
51
+ }
52
+ }
53
+ ]
54
+ }
55
+ }
56
+ }
@@ -0,0 +1,104 @@
1
+ ## How It Works
2
+
3
+ The policy checks for HTTP Message Signatures in the request headers
4
+ (`Signature` and `Signature-Input`). These signatures are verified using the
5
+ `web-bot-auth` npm package.
6
+
7
+ When a bot makes a request to your API, the policy:
8
+
9
+ 1. Checks if the request has signature headers
10
+ 2. Verifies the signature using the `web-bot-auth` library
11
+ 3. Extracts the bot identity from the verified signature
12
+ 4. Checks if the bot is in the allowed list
13
+ 5. Either allows or blocks the request based on configuration
14
+
15
+ ## Configuration Options
16
+
17
+ | Option | Type | Required | Default | Description |
18
+ | ------------------------------ | -------- | -------- | ------- | ------------------------------------------------------------ |
19
+ | `allowedBots` | string[] | Yes | - | List of bot identifiers that are allowed to access the API |
20
+ | `blockUnknownBots` | boolean | Yes | true | Whether to block bots that aren't in the allowed list |
21
+ | `allowUnauthenticatedRequests` | boolean | No | false | Allow requests without bot signatures to proceed |
22
+ | `directoryUrl` | string | No | - | Optional URL to a directory of known bots (for verification) |
23
+
24
+ ## Example Configuration
25
+
26
+ ```json
27
+ {
28
+ "allowedBots": ["googlebot", "bingbot", "yandexbot"],
29
+ "blockUnknownBots": true,
30
+ "allowUnauthenticatedRequests": false,
31
+ "directoryUrl": "https://example.com/bot-directory.json"
32
+ }
33
+ ```
34
+
35
+ ## Bot Directory
36
+
37
+ If you specify a `directoryUrl`, the policy will fetch the directory of known
38
+ bots from that URL. The directory should be a JSON object mapping bot
39
+ identifiers to their public keys in JWK format.
40
+
41
+ Example directory:
42
+
43
+ ```json
44
+ {
45
+ "googlebot": {
46
+ "kty": "OKP",
47
+ "crv": "Ed25519",
48
+ "kid": "googlebot",
49
+ "x": "..."
50
+ },
51
+ "bingbot": {
52
+ "kty": "OKP",
53
+ "crv": "Ed25519",
54
+ "kid": "bingbot",
55
+ "x": "..."
56
+ }
57
+ }
58
+ ```
59
+
60
+ ## Request Context
61
+
62
+ When a bot is successfully authenticated, the policy adds the bot identity to
63
+ the request context. You can access this in subsequent policies or handlers
64
+ using the `getBotId` helper function:
65
+
66
+ ```typescript
67
+ import { getBotId } from "@zuplo/runtime";
68
+
69
+ // In your policy or handler
70
+ const botId = getBotId(context);
71
+ ```
72
+
73
+ ## Error Handling
74
+
75
+ If a bot fails authentication, the policy returns a 401 Unauthorized response
76
+ with an error message. If a request doesn't have signature headers and
77
+ `allowUnauthenticatedRequests` is false, the policy also returns a 401 response.
78
+
79
+ ## Cryptographic Verification
80
+
81
+ When a directory URL is provided, the policy performs cryptographic verification
82
+ of the bot signatures:
83
+
84
+ 1. It fetches the bot's public key from the directory
85
+ 2. Imports the key using the Web Crypto API
86
+ 3. Verifies the signature against the request data
87
+
88
+ This provides strong cryptographic assurance that the bot is who it claims to
89
+ be.
90
+
91
+ ## Implementation Details
92
+
93
+ The policy uses the `web-bot-auth` npm package to implement HTTP Message
94
+ Signatures verification. The implementation:
95
+
96
+ 1. Uses the `verify` function from the `web-bot-auth` package to handle
97
+ signature verification
98
+ 2. Validates that the bot is in the allowed list
99
+ 3. Optionally verifies the signature against a directory of known bots
100
+ 4. Adds the verified bot identity to the request context
101
+
102
+ This implementation leverages the standard web-bot-auth library for bot
103
+ authentication, ensuring compatibility and security across different bot
104
+ providers.
@@ -0,0 +1,16 @@
1
+ Authenticate bots using HTTP Message Signatures via the official web-bot-auth
2
+ npm package. This policy allows you to specify friendly bots and block others
3
+ based on configuration.
4
+
5
+ With this policy, you'll benefit from:
6
+
7
+ - **Enhanced API Security**: Protect your endpoints from unauthorized bot
8
+ traffic while allowing legitimate bots
9
+ - **Cryptographic Verification**: Leverage HTTP Message Signatures to ensure
10
+ bots are who they claim to be
11
+ - **Flexible Bot Management**: Easily configure which bots are allowed to access
12
+ your API
13
+ - **Detailed Request Context**: Access bot identity information in subsequent
14
+ policies or handlers
15
+ - **Seamless Integration**: Works with standard HTTP Message Signatures used by
16
+ major bot providers
@@ -0,0 +1,76 @@
1
+ {
2
+ "$schema": "https://json-schema.org/draft-07/schema",
3
+ "$id": "http://zuplo.com/schemas/policies/auth0-jwt-auth-inbound.json",
4
+ "type": "object",
5
+ "title": "Web Bot Auth",
6
+ "isDeprecated": false,
7
+ "isPaidAddOn": false,
8
+ "isEnterprise": false,
9
+ "isInternal": false,
10
+ "isBeta": false,
11
+ "isHidden": false,
12
+ "products": ["api-gateway"],
13
+ "description": "Authenticate bots using web-bot-auth HTTP Message Signatures.",
14
+ "deprecatedMessage": "",
15
+ "required": ["handler"],
16
+ "properties": {
17
+ "handler": {
18
+ "type": "object",
19
+ "default": {},
20
+ "required": ["export", "module", "options"],
21
+ "properties": {
22
+ "export": {
23
+ "const": "WebBotAuthInboundPolicy",
24
+ "description": "The name of the exported type"
25
+ },
26
+ "module": {
27
+ "const": "$import(@zuplo/runtime)",
28
+ "description": "The module containing the policy"
29
+ },
30
+ "options": {
31
+ "title": "Web Bot Auth Inbound Policy Options",
32
+ "description": "Options for the Web Bot Auth Inbound Policy.",
33
+ "type": "object",
34
+ "properties": {
35
+ "allowedBots": {
36
+ "type": "array",
37
+ "description": "List of bot identifiers that are allowed to access the API.",
38
+ "items": {
39
+ "type": "string"
40
+ }
41
+ },
42
+ "blockUnknownBots": {
43
+ "type": "boolean",
44
+ "description": "Whether to block bots that aren't in the allowed list.",
45
+ "default": true
46
+ },
47
+ "allowUnauthenticatedRequests": {
48
+ "type": "boolean",
49
+ "description": "Allow requests without bot signatures to proceed. This is useful if you want to use multiple authentication policies or if you want to allow both authenticated and non-authenticated traffic.",
50
+ "default": false
51
+ },
52
+ "directoryUrl": {
53
+ "type": "string",
54
+ "description": "Optional URL to a directory of known bots (for verification).",
55
+ "default": null
56
+ }
57
+ },
58
+ "required": ["allowedBots", "blockUnknownBots"],
59
+ "additionalProperties": false
60
+ }
61
+ },
62
+ "examples": [
63
+ {
64
+ "export": "WebBotAuthInboundPolicy",
65
+ "module": "$import(@zuplo/runtime)",
66
+ "options": {
67
+ "allowUnauthenticatedRequests": false,
68
+ "allowedBots": [],
69
+ "blockUnknownBots": true,
70
+ "directoryUrl": null
71
+ }
72
+ }
73
+ ]
74
+ }
75
+ }
76
+ }
@@ -0,0 +1,71 @@
1
+ This policy can help expose legacy XML or SOAP APIs using modern JSON REST APIs.
2
+ The policy is configurable in ways that make it easier to strip parts of the XML
3
+ document that you are unlikely to use, such as processing instructions,
4
+ namespaces, or directives. The default options for this policy will generally
5
+ give you a fairly clean output. However, it is likely that the output of the raw
6
+ conversion is still not in the best format.
7
+
8
+ The best way to clean up the output of your XML is first, run this policy, then
9
+ add a [custom code outbound policy](/docs/policies/custom-code-outbound) that
10
+ further reshapes the JSON data structure. An example policy that cleans up a
11
+ SOAP response is shown below.
12
+
13
+ ```xml title="SOAP Response"
14
+ <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
15
+ <soap:Body>
16
+ <m:ListOfCurrenciesByNameResponse xmlns:m="http://www.oorsprong.org/websamples.countryinfo">
17
+ <m:ListOfCurrenciesByNameResult>
18
+ <m:tCurrency>
19
+ <m:sISOCode>USD</m:sISOCode>
20
+ <m:sName>Dollar</m:sName>
21
+ </m:tCurrency>
22
+ <m:tCurrency>
23
+ <m:sISOCode>EUR</m:sISOCode>
24
+ <m:sName>Euro</m:sName>
25
+ </m:tCurrency>
26
+ </m:ListOfCurrenciesByNameResult>
27
+ </m:ListOfCurrenciesByNameResponse>
28
+ </soap:Body>
29
+ </soap:Envelope>
30
+ ```
31
+
32
+ The code in the policy below takes the output (`response.json()`) of the XML to
33
+ JSON Outbound policy and reshapes it to a simple JSON structure.
34
+
35
+ ```ts title="modules/clean-soap.ts"
36
+ import { ZuploContext, ZuploRequest } from "@zuplo/runtime";
37
+
38
+ export default async function cleanSoapBody(
39
+ response: Response,
40
+ request: ZuploRequest,
41
+ context: ZuploContext
42
+ ) {
43
+ const soap = await response.json();
44
+ const data: { isoCode: string; name: string }[] =
45
+ soap.Envelope.Body.ListOfCurrenciesByNameResponse.ListOfCurrenciesByNameResult.tCurrency.map(
46
+ (c) => ({
47
+ isoCode: c.sISOCode,
48
+ name: c.sName,
49
+ })
50
+ );
51
+
52
+ return new Response(JSON.stringify({ total: data.length, data }), {
53
+ headers: response.headers,
54
+ status: response.status,
55
+ statusText: response.statusText,
56
+ });
57
+ }
58
+ ``;
59
+ ```
60
+
61
+ The JSON response of your API would then be a easily consumable JSON object.
62
+
63
+ ```json title="JSON Response"
64
+ {
65
+ "total": 2,
66
+ "data": [
67
+ { "isoCode": "USD", "name": "Dollar" },
68
+ { "isoCode": "EUR", "name": "Euro" }
69
+ ]
70
+ }
71
+ ```
@@ -0,0 +1,4 @@
1
+ This policy is useful for converting legacy XML or SOAP APIs into modern REST
2
+ APIs. It can be useful to add a custom outbound policy that runs after this
3
+ policy to further transform the raw converted content into something more user
4
+ friendly.