zuplo 6.67.32 → 6.68.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (644) hide show
  1. package/README.md +9 -0
  2. package/docs/_index.md +44 -0
  3. package/docs/ai-gateway/apps.mdx +28 -0
  4. package/docs/ai-gateway/custom-providers.mdx +54 -0
  5. package/docs/ai-gateway/getting-started.mdx +224 -0
  6. package/docs/ai-gateway/guardrails.mdx +65 -0
  7. package/docs/ai-gateway/integrations/ai-sdk.mdx +109 -0
  8. package/docs/ai-gateway/integrations/claude-code.mdx +49 -0
  9. package/docs/ai-gateway/integrations/codex.mdx +78 -0
  10. package/docs/ai-gateway/integrations/goose.mdx +104 -0
  11. package/docs/ai-gateway/integrations/langchain.mdx +66 -0
  12. package/docs/ai-gateway/integrations/openai.mdx +99 -0
  13. package/docs/ai-gateway/introduction.mdx +85 -0
  14. package/docs/ai-gateway/managing-apps.mdx +46 -0
  15. package/docs/ai-gateway/managing-providers.mdx +66 -0
  16. package/docs/ai-gateway/managing-teams.mdx +63 -0
  17. package/docs/ai-gateway/policies/akamai-ai-firewall.mdx +125 -0
  18. package/docs/ai-gateway/policies/comet-opik-tracing.mdx +139 -0
  19. package/docs/ai-gateway/policies/galileo-tracing.mdx +147 -0
  20. package/docs/ai-gateway/providers.mdx +32 -0
  21. package/docs/ai-gateway/teams.mdx +38 -0
  22. package/docs/ai-gateway/universal-api.mdx +43 -0
  23. package/docs/ai-gateway/usage-limits.mdx +89 -0
  24. package/docs/api-management/introduction.md +127 -0
  25. package/docs/articles/accounts/audit-logs.mdx +227 -0
  26. package/docs/articles/accounts/billing.mdx +25 -0
  27. package/docs/articles/accounts/default-api-key.mdx +30 -0
  28. package/docs/articles/accounts/delete-account.mdx +36 -0
  29. package/docs/articles/accounts/enterprise-sso.mdx +116 -0
  30. package/docs/articles/accounts/managing-account-members.mdx +45 -0
  31. package/docs/articles/accounts/managing-project-members.mdx +37 -0
  32. package/docs/articles/accounts/members-and-roles.mdx +21 -0
  33. package/docs/articles/accounts/roles-and-permissions.mdx +115 -0
  34. package/docs/articles/accounts/zuplo-api-keys.mdx +94 -0
  35. package/docs/articles/add-api-to-backstage.mdx +216 -0
  36. package/docs/articles/advanced-path-matching.mdx +139 -0
  37. package/docs/articles/api-key-administration.mdx +47 -0
  38. package/docs/articles/api-key-api.mdx +220 -0
  39. package/docs/articles/api-key-authentication.mdx +195 -0
  40. package/docs/articles/api-key-buckets.mdx +61 -0
  41. package/docs/articles/api-key-end-users.mdx +52 -0
  42. package/docs/articles/api-key-leak-detection.mdx +75 -0
  43. package/docs/articles/api-key-management.mdx +100 -0
  44. package/docs/articles/api-key-react-component.mdx +90 -0
  45. package/docs/articles/api-key-service-limits.mdx +14 -0
  46. package/docs/articles/archiving-requests-to-storage.mdx +119 -0
  47. package/docs/articles/branch-based-deployments.mdx +184 -0
  48. package/docs/articles/bypass-policy-for-testing.mdx +117 -0
  49. package/docs/articles/check-ip-address.mdx +17 -0
  50. package/docs/articles/ci-cd-azure/basic-deployment.mdx +49 -0
  51. package/docs/articles/ci-cd-azure/deploy-and-test.mdx +47 -0
  52. package/docs/articles/ci-cd-azure/local-testing.mdx +59 -0
  53. package/docs/articles/ci-cd-azure/multi-stage-deployment.mdx +88 -0
  54. package/docs/articles/ci-cd-azure/pr-preview-environments.mdx +50 -0
  55. package/docs/articles/ci-cd-azure/tag-based-releases.mdx +37 -0
  56. package/docs/articles/ci-cd-bitbucket/basic-deployment.mdx +27 -0
  57. package/docs/articles/ci-cd-bitbucket/deploy-and-test.mdx +41 -0
  58. package/docs/articles/ci-cd-bitbucket/local-testing.mdx +34 -0
  59. package/docs/articles/ci-cd-bitbucket/multi-stage-deployment.mdx +52 -0
  60. package/docs/articles/ci-cd-bitbucket/pr-preview-environments.mdx +46 -0
  61. package/docs/articles/ci-cd-bitbucket/tag-based-releases.mdx +27 -0
  62. package/docs/articles/ci-cd-circleci/basic-deployment.mdx +34 -0
  63. package/docs/articles/ci-cd-circleci/deploy-and-test.mdx +44 -0
  64. package/docs/articles/ci-cd-circleci/local-testing.mdx +50 -0
  65. package/docs/articles/ci-cd-circleci/multi-stage-deployment.mdx +82 -0
  66. package/docs/articles/ci-cd-circleci/pr-preview-environments.mdx +47 -0
  67. package/docs/articles/ci-cd-circleci/tag-based-releases.mdx +38 -0
  68. package/docs/articles/ci-cd-github/basic-deployment.mdx +48 -0
  69. package/docs/articles/ci-cd-github/cleanup-on-branch-delete.mdx +123 -0
  70. package/docs/articles/ci-cd-github/deploy-and-test.mdx +82 -0
  71. package/docs/articles/ci-cd-github/local-testing.mdx +102 -0
  72. package/docs/articles/ci-cd-github/multi-stage-deployment.mdx +136 -0
  73. package/docs/articles/ci-cd-github/pr-preview-environments.mdx +106 -0
  74. package/docs/articles/ci-cd-github/tag-based-releases.mdx +99 -0
  75. package/docs/articles/ci-cd-gitlab/basic-deployment.mdx +28 -0
  76. package/docs/articles/ci-cd-gitlab/deploy-and-test.mdx +44 -0
  77. package/docs/articles/ci-cd-gitlab/local-testing.mdx +39 -0
  78. package/docs/articles/ci-cd-gitlab/mr-preview-environments.mdx +52 -0
  79. package/docs/articles/ci-cd-gitlab/multi-stage-deployment.mdx +64 -0
  80. package/docs/articles/ci-cd-gitlab/tag-based-releases.mdx +28 -0
  81. package/docs/articles/composite-policy-reference.mdx +284 -0
  82. package/docs/articles/configuring-auth0-for-mcp-auth.mdx +186 -0
  83. package/docs/articles/configuring-okta-for-mcp-auth.mdx +208 -0
  84. package/docs/articles/convert-urls-to-openapi.mdx +62 -0
  85. package/docs/articles/cors.mdx +447 -0
  86. package/docs/articles/custom-audit-log-policy.mdx +95 -0
  87. package/docs/articles/custom-ci-cd-azure.mdx +81 -0
  88. package/docs/articles/custom-ci-cd-bitbucket.mdx +80 -0
  89. package/docs/articles/custom-ci-cd-circleci.mdx +78 -0
  90. package/docs/articles/custom-ci-cd-github.mdx +99 -0
  91. package/docs/articles/custom-ci-cd-gitlab.mdx +79 -0
  92. package/docs/articles/custom-ci-cd.mdx +82 -0
  93. package/docs/articles/custom-code-patterns.md +418 -0
  94. package/docs/articles/custom-domains.mdx +258 -0
  95. package/docs/articles/custom-logging-example.mdx +139 -0
  96. package/docs/articles/ddos-protection.mdx +138 -0
  97. package/docs/articles/development-options.mdx +49 -0
  98. package/docs/articles/environment-variables.mdx +134 -0
  99. package/docs/articles/environments.mdx +143 -0
  100. package/docs/articles/fastly-zuplo-host-setup.mdx +41 -0
  101. package/docs/articles/github-deployment-testing.mdx +101 -0
  102. package/docs/articles/gke-with-upstream-auth-policy.mdx +192 -0
  103. package/docs/articles/graphql-security.mdx +180 -0
  104. package/docs/articles/handling-form-data.mdx +61 -0
  105. package/docs/articles/health-checks.mdx +109 -0
  106. package/docs/articles/hosting-options.mdx +70 -0
  107. package/docs/articles/lazy-load-configuration-into-cache.mdx +92 -0
  108. package/docs/articles/limits.mdx +98 -0
  109. package/docs/articles/local-development-debugging.mdx +44 -0
  110. package/docs/articles/local-development-env-variables.mdx +23 -0
  111. package/docs/articles/local-development-installing-packages.mdx +23 -0
  112. package/docs/articles/local-development-routes-designer.mdx +27 -0
  113. package/docs/articles/local-development-services.mdx +40 -0
  114. package/docs/articles/local-development-troubleshooting.mdx +56 -0
  115. package/docs/articles/local-development.mdx +81 -0
  116. package/docs/articles/log-plugin-aws-cloudwatch.mdx +83 -0
  117. package/docs/articles/log-plugin-datadog.mdx +84 -0
  118. package/docs/articles/log-plugin-dynatrace.mdx +75 -0
  119. package/docs/articles/log-plugin-gcp.mdx +75 -0
  120. package/docs/articles/log-plugin-loki.mdx +136 -0
  121. package/docs/articles/log-plugin-new-relic.mdx +84 -0
  122. package/docs/articles/log-plugin-splunk.mdx +104 -0
  123. package/docs/articles/log-plugin-sumo.mdx +73 -0
  124. package/docs/articles/log-plugin-vmware-log-insight.mdx +154 -0
  125. package/docs/articles/log-request-response-data.mdx +398 -0
  126. package/docs/articles/logging.mdx +115 -0
  127. package/docs/articles/manual-mcp-oauth-testing.mdx +193 -0
  128. package/docs/articles/mcp-quickstart.mdx +135 -0
  129. package/docs/articles/metrics-plugins.mdx +371 -0
  130. package/docs/articles/migrate-from-apigee.md +408 -0
  131. package/docs/articles/migrate-from-aws-api-gateway.md +248 -0
  132. package/docs/articles/migrate-from-azure-apim.md +292 -0
  133. package/docs/articles/migrate-from-kong.md +300 -0
  134. package/docs/articles/migration-overview.md +81 -0
  135. package/docs/articles/monetization/api-access.mdx +69 -0
  136. package/docs/articles/monetization/billing-models.md +520 -0
  137. package/docs/articles/monetization/developer-portal.md +167 -0
  138. package/docs/articles/monetization/features.mdx +98 -0
  139. package/docs/articles/monetization/index.mdx +113 -0
  140. package/docs/articles/monetization/meters.mdx +135 -0
  141. package/docs/articles/monetization/monetization-policy.md +314 -0
  142. package/docs/articles/monetization/plan-examples.mdx +366 -0
  143. package/docs/articles/monetization/plans.mdx +266 -0
  144. package/docs/articles/monetization/pricing-models.mdx +225 -0
  145. package/docs/articles/monetization/private-plans.md +154 -0
  146. package/docs/articles/monetization/quickstart.md +355 -0
  147. package/docs/articles/monetization/rate-cards.mdx +171 -0
  148. package/docs/articles/monetization/stripe-integration.md +195 -0
  149. package/docs/articles/monetization/subscription-lifecycle.md +298 -0
  150. package/docs/articles/monetization/tax-collection.md +166 -0
  151. package/docs/articles/monetization/troubleshooting.md +272 -0
  152. package/docs/articles/monetization-custom.mdx +71 -0
  153. package/docs/articles/monetization-integrations.mdx +104 -0
  154. package/docs/articles/monitoring-your-gateway.mdx +53 -0
  155. package/docs/articles/monorepo-deployment.mdx +350 -0
  156. package/docs/articles/multiple-auth-policies.mdx +81 -0
  157. package/docs/articles/non-standard-ports.mdx +30 -0
  158. package/docs/articles/oauth-authentication.mdx +54 -0
  159. package/docs/articles/openapi-server-urls.mdx +60 -0
  160. package/docs/articles/openapi.mdx +130 -0
  161. package/docs/articles/opentelemetry.mdx +250 -0
  162. package/docs/articles/per-user-rate-limits-using-db.mdx +112 -0
  163. package/docs/articles/performance-testing.mdx +304 -0
  164. package/docs/articles/plugin-akamai-api-security.mdx +76 -0
  165. package/docs/articles/plugin-azure-blob.mdx +73 -0
  166. package/docs/articles/plugin-azure-event-hubs.mdx +64 -0
  167. package/docs/articles/plugin-hydrolix-traffic-peak.mdx +147 -0
  168. package/docs/articles/policies.mdx +33 -0
  169. package/docs/articles/rename-or-move-project.mdx +39 -0
  170. package/docs/articles/rick-and-morty-api-developer-portal-example.mdx +23 -0
  171. package/docs/articles/routing.mdx +193 -0
  172. package/docs/articles/s3-signed-url-uploads.mdx +521 -0
  173. package/docs/articles/secure-tunnel.mdx +84 -0
  174. package/docs/articles/securing-backend-mtls.mdx +268 -0
  175. package/docs/articles/securing-your-backend.mdx +148 -0
  176. package/docs/articles/security.mdx +105 -0
  177. package/docs/articles/sharing-code-across-projects.mdx +412 -0
  178. package/docs/articles/source-control-setup-azure.mdx +13 -0
  179. package/docs/articles/source-control-setup-bitbucket.mdx +43 -0
  180. package/docs/articles/source-control-setup-github.mdx +172 -0
  181. package/docs/articles/source-control-setup-gitlab.mdx +12 -0
  182. package/docs/articles/source-control.mdx +80 -0
  183. package/docs/articles/step-1-setup-basic-gateway-local.mdx +136 -0
  184. package/docs/articles/step-1-setup-basic-gateway.mdx +118 -0
  185. package/docs/articles/step-2-add-rate-limiting-local.mdx +126 -0
  186. package/docs/articles/step-2-add-rate-limiting.mdx +82 -0
  187. package/docs/articles/step-3-add-api-key-auth-local.mdx +199 -0
  188. package/docs/articles/step-3-add-api-key-auth.mdx +166 -0
  189. package/docs/articles/step-4-deploying-to-the-edge.mdx +220 -0
  190. package/docs/articles/step-5-dynamic-rate-limiting.mdx +167 -0
  191. package/docs/articles/support.mdx +144 -0
  192. package/docs/articles/terraform.mdx +114 -0
  193. package/docs/articles/testing-graphql.mdx +34 -0
  194. package/docs/articles/testing.mdx +522 -0
  195. package/docs/articles/troubleshooting-slow-responses.mdx +301 -0
  196. package/docs/articles/troubleshooting.md +302 -0
  197. package/docs/articles/tsconfig.mdx +105 -0
  198. package/docs/articles/tunnel-setup.mdx +195 -0
  199. package/docs/articles/tunnel-troubleshooting.mdx +50 -0
  200. package/docs/articles/update-zup-in-github-action.mdx +110 -0
  201. package/docs/articles/use-openapi-extension-data.mdx +79 -0
  202. package/docs/articles/users/multifactor-authentication.mdx +64 -0
  203. package/docs/articles/users/profile.mdx +13 -0
  204. package/docs/articles/versioning-on-zuplo.mdx +89 -0
  205. package/docs/articles/waf-ddos-akamai.md +133 -0
  206. package/docs/articles/waf-ddos-aws-waf-shield.mdx +85 -0
  207. package/docs/articles/waf-ddos-fastly.mdx +251 -0
  208. package/docs/articles/waf-ddos.mdx +140 -0
  209. package/docs/articles/zuplo-waf.mdx +156 -0
  210. package/docs/ask.mdx +3 -0
  211. package/docs/cli/authentication.mdx +56 -0
  212. package/docs/cli/connectivity.mdx +38 -0
  213. package/docs/cli/create-zuplo-api.mdx +80 -0
  214. package/docs/cli/delete.mdx +79 -0
  215. package/docs/cli/deploy.mdx +156 -0
  216. package/docs/cli/deploy.partial.mdx +46 -0
  217. package/docs/cli/dev.mdx +115 -0
  218. package/docs/cli/docs.mdx +66 -0
  219. package/docs/cli/editor.mdx +50 -0
  220. package/docs/cli/global-options.mdx +19 -0
  221. package/docs/cli/init.mdx +74 -0
  222. package/docs/cli/link.mdx +74 -0
  223. package/docs/cli/list.mdx +55 -0
  224. package/docs/cli/mtls-certificate-create.mdx +94 -0
  225. package/docs/cli/mtls-certificate-delete.mdx +55 -0
  226. package/docs/cli/mtls-certificate-describe.mdx +55 -0
  227. package/docs/cli/mtls-certificate-disable.mdx +55 -0
  228. package/docs/cli/mtls-certificate-list.mdx +47 -0
  229. package/docs/cli/mtls-certificate-update.mdx +72 -0
  230. package/docs/cli/openapi-convert.mdx +111 -0
  231. package/docs/cli/openapi-merge.mdx +138 -0
  232. package/docs/cli/openapi-merge.partial.mdx +29 -0
  233. package/docs/cli/openapi-overlay.mdx +123 -0
  234. package/docs/cli/overview.mdx +78 -0
  235. package/docs/cli/project-create.mdx +43 -0
  236. package/docs/cli/source-migrate.mdx +18 -0
  237. package/docs/cli/source-upgrade.mdx +41 -0
  238. package/docs/cli/test.mdx +70 -0
  239. package/docs/cli/test.partial.mdx +7 -0
  240. package/docs/cli/tunnel-create.mdx +53 -0
  241. package/docs/cli/tunnel-create.partial.mdx +9 -0
  242. package/docs/cli/tunnel-delete.mdx +35 -0
  243. package/docs/cli/tunnel-delete.partial.mdx +9 -0
  244. package/docs/cli/tunnel-describe.mdx +45 -0
  245. package/docs/cli/tunnel-describe.partial.mdx +5 -0
  246. package/docs/cli/tunnel-list.mdx +35 -0
  247. package/docs/cli/tunnel-list.partial.mdx +9 -0
  248. package/docs/cli/tunnel-rate-token.partial.mdx +9 -0
  249. package/docs/cli/tunnel-rotate-token.mdx +39 -0
  250. package/docs/cli/tunnel-services-describe.mdx +45 -0
  251. package/docs/cli/tunnel-services-describe.partial.mdx +9 -0
  252. package/docs/cli/tunnel-services-update.mdx +48 -0
  253. package/docs/cli/variable-create.mdx +91 -0
  254. package/docs/cli/variable-create.partial.mdx +5 -0
  255. package/docs/cli/variable-update.mdx +75 -0
  256. package/docs/cli/variable-update.partial.mdx +5 -0
  257. package/docs/concepts/api-keys.md +146 -0
  258. package/docs/concepts/authentication.mdx +109 -0
  259. package/docs/concepts/how-zuplo-works.mdx +120 -0
  260. package/docs/concepts/project-structure.mdx +174 -0
  261. package/docs/concepts/rate-limiting.md +246 -0
  262. package/docs/concepts/request-lifecycle.mdx +56 -0
  263. package/docs/concepts/source-control-and-deployment.mdx +229 -0
  264. package/docs/conferences/conference-prize-terms.mdx +80 -0
  265. package/docs/dedicated/akamai/ai-powered-applications.mdx +223 -0
  266. package/docs/dedicated/akamai/architecture.mdx +280 -0
  267. package/docs/dedicated/akamai/caching.mdx +212 -0
  268. package/docs/dedicated/akamai/cdn.mdx +156 -0
  269. package/docs/dedicated/architecture.mdx +208 -0
  270. package/docs/dedicated/custom-domains.mdx +31 -0
  271. package/docs/dedicated/federated-gateways.mdx +80 -0
  272. package/docs/dedicated/networking.mdx +69 -0
  273. package/docs/dedicated/overview.mdx +80 -0
  274. package/docs/dedicated/source-control.mdx +63 -0
  275. package/docs/dev-portal/dev-portal-create-consumer-on-auth.mdx +134 -0
  276. package/docs/dev-portal/introduction.mdx +65 -0
  277. package/docs/dev-portal/local-development.mdx +72 -0
  278. package/docs/dev-portal/migration.mdx +526 -0
  279. package/docs/dev-portal/node-modules.mdx +45 -0
  280. package/docs/dev-portal/updating.mdx +28 -0
  281. package/docs/dev-portal/zudoku/components/alert.mdx +130 -0
  282. package/docs/dev-portal/zudoku/components/badge.mdx +70 -0
  283. package/docs/dev-portal/zudoku/components/button.mdx +132 -0
  284. package/docs/dev-portal/zudoku/components/callout.mdx +112 -0
  285. package/docs/dev-portal/zudoku/components/card.mdx +104 -0
  286. package/docs/dev-portal/zudoku/components/checkbox.mdx +72 -0
  287. package/docs/dev-portal/zudoku/components/client-only.mdx +79 -0
  288. package/docs/dev-portal/zudoku/components/code-tabs.mdx +179 -0
  289. package/docs/dev-portal/zudoku/components/dialog.mdx +167 -0
  290. package/docs/dev-portal/zudoku/components/head.mdx +199 -0
  291. package/docs/dev-portal/zudoku/components/icons.mdx +27 -0
  292. package/docs/dev-portal/zudoku/components/input.mdx +96 -0
  293. package/docs/dev-portal/zudoku/components/label.mdx +86 -0
  294. package/docs/dev-portal/zudoku/components/link.mdx +242 -0
  295. package/docs/dev-portal/zudoku/components/markdown.mdx +151 -0
  296. package/docs/dev-portal/zudoku/components/mermaid.mdx +81 -0
  297. package/docs/dev-portal/zudoku/components/playground.mdx +87 -0
  298. package/docs/dev-portal/zudoku/components/secret.mdx +78 -0
  299. package/docs/dev-portal/zudoku/components/select.mdx +176 -0
  300. package/docs/dev-portal/zudoku/components/shadcn.mdx +73 -0
  301. package/docs/dev-portal/zudoku/components/slider.mdx +108 -0
  302. package/docs/dev-portal/zudoku/components/slot.mdx +119 -0
  303. package/docs/dev-portal/zudoku/components/stepper.mdx +138 -0
  304. package/docs/dev-portal/zudoku/components/switch.mdx +96 -0
  305. package/docs/dev-portal/zudoku/components/syntax-highlight.mdx +602 -0
  306. package/docs/dev-portal/zudoku/components/textarea.mdx +78 -0
  307. package/docs/dev-portal/zudoku/components/tooltip.mdx +195 -0
  308. package/docs/dev-portal/zudoku/components/typography.mdx +61 -0
  309. package/docs/dev-portal/zudoku/configuration/ai-assistants.md +64 -0
  310. package/docs/dev-portal/zudoku/configuration/api-catalog.md +108 -0
  311. package/docs/dev-portal/zudoku/configuration/api-reference.md +397 -0
  312. package/docs/dev-portal/zudoku/configuration/authentication-auth0.md +173 -0
  313. package/docs/dev-portal/zudoku/configuration/authentication-azure-ad.md +238 -0
  314. package/docs/dev-portal/zudoku/configuration/authentication-clerk.md +110 -0
  315. package/docs/dev-portal/zudoku/configuration/authentication-firebase.md +61 -0
  316. package/docs/dev-portal/zudoku/configuration/authentication-pingfederate.md +136 -0
  317. package/docs/dev-portal/zudoku/configuration/authentication-supabase.md +225 -0
  318. package/docs/dev-portal/zudoku/configuration/authentication.md +199 -0
  319. package/docs/dev-portal/zudoku/configuration/build-configuration.mdx +147 -0
  320. package/docs/dev-portal/zudoku/configuration/docs.md +282 -0
  321. package/docs/dev-portal/zudoku/configuration/footer.mdx +214 -0
  322. package/docs/dev-portal/zudoku/configuration/llms.md +89 -0
  323. package/docs/dev-portal/zudoku/configuration/navigation.mdx +408 -0
  324. package/docs/dev-portal/zudoku/configuration/overview.md +380 -0
  325. package/docs/dev-portal/zudoku/configuration/protected-routes.md +149 -0
  326. package/docs/dev-portal/zudoku/configuration/search.md +169 -0
  327. package/docs/dev-portal/zudoku/configuration/sentry.mdx +44 -0
  328. package/docs/dev-portal/zudoku/configuration/site.md +124 -0
  329. package/docs/dev-portal/zudoku/configuration/slots.mdx +124 -0
  330. package/docs/dev-portal/zudoku/configuration/vite-config.md +18 -0
  331. package/docs/dev-portal/zudoku/custom-plugins.md +287 -0
  332. package/docs/dev-portal/zudoku/customization/colors-theme.mdx +275 -0
  333. package/docs/dev-portal/zudoku/customization/fonts.md +110 -0
  334. package/docs/dev-portal/zudoku/extending/events.md +124 -0
  335. package/docs/dev-portal/zudoku/guides/custom-pages.md +106 -0
  336. package/docs/dev-portal/zudoku/guides/environment-variables.md +99 -0
  337. package/docs/dev-portal/zudoku/guides/mermaid.mdx +70 -0
  338. package/docs/dev-portal/zudoku/guides/navigation-migration.md +87 -0
  339. package/docs/dev-portal/zudoku/guides/navigation-rules.mdx +197 -0
  340. package/docs/dev-portal/zudoku/guides/processors.mdx +234 -0
  341. package/docs/dev-portal/zudoku/guides/static-files.md +55 -0
  342. package/docs/dev-portal/zudoku/guides/transforming-examples.md +156 -0
  343. package/docs/dev-portal/zudoku/guides/using-multiple-apis.md +87 -0
  344. package/docs/dev-portal/zudoku/markdown/admonitions.md +128 -0
  345. package/docs/dev-portal/zudoku/markdown/code-blocks.md +196 -0
  346. package/docs/dev-portal/zudoku/markdown/frontmatter.md +172 -0
  347. package/docs/dev-portal/zudoku/markdown/mdx.md +68 -0
  348. package/docs/dev-portal/zudoku/markdown/overview.md +275 -0
  349. package/docs/dev-portal/zudoku/plugins.md +5 -0
  350. package/docs/dev-portal/zudoku/writing.mdx +72 -0
  351. package/docs/errors/bad-request.mdx +39 -0
  352. package/docs/errors/build-error.mdx +45 -0
  353. package/docs/errors/fatal-project-error.mdx +39 -0
  354. package/docs/errors/gateway-timeout.mdx +33 -0
  355. package/docs/errors/get-head-body-error.mdx +41 -0
  356. package/docs/errors/main-mod-error.mdx +40 -0
  357. package/docs/errors/no-project-set.mdx +41 -0
  358. package/docs/errors/not-found.mdx +43 -0
  359. package/docs/errors/rate-limit-exceeded.mdx +31 -0
  360. package/docs/errors/schema-validation-failed.mdx +51 -0
  361. package/docs/errors/system-configuration-error.mdx +44 -0
  362. package/docs/errors/unauthorized.mdx +50 -0
  363. package/docs/errors/unknown-error.mdx +42 -0
  364. package/docs/errors.mdx +14 -0
  365. package/docs/guides/canary-routing-for-employees.mdx +385 -0
  366. package/docs/guides/geolocation-backend-routing.mdx +404 -0
  367. package/docs/guides/modify-openapi-paths.mdx +371 -0
  368. package/docs/guides/openapi-overlays.mdx +492 -0
  369. package/docs/guides/overview.mdx +12 -0
  370. package/docs/guides/user-based-backend-routing.mdx +437 -0
  371. package/docs/handlers/aws-lambda.mdx +201 -0
  372. package/docs/handlers/custom-handler.mdx +112 -0
  373. package/docs/handlers/legacy-dev-portal-handler.mdx +135 -0
  374. package/docs/handlers/mcp-server.mdx +730 -0
  375. package/docs/handlers/openapi.mdx +78 -0
  376. package/docs/handlers/redirect.mdx +115 -0
  377. package/docs/handlers/system-handlers.mdx +41 -0
  378. package/docs/handlers/url-forward.mdx +204 -0
  379. package/docs/handlers/url-rewrite.mdx +224 -0
  380. package/docs/handlers/websocket-handler.mdx +154 -0
  381. package/docs/home.mdx +6 -0
  382. package/docs/managed-edge/overview.md +78 -0
  383. package/docs/mcp-server/configuration-migration-guide.mdx +344 -0
  384. package/docs/mcp-server/custom-tools.mdx +487 -0
  385. package/docs/mcp-server/graphql.mdx +241 -0
  386. package/docs/mcp-server/introduction.mdx +122 -0
  387. package/docs/mcp-server/openai-apps-sdk.mdx +160 -0
  388. package/docs/mcp-server/prompts.mdx +283 -0
  389. package/docs/mcp-server/resources.mdx +288 -0
  390. package/docs/mcp-server/testing.mdx +53 -0
  391. package/docs/mcp-server/tools.mdx +306 -0
  392. package/docs/policies/_index.md +92 -0
  393. package/docs/policies/ab-test-inbound/intro.md +8 -0
  394. package/docs/policies/ab-test-inbound/policy.ts +14 -0
  395. package/docs/policies/ab-test-inbound/schema.json +27 -0
  396. package/docs/policies/ab-test-outbound/intro.md +8 -0
  397. package/docs/policies/ab-test-outbound/policy.ts +26 -0
  398. package/docs/policies/ab-test-outbound/schema.json +27 -0
  399. package/docs/policies/acl-policy-inbound/intro.md +5 -0
  400. package/docs/policies/acl-policy-inbound/policy.ts +32 -0
  401. package/docs/policies/acl-policy-inbound/schema.json +52 -0
  402. package/docs/policies/akamai-ai-firewall/schema.json +98 -0
  403. package/docs/policies/amberflo-metering-inbound/doc.md +183 -0
  404. package/docs/policies/amberflo-metering-inbound/intro.md +20 -0
  405. package/docs/policies/amberflo-metering-inbound/schema.json +108 -0
  406. package/docs/policies/api-key-inbound/doc.md +77 -0
  407. package/docs/policies/api-key-inbound/intro.md +30 -0
  408. package/docs/policies/api-key-inbound/schema.json +84 -0
  409. package/docs/policies/archive-request-aws-s3-inbound/intro.md +4 -0
  410. package/docs/policies/archive-request-aws-s3-inbound/policy.ts +58 -0
  411. package/docs/policies/archive-request-aws-s3-inbound/schema.json +68 -0
  412. package/docs/policies/archive-request-azure-storage-inbound/doc.md +31 -0
  413. package/docs/policies/archive-request-azure-storage-inbound/intro.md +4 -0
  414. package/docs/policies/archive-request-azure-storage-inbound/policy.ts +54 -0
  415. package/docs/policies/archive-request-azure-storage-inbound/schema.json +53 -0
  416. package/docs/policies/archive-request-gcp-storage-inbound/doc.md +63 -0
  417. package/docs/policies/archive-request-gcp-storage-inbound/intro.md +4 -0
  418. package/docs/policies/archive-request-gcp-storage-inbound/policy.ts +68 -0
  419. package/docs/policies/archive-request-gcp-storage-inbound/schema.json +47 -0
  420. package/docs/policies/archive-response-aws-s3-outbound/intro.md +2 -0
  421. package/docs/policies/archive-response-aws-s3-outbound/policy.ts +59 -0
  422. package/docs/policies/archive-response-aws-s3-outbound/schema.json +68 -0
  423. package/docs/policies/archive-response-azure-storage-outbound/doc.md +31 -0
  424. package/docs/policies/archive-response-azure-storage-outbound/intro.md +3 -0
  425. package/docs/policies/archive-response-azure-storage-outbound/policy.ts +54 -0
  426. package/docs/policies/archive-response-azure-storage-outbound/schema.json +53 -0
  427. package/docs/policies/audit-log-inbound/doc.md +78 -0
  428. package/docs/policies/audit-log-inbound/intro.md +10 -0
  429. package/docs/policies/audit-log-inbound/schema.json +81 -0
  430. package/docs/policies/auth0-jwt-auth-inbound/doc.md +125 -0
  431. package/docs/policies/auth0-jwt-auth-inbound/intro.md +17 -0
  432. package/docs/policies/auth0-jwt-auth-inbound/schema.json +74 -0
  433. package/docs/policies/authzen-inbound/doc.md +24 -0
  434. package/docs/policies/authzen-inbound/intro.md +31 -0
  435. package/docs/policies/authzen-inbound/schema.json +126 -0
  436. package/docs/policies/axiomatics-authz-inbound/doc.md +144 -0
  437. package/docs/policies/axiomatics-authz-inbound/intro.md +11 -0
  438. package/docs/policies/axiomatics-authz-inbound/schema.json +161 -0
  439. package/docs/policies/basic-auth-inbound/intro.md +9 -0
  440. package/docs/policies/basic-auth-inbound/schema.json +99 -0
  441. package/docs/policies/bot-detection-inbound/intro.md +4 -0
  442. package/docs/policies/bot-detection-inbound/schema.json +56 -0
  443. package/docs/policies/brownout-inbound/doc.md +55 -0
  444. package/docs/policies/brownout-inbound/intro.md +12 -0
  445. package/docs/policies/brownout-inbound/schema.json +115 -0
  446. package/docs/policies/caching-inbound/doc.md +209 -0
  447. package/docs/policies/caching-inbound/intro.md +23 -0
  448. package/docs/policies/caching-inbound/schema.json +98 -0
  449. package/docs/policies/change-method-inbound/schema.json +56 -0
  450. package/docs/policies/clear-headers-inbound/schema.json +59 -0
  451. package/docs/policies/clear-headers-outbound/schema.json +59 -0
  452. package/docs/policies/clerk-jwt-auth-inbound/doc.md +85 -0
  453. package/docs/policies/clerk-jwt-auth-inbound/intro.md +4 -0
  454. package/docs/policies/clerk-jwt-auth-inbound/schema.json +68 -0
  455. package/docs/policies/cognito-jwt-auth-inbound/intro.md +7 -0
  456. package/docs/policies/cognito-jwt-auth-inbound/schema.json +74 -0
  457. package/docs/policies/comet-opik-tracing-inbound/schema.json +65 -0
  458. package/docs/policies/complex-rate-limit-inbound/doc.md +20 -0
  459. package/docs/policies/complex-rate-limit-inbound/intro.md +23 -0
  460. package/docs/policies/complex-rate-limit-inbound/schema.json +142 -0
  461. package/docs/policies/composite-inbound/doc.md +69 -0
  462. package/docs/policies/composite-inbound/intro.md +15 -0
  463. package/docs/policies/composite-inbound/schema.json +59 -0
  464. package/docs/policies/composite-outbound/intro.md +6 -0
  465. package/docs/policies/composite-outbound/schema.json +59 -0
  466. package/docs/policies/curity-phantom-token-inbound/doc.md +109 -0
  467. package/docs/policies/curity-phantom-token-inbound/intro.md +3 -0
  468. package/docs/policies/curity-phantom-token-inbound/schema.json +68 -0
  469. package/docs/policies/custom-code-inbound/doc.md +267 -0
  470. package/docs/policies/custom-code-inbound/intro.md +2 -0
  471. package/docs/policies/custom-code-inbound/schema.json +48 -0
  472. package/docs/policies/custom-code-outbound/doc.md +235 -0
  473. package/docs/policies/custom-code-outbound/intro.md +2 -0
  474. package/docs/policies/custom-code-outbound/schema.json +43 -0
  475. package/docs/policies/firebase-jwt-inbound/intro.md +6 -0
  476. package/docs/policies/firebase-jwt-inbound/schema.json +68 -0
  477. package/docs/policies/formdata-to-json-inbound/schema.json +60 -0
  478. package/docs/policies/galileo-tracing-inbound/schema.json +65 -0
  479. package/docs/policies/geo-filter-inbound/doc.md +33 -0
  480. package/docs/policies/geo-filter-inbound/schema.json +108 -0
  481. package/docs/policies/graphql-complexity-limit-inbound/doc.md +48 -0
  482. package/docs/policies/graphql-complexity-limit-inbound/intro.md +2 -0
  483. package/docs/policies/graphql-complexity-limit-inbound/schema.json +90 -0
  484. package/docs/policies/graphql-disable-introspection-inbound/doc.md +66 -0
  485. package/docs/policies/graphql-disable-introspection-inbound/intro.md +15 -0
  486. package/docs/policies/graphql-disable-introspection-inbound/schema.json +48 -0
  487. package/docs/policies/graphql-introspection-filter-outbound/doc.md +148 -0
  488. package/docs/policies/graphql-introspection-filter-outbound/schema.json +79 -0
  489. package/docs/policies/hmac-auth-inbound/doc.md +30 -0
  490. package/docs/policies/hmac-auth-inbound/intro.md +10 -0
  491. package/docs/policies/hmac-auth-inbound/policy.ts +70 -0
  492. package/docs/policies/hmac-auth-inbound/schema.json +53 -0
  493. package/docs/policies/http-deprecation-outbound/doc.md +73 -0
  494. package/docs/policies/http-deprecation-outbound/schema.json +83 -0
  495. package/docs/policies/ip-restriction-inbound/intro.md +8 -0
  496. package/docs/policies/ip-restriction-inbound/policy.ts +40 -0
  497. package/docs/policies/ip-restriction-inbound/schema.json +58 -0
  498. package/docs/policies/jwt-scopes-inbound/schema.json +59 -0
  499. package/docs/policies/ldap-auth-inbound/schema.json +56 -0
  500. package/docs/policies/mock-api-inbound/schema.json +72 -0
  501. package/docs/policies/moesif-inbound/doc.md +44 -0
  502. package/docs/policies/moesif-inbound/intro.md +6 -0
  503. package/docs/policies/moesif-inbound/schema.json +68 -0
  504. package/docs/policies/monetization-inbound/doc.md +87 -0
  505. package/docs/policies/monetization-inbound/intro.md +6 -0
  506. package/docs/policies/monetization-inbound/schema.json +102 -0
  507. package/docs/policies/mtls-auth-inbound/intro.md +6 -0
  508. package/docs/policies/mtls-auth-inbound/schema.json +68 -0
  509. package/docs/policies/okta-fga-authz-inbound/doc.md +181 -0
  510. package/docs/policies/okta-fga-authz-inbound/intro.md +20 -0
  511. package/docs/policies/okta-fga-authz-inbound/schema.json +104 -0
  512. package/docs/policies/okta-jwt-auth-inbound/intro.md +7 -0
  513. package/docs/policies/okta-jwt-auth-inbound/schema.json +74 -0
  514. package/docs/policies/open-id-jwt-auth-inbound/doc.md +58 -0
  515. package/docs/policies/open-id-jwt-auth-inbound/intro.md +30 -0
  516. package/docs/policies/open-id-jwt-auth-inbound/schema.json +128 -0
  517. package/docs/policies/openfga-authz-inbound/doc.md +207 -0
  518. package/docs/policies/openfga-authz-inbound/intro.md +17 -0
  519. package/docs/policies/openfga-authz-inbound/schema.json +191 -0
  520. package/docs/policies/openmeter-inbound/doc.md +163 -0
  521. package/docs/policies/openmeter-inbound/intro.md +18 -0
  522. package/docs/policies/openmeter-inbound/schema.json +183 -0
  523. package/docs/policies/prompt-injection-outbound/doc.md +106 -0
  524. package/docs/policies/prompt-injection-outbound/intro.md +4 -0
  525. package/docs/policies/prompt-injection-outbound/schema.json +74 -0
  526. package/docs/policies/propel-auth-jwt-inbound/doc.md +88 -0
  527. package/docs/policies/propel-auth-jwt-inbound/intro.md +4 -0
  528. package/docs/policies/propel-auth-jwt-inbound/schema.json +74 -0
  529. package/docs/policies/query-param-to-header-inbound/doc.md +70 -0
  530. package/docs/policies/query-param-to-header-inbound/intro.md +5 -0
  531. package/docs/policies/query-param-to-header-inbound/schema.json +74 -0
  532. package/docs/policies/quota-inbound/doc.md +235 -0
  533. package/docs/policies/quota-inbound/intro.md +7 -0
  534. package/docs/policies/quota-inbound/schema.json +133 -0
  535. package/docs/policies/rate-limit-inbound/doc.md +78 -0
  536. package/docs/policies/rate-limit-inbound/intro.md +30 -0
  537. package/docs/policies/rate-limit-inbound/schema.json +134 -0
  538. package/docs/policies/rbac-policy-inbound/intro.md +3 -0
  539. package/docs/policies/rbac-policy-inbound/policy.ts +42 -0
  540. package/docs/policies/rbac-policy-inbound/schema.json +52 -0
  541. package/docs/policies/readme-metrics-inbound/doc.md +1 -0
  542. package/docs/policies/readme-metrics-inbound/intro.md +3 -0
  543. package/docs/policies/readme-metrics-inbound/schema.json +84 -0
  544. package/docs/policies/remove-headers-inbound/schema.json +59 -0
  545. package/docs/policies/remove-headers-outbound/schema.json +59 -0
  546. package/docs/policies/remove-query-params-inbound/schema.json +59 -0
  547. package/docs/policies/replace-string-outbound/schema.json +69 -0
  548. package/docs/policies/request-size-limit-inbound/schema.json +60 -0
  549. package/docs/policies/request-validation-inbound/doc.md +72 -0
  550. package/docs/policies/request-validation-inbound/intro.md +24 -0
  551. package/docs/policies/request-validation-inbound/schema.json +98 -0
  552. package/docs/policies/require-origin-inbound/intro.md +12 -0
  553. package/docs/policies/require-origin-inbound/schema.json +65 -0
  554. package/docs/policies/secret-masking-outbound/doc.md +41 -0
  555. package/docs/policies/secret-masking-outbound/intro.md +13 -0
  556. package/docs/policies/secret-masking-outbound/schema.json +65 -0
  557. package/docs/policies/semantic-cache-inbound/doc.md +63 -0
  558. package/docs/policies/semantic-cache-inbound/intro.md +4 -0
  559. package/docs/policies/semantic-cache-inbound/schema.json +179 -0
  560. package/docs/policies/set-body-inbound/intro.md +7 -0
  561. package/docs/policies/set-body-inbound/schema.json +56 -0
  562. package/docs/policies/set-headers-inbound/doc.md +41 -0
  563. package/docs/policies/set-headers-inbound/intro.md +2 -0
  564. package/docs/policies/set-headers-inbound/schema.json +83 -0
  565. package/docs/policies/set-headers-outbound/schema.json +83 -0
  566. package/docs/policies/set-query-params-inbound/schema.json +83 -0
  567. package/docs/policies/set-status-outbound/schema.json +62 -0
  568. package/docs/policies/sleep-inbound/schema.json +56 -0
  569. package/docs/policies/stripe-webhook-verification-inbound/intro.md +2 -0
  570. package/docs/policies/stripe-webhook-verification-inbound/schema.json +60 -0
  571. package/docs/policies/supabase-jwt-auth-inbound/doc.md +29 -0
  572. package/docs/policies/supabase-jwt-auth-inbound/intro.md +12 -0
  573. package/docs/policies/supabase-jwt-auth-inbound/schema.json +86 -0
  574. package/docs/policies/transform-body-inbound/intro.md +8 -0
  575. package/docs/policies/transform-body-inbound/policy.ts +16 -0
  576. package/docs/policies/transform-body-inbound/schema.json +27 -0
  577. package/docs/policies/transform-body-outbound/intro.md +8 -0
  578. package/docs/policies/transform-body-outbound/policy.ts +19 -0
  579. package/docs/policies/transform-body-outbound/schema.json +27 -0
  580. package/docs/policies/upstream-azure-ad-service-auth-inbound/doc.md +82 -0
  581. package/docs/policies/upstream-azure-ad-service-auth-inbound/intro.md +20 -0
  582. package/docs/policies/upstream-azure-ad-service-auth-inbound/schema.json +84 -0
  583. package/docs/policies/upstream-firebase-admin-auth-inbound/intro.md +10 -0
  584. package/docs/policies/upstream-firebase-admin-auth-inbound/schema.json +68 -0
  585. package/docs/policies/upstream-firebase-user-auth-inbound/intro.md +2 -0
  586. package/docs/policies/upstream-firebase-user-auth-inbound/schema.json +113 -0
  587. package/docs/policies/upstream-gcp-federated-auth-inbound/doc.md +139 -0
  588. package/docs/policies/upstream-gcp-federated-auth-inbound/intro.md +21 -0
  589. package/docs/policies/upstream-gcp-federated-auth-inbound/schema.json +96 -0
  590. package/docs/policies/upstream-gcp-jwt-inbound/intro.md +10 -0
  591. package/docs/policies/upstream-gcp-jwt-inbound/schema.json +62 -0
  592. package/docs/policies/upstream-gcp-service-auth-inbound/doc.md +132 -0
  593. package/docs/policies/upstream-gcp-service-auth-inbound/intro.md +25 -0
  594. package/docs/policies/upstream-gcp-service-auth-inbound/schema.json +95 -0
  595. package/docs/policies/upstream-zuplo-jwt-auth-inbound/doc.md +213 -0
  596. package/docs/policies/upstream-zuplo-jwt-auth-inbound/intro.md +16 -0
  597. package/docs/policies/upstream-zuplo-jwt-auth-inbound/schema.json +101 -0
  598. package/docs/policies/validate-json-schema-inbound/doc.md +129 -0
  599. package/docs/policies/validate-json-schema-inbound/intro.md +7 -0
  600. package/docs/policies/validate-json-schema-inbound/schema.json +56 -0
  601. package/docs/policies/web-bot-auth-inbound/doc.md +104 -0
  602. package/docs/policies/web-bot-auth-inbound/intro.md +16 -0
  603. package/docs/policies/web-bot-auth-inbound/schema.json +76 -0
  604. package/docs/policies/xml-to-json-outbound/doc.md +71 -0
  605. package/docs/policies/xml-to-json-outbound/intro.md +4 -0
  606. package/docs/policies/xml-to-json-outbound/schema.json +117 -0
  607. package/docs/programmable-api/audit-log.mdx +74 -0
  608. package/docs/programmable-api/background-dispatcher.mdx +124 -0
  609. package/docs/programmable-api/background-loader.mdx +104 -0
  610. package/docs/programmable-api/cache.mdx +186 -0
  611. package/docs/programmable-api/compatibility-dates.mdx +201 -0
  612. package/docs/programmable-api/console-logging.mdx +48 -0
  613. package/docs/programmable-api/context-data.mdx +127 -0
  614. package/docs/programmable-api/custom-cors-policy.mdx +64 -0
  615. package/docs/programmable-api/environment.mdx +328 -0
  616. package/docs/programmable-api/hooks.mdx +569 -0
  617. package/docs/programmable-api/http-problems.mdx +385 -0
  618. package/docs/programmable-api/jwt-service-plugin.mdx +420 -0
  619. package/docs/programmable-api/logger.mdx +223 -0
  620. package/docs/programmable-api/memory-zone-read-through-cache.mdx +96 -0
  621. package/docs/programmable-api/node-modules.mdx +67 -0
  622. package/docs/programmable-api/not-found-handler.mdx +47 -0
  623. package/docs/programmable-api/oauth-protected-resource-plugin.mdx +46 -0
  624. package/docs/programmable-api/overview.mdx +213 -0
  625. package/docs/programmable-api/problem-response-formatter.mdx +183 -0
  626. package/docs/programmable-api/request-user.mdx +289 -0
  627. package/docs/programmable-api/reusing-code.mdx +26 -0
  628. package/docs/programmable-api/route-raw.mdx +55 -0
  629. package/docs/programmable-api/runtime-behaviors.mdx +25 -0
  630. package/docs/programmable-api/runtime-errors.mdx +246 -0
  631. package/docs/programmable-api/runtime-extensions.mdx +340 -0
  632. package/docs/programmable-api/safely-clone-a-request-or-response.mdx +57 -0
  633. package/docs/programmable-api/streaming-zone-cache.mdx +155 -0
  634. package/docs/programmable-api/web-crypto-apis.mdx +219 -0
  635. package/docs/programmable-api/web-standard-apis.mdx +109 -0
  636. package/docs/programmable-api/zone-cache.mdx +131 -0
  637. package/docs/programmable-api/zp-body-removed.mdx +32 -0
  638. package/docs/programmable-api/zuplo-context.mdx +414 -0
  639. package/docs/programmable-api/zuplo-id-token.mdx +90 -0
  640. package/docs/programmable-api/zuplo-json.mdx +91 -0
  641. package/docs/programmable-api/zuplo-request.mdx +200 -0
  642. package/docs/sample-apis.mdx +78 -0
  643. package/docs/self-hosted/overview.md +60 -0
  644. package/package.json +6 -5
@@ -0,0 +1,447 @@
1
+ ---
2
+ title: Configuring CORS
3
+ sidebar_label: CORS
4
+ ---
5
+
6
+ Cross-Origin Resource Sharing (CORS) controls which web applications on
7
+ different domains can access your API. Zuplo handles CORS at the gateway level,
8
+ automatically responding to preflight requests and adding the appropriate
9
+ headers to responses.
10
+
11
+ ## Built-in Policies
12
+
13
+ Every route has a `corsPolicy` property in its `x-zuplo-route` configuration.
14
+ Zuplo provides two built-in policies:
15
+
16
+ ### `none`
17
+
18
+ Disables CORS for the route. All CORS headers are stripped from responses, and
19
+ preflight `OPTIONS` requests return a `404` response. This is the default when
20
+ no `corsPolicy` is set.
21
+
22
+ ```json title="config/routes.oas.json"
23
+ "x-zuplo-route": {
24
+ "corsPolicy": "none",
25
+ "handler": {
26
+ "export": "urlForwardHandler",
27
+ "module": "$import(@zuplo/runtime)"
28
+ }
29
+ }
30
+ ```
31
+
32
+ ### `anything-goes`
33
+
34
+ Allows any origin, method, and header. This is useful for development or
35
+ internal APIs but is **not recommended for production**. It sets:
36
+
37
+ - `Access-Control-Allow-Origin`: The requesting origin (reflected back)
38
+ - `Access-Control-Allow-Methods`: The route's configured methods
39
+ - `Access-Control-Allow-Headers`: `*`
40
+ - `Access-Control-Expose-Headers`: `*`
41
+ - `Access-Control-Allow-Credentials`: `true`
42
+ - `Access-Control-Max-Age`: `600`
43
+
44
+ ```json title="config/routes.oas.json"
45
+ "x-zuplo-route": {
46
+ "corsPolicy": "anything-goes",
47
+ "handler": {
48
+ "export": "urlForwardHandler",
49
+ "module": "$import(@zuplo/runtime)"
50
+ }
51
+ }
52
+ ```
53
+
54
+ ## Custom CORS Policies
55
+
56
+ For production use, create custom CORS policies with fine-grained control over
57
+ which origins, methods, and headers are allowed.
58
+
59
+ Custom CORS policies are defined in the `policies.json` file alongside regular
60
+ policies, under the `corsPolicies` array:
61
+
62
+ ```json title="config/policies.json"
63
+ {
64
+ "policies": [],
65
+ "corsPolicies": [
66
+ {
67
+ "name": "my-cors-policy",
68
+ "allowedOrigins": [
69
+ "https://app.example.com",
70
+ "https://admin.example.com"
71
+ ],
72
+ "allowedMethods": ["GET", "POST", "PUT", "DELETE"],
73
+ "allowedHeaders": ["Authorization", "Content-Type"],
74
+ "exposeHeaders": ["X-Request-Id"],
75
+ "maxAge": 3600,
76
+ "allowCredentials": true
77
+ }
78
+ ]
79
+ }
80
+ ```
81
+
82
+ Then reference the policy by name on each route:
83
+
84
+ ```json title="config/routes.oas.json"
85
+ "x-zuplo-route": {
86
+ "corsPolicy": "my-cors-policy",
87
+ "handler": {
88
+ "export": "urlForwardHandler",
89
+ "module": "$import(@zuplo/runtime)"
90
+ }
91
+ }
92
+ ```
93
+
94
+ You can also select the CORS policy from the route designer dropdown in the
95
+ Zuplo Portal.
96
+
97
+ ### Policy Properties
98
+
99
+ | Property | Type | Required | Description |
100
+ | ------------------ | ---------------------- | -------- | -------------------------------------------------------------------------------------------------------------- |
101
+ | `name` | `string` | Yes | A unique name used to reference this policy on routes. |
102
+ | `allowedOrigins` | `string[]` or `string` | Yes | Origins permitted to make cross-origin requests. Supports wildcards (see [Origin Matching](#origin-matching)). |
103
+ | `allowedMethods` | `string[]` or `string` | No | HTTP methods allowed for cross-origin requests (e.g., `GET`, `POST`). |
104
+ | `allowedHeaders` | `string[]` or `string` | No | Request headers the client can send. Use `*` to allow any header. |
105
+ | `exposeHeaders` | `string[]` or `string` | No | Response headers the browser can access from JavaScript. |
106
+ | `maxAge` | `number` | No | Time in seconds the browser caches preflight results. |
107
+ | `allowCredentials` | `boolean` | No | Whether to include credentials (cookies, authorization headers) in cross-origin requests. |
108
+
109
+ All list properties (`allowedOrigins`, `allowedMethods`, `allowedHeaders`,
110
+ `exposeHeaders`) accept either a JSON array of strings or a single
111
+ comma-separated string:
112
+
113
+ ```json
114
+ // Array format
115
+ "allowedOrigins": ["https://app.example.com", "https://admin.example.com"]
116
+
117
+ // Comma-separated string format
118
+ "allowedOrigins": "https://app.example.com, https://admin.example.com"
119
+ ```
120
+
121
+ :::warning
122
+
123
+ Do not include a trailing `/` on origin values. For example,
124
+ `https://example.com` is valid but `https://example.com/` does not work.
125
+
126
+ :::
127
+
128
+ ## Origin Matching
129
+
130
+ The `allowedOrigins` property supports several matching patterns:
131
+
132
+ ### Exact Match
133
+
134
+ Specify the full origin including the protocol:
135
+
136
+ ```json
137
+ "allowedOrigins": ["https://app.example.com"]
138
+ ```
139
+
140
+ Origin matching is case-insensitive, so `https://APP.EXAMPLE.COM` matches
141
+ `https://app.example.com`.
142
+
143
+ ### Wildcard (`*`)
144
+
145
+ Allow any origin:
146
+
147
+ ```json
148
+ "allowedOrigins": ["*"]
149
+ ```
150
+
151
+ ### Subdomain Wildcards
152
+
153
+ Use `*.` to match a single subdomain level:
154
+
155
+ ```json
156
+ "allowedOrigins": ["https://*.example.com"]
157
+ ```
158
+
159
+ This matches `https://app.example.com` and `https://api.example.com`, but does
160
+ **not** match:
161
+
162
+ - `https://example.com` (no subdomain)
163
+ - `https://v2.api.example.com` (multi-level subdomain)
164
+
165
+ ### Wildcards with Ports
166
+
167
+ Subdomain wildcards work with ports:
168
+
169
+ ```json
170
+ "allowedOrigins": ["http://*.localhost:3000"]
171
+ ```
172
+
173
+ This matches `http://app.localhost:3000` but not `http://localhost:3000`.
174
+
175
+ ### Multiple Patterns
176
+
177
+ Combine exact origins and wildcard patterns:
178
+
179
+ ```json
180
+ "allowedOrigins": [
181
+ "https://*.example.com",
182
+ "https://specific.domain.com",
183
+ "http://localhost:3000"
184
+ ]
185
+ ```
186
+
187
+ ## Using Environment Variables
188
+
189
+ Use [environment variables](./environment-variables.mdx) to configure different
190
+ origins per environment:
191
+
192
+ ```json title="config/policies.json"
193
+ {
194
+ "corsPolicies": [
195
+ {
196
+ "name": "my-cors-policy",
197
+ "allowedOrigins": "$env(ALLOWED_ORIGINS)",
198
+ "allowedHeaders": "$env(ALLOWED_HEADERS)",
199
+ "allowedMethods": ["GET", "POST", "PUT"],
200
+ "maxAge": 600,
201
+ "allowCredentials": true
202
+ }
203
+ ]
204
+ }
205
+ ```
206
+
207
+ Set the environment variable as a comma-separated string:
208
+
209
+ ```
210
+ ALLOWED_ORIGINS=https://app.example.com, https://admin.example.com
211
+ ```
212
+
213
+ Environment variables work for `allowedOrigins`, `allowedMethods`,
214
+ `allowedHeaders`, and `exposeHeaders`.
215
+
216
+ ## How CORS Works in Zuplo
217
+
218
+ ### Preflight Requests
219
+
220
+ When a browser makes a cross-origin request that requires preflight, it sends an
221
+ `OPTIONS` request with `Origin` and `Access-Control-Request-Method` headers.
222
+ Zuplo handles these automatically:
223
+
224
+ 1. Zuplo matches the `OPTIONS` request path and the requested method to a
225
+ configured route.
226
+ 2. If the route has a CORS policy, Zuplo checks whether the request origin
227
+ matches the policy's `allowedOrigins`.
228
+ 3. If the origin matches, Zuplo responds with a `200 OK` and the appropriate
229
+ CORS headers.
230
+ 4. If the origin does not match or the route has no CORS policy, Zuplo responds
231
+ with a `404 Not Found`.
232
+
233
+ Preflight handling runs before any policies or handlers on the route.
234
+
235
+ ### Simple Requests
236
+
237
+ For simple cross-origin requests (e.g., `GET` with standard headers), there is
238
+ no preflight. Zuplo adds CORS headers to the response based on the route's
239
+ policy. If the origin does not match, no CORS headers are added and the browser
240
+ blocks the response.
241
+
242
+ ### Header Precedence
243
+
244
+ Zuplo strips any existing CORS headers from upstream responses before applying
245
+ the configured policy headers. This prevents conflicts and ensures the gateway
246
+ is the single source of truth for CORS configuration.
247
+
248
+ ## Troubleshooting
249
+
250
+ ### No CORS headers in response
251
+
252
+ - Verify the route has a `corsPolicy` set (not `none`).
253
+ - Check that the request includes an `Origin` header. Browsers add this
254
+ automatically for cross-origin requests, but tools like `curl` do not.
255
+ - Confirm the `Origin` value matches one of the `allowedOrigins` patterns
256
+ exactly (including the protocol like `https://`).
257
+
258
+ ### Preflight returns 404
259
+
260
+ - Ensure the `corsPolicy` on the matching route is not set to `none`.
261
+ - Verify the `Access-Control-Request-Method` header in the preflight request
262
+ matches a method configured on the route.
263
+ - Check that the request path matches an existing route.
264
+
265
+ ### Preflight returns 400
266
+
267
+ - The preflight request must include both the `Origin` and
268
+ `Access-Control-Request-Method` headers. A `400` response means one or both
269
+ are missing.
270
+
271
+ ### Wildcard subdomain not matching
272
+
273
+ - The `*.` pattern only matches a **single** subdomain level.
274
+ `https://*.example.com` does not match `https://v2.api.example.com`.
275
+ - The `*.` pattern does not match the base domain. `https://*.example.com` does
276
+ not match `https://example.com`. Add the base domain separately if needed.
277
+
278
+ ### Credentials not working
279
+
280
+ - Set `allowCredentials` to `true` in the CORS policy.
281
+ - When using credentials, `allowedOrigins` cannot rely on a literal `*` being
282
+ sent as the `Access-Control-Allow-Origin` header value. Zuplo reflects the
283
+ actual requesting origin instead, which is compatible with credentials.
284
+
285
+ ### Backend CORS headers conflicting with Zuplo
286
+
287
+ If your backend service sends its own `Access-Control-*` headers, they can
288
+ conflict with the headers Zuplo sets from the CORS policy. Zuplo strips existing
289
+ CORS headers from upstream responses before applying the configured policy, but
290
+ if you have custom outbound policies that interact with the response, backend
291
+ CORS headers may leak through.
292
+
293
+ To prevent conflicts, use the
294
+ [Remove Response Headers](../policies/remove-headers-outbound.mdx) outbound
295
+ policy to explicitly strip CORS headers from your backend response:
296
+
297
+ ```json title="config/policies.json"
298
+ {
299
+ "name": "strip-backend-cors-headers",
300
+ "policyType": "remove-headers-outbound",
301
+ "handler": {
302
+ "export": "RemoveHeadersOutboundPolicy",
303
+ "module": "$import(@zuplo/runtime)",
304
+ "options": {
305
+ "headers": [
306
+ "access-control-allow-origin",
307
+ "access-control-allow-methods",
308
+ "access-control-allow-headers",
309
+ "access-control-expose-headers",
310
+ "access-control-allow-credentials",
311
+ "access-control-max-age"
312
+ ]
313
+ }
314
+ }
315
+ }
316
+ ```
317
+
318
+ Alternatively, disable CORS on your backend entirely and let Zuplo be the single
319
+ source of truth for CORS configuration.
320
+
321
+ ### Browser shows "CORS error" but the real issue is a 401 or 403
322
+
323
+ When an API request fails with a `401 Unauthorized` or `403 Forbidden` response,
324
+ the browser often reports it as a CORS error. This happens because the error
325
+ response may not include the required `Access-Control-Allow-Origin` header, so
326
+ the browser blocks access to the response entirely and surfaces a generic CORS
327
+ message.
328
+
329
+ This is especially common when an inbound policy (such as API key
330
+ authentication) rejects the request before the handler runs. The preflight
331
+ `OPTIONS` request succeeds because it runs before any policies, but the actual
332
+ `GET` or `POST` request gets rejected by the authentication policy.
333
+
334
+ To diagnose this:
335
+
336
+ 1. Check the request in the browser's Network tab. Look at the actual HTTP
337
+ status code -- if it is `401` or `403`, the problem is authentication, not
338
+ CORS.
339
+ 2. Test the same request with `curl` and include an `Origin` header to see the
340
+ full response:
341
+ ```bash
342
+ curl -v -H "Origin: https://app.example.com" \
343
+ -H "Authorization: Bearer YOUR_TOKEN" \
344
+ https://your-api.zuplo.dev/your-route
345
+ ```
346
+ 3. Fix the underlying authentication issue. Once the request returns a
347
+ successful response, the CORS headers are included and the browser error goes
348
+ away.
349
+
350
+ ### CORS headers lost in custom outbound policies
351
+
352
+ When a custom outbound policy creates a new `Response` object, CORS headers that
353
+ Zuplo added can be lost if the new response does not carry them forward. Zuplo
354
+ applies CORS headers after the handler runs but before outbound policies
355
+ execute, so any outbound policy that replaces the response must preserve the
356
+ existing headers.
357
+
358
+ Always pass the original response headers when constructing a new `Response`:
359
+
360
+ ```ts title="modules/my-outbound-policy.ts"
361
+ export default async function (
362
+ response: Response,
363
+ request: ZuploRequest,
364
+ context: ZuploContext,
365
+ ) {
366
+ const data = await response.json();
367
+
368
+ // Transform the data as needed
369
+ data.transformed = true;
370
+
371
+ // Preserve headers (including CORS headers) from the original response
372
+ return new Response(JSON.stringify(data), {
373
+ status: response.status,
374
+ headers: response.headers,
375
+ });
376
+ }
377
+ ```
378
+
379
+ If you need to modify headers, copy them into a new `Headers` object first:
380
+
381
+ ```ts
382
+ const headers = new Headers(response.headers);
383
+ headers.set("x-custom-header", "value");
384
+
385
+ return new Response(body, {
386
+ status: response.status,
387
+ headers,
388
+ });
389
+ ```
390
+
391
+ Avoid constructing a `Response` with no headers argument or with an empty
392
+ `Headers` object, as this drops all CORS headers and causes the browser to block
393
+ the response.
394
+
395
+ ### CORS on localhost during development
396
+
397
+ When developing locally, the browser enforces CORS even for `localhost`. Common
398
+ issues include:
399
+
400
+ - **Port mismatch**: `http://localhost:3000` and `http://localhost:5173` are
401
+ different origins. Add each port you use to `allowedOrigins`.
402
+ - **Protocol mismatch**: `http://localhost:3000` and `https://localhost:3000`
403
+ are different origins. Make sure the protocol matches.
404
+ - **Missing localhost**: If you use a custom CORS policy without `localhost` in
405
+ `allowedOrigins`, browser requests from your local development server are
406
+ blocked.
407
+
408
+ For development, either add your local origins to a custom CORS policy:
409
+
410
+ ```json
411
+ "allowedOrigins": [
412
+ "https://app.example.com",
413
+ "http://localhost:3000",
414
+ "http://localhost:5173"
415
+ ]
416
+ ```
417
+
418
+ Or use [environment variables](./environment-variables.mdx) to keep production
419
+ and development origins separate:
420
+
421
+ ```json title="config/policies.json"
422
+ {
423
+ "corsPolicies": [
424
+ {
425
+ "name": "my-cors-policy",
426
+ "allowedOrigins": "$env(ALLOWED_ORIGINS)"
427
+ }
428
+ ]
429
+ }
430
+ ```
431
+
432
+ Then set different values per environment:
433
+
434
+ - **Production**: `ALLOWED_ORIGINS=https://app.example.com`
435
+ - **Development**:
436
+ `ALLOWED_ORIGINS=https://app.example.com, http://localhost:3000`
437
+
438
+ :::tip
439
+
440
+ Use the `anything-goes` built-in policy for quick local testing when you do not
441
+ need to validate CORS behavior. Switch to a custom policy before deploying to
442
+ production.
443
+
444
+ :::
445
+
446
+ For more details on CORS, see the MDN documentation:
447
+ [Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS).
@@ -0,0 +1,95 @@
1
+ ---
2
+ title: Custom Audit Logging Policy
3
+ sidebar_label: Audit Logging
4
+ ---
5
+
6
+ This guide explains how to add custom audit logging beyond the scope of the
7
+ `AuditLogsInboundPolicy`.
8
+
9
+ Audit logging is an important part of API security that plays a critical role in
10
+ detecting and correcting issues such as unauthorized access or permission
11
+ elevations within your system. Audit logging is also a requirement for many
12
+ compliance certifications as well as part of the buying criteria for larger
13
+ enterprises.
14
+
15
+ Adding Audit Logging to your APIs that are secured with Zuplo is as easy as
16
+ adding a custom policy. Typically you want to add audit logs to any API that
17
+ modifies data, however depending on the API you may want it on read operations
18
+ as well (for example retrieve a secret key, etc.)
19
+
20
+ ## Example Policy: WorkOS Audit Logs
21
+
22
+ [WorkOS](https://workos.com/) provides various services that help enable
23
+ enterprise features on your service such as SSO and Audit Logs. With Zuplo it's
24
+ easy to create a [custom policy](../policies/custom-code-inbound.mdx) that uses
25
+ [runtime hooks](../programmable-api/runtime-extensions.mdx) to log API calls
26
+ using their API.
27
+
28
+ ```ts
29
+ import { ZuploContext, ZuploRequest, environment } from "@zuplo/runtime";
30
+
31
+ export async function auditLogPlugin(
32
+ request: ZuploRequest,
33
+ context: ZuploContext,
34
+ policyName: string,
35
+ ) {
36
+ // Clone the request so the body can be read in the hook
37
+ // note: remove this is you don't need content from the body
38
+ const cloned = request.clone();
39
+ context.addResponseSendingFinalHook(async (response) => {
40
+ const incomingBody = await cloned.json();
41
+ // This is an example event. Extract any additional data needed from the
42
+ // request.
43
+ const body = {
44
+ organization_id: "org_01EHWNCE74X7JSDV0X3SZ3KJNY",
45
+ event: {
46
+ action: "user.signed_in",
47
+ occurred_at: "2022-09-02T16:35:39.317Z",
48
+ version: 1,
49
+ actor: {
50
+ type: "user",
51
+ // Add the use the user sub for authenticated users
52
+ id: request.user.sub,
53
+ metadata: {
54
+ role: "user",
55
+ },
56
+ },
57
+ targets: [
58
+ {
59
+ type: "user",
60
+ id: "user_98432YHF",
61
+ name: "Jon Smith",
62
+ },
63
+ {
64
+ type: "team",
65
+ id: "team_J8YASKA2",
66
+ metadata: {
67
+ owner: "user_01GBTCQ2",
68
+ },
69
+ },
70
+ ],
71
+ context: {
72
+ location: request.headers.get("True-Client-IP"),
73
+ user_agent: request.headers.get("User-Agent"),
74
+ },
75
+ metadata: {
76
+ extra: incomingBody.extra,
77
+ },
78
+ },
79
+ };
80
+ await fetch("https://api.workos.com/audit_logs/events", {
81
+ method: "POST",
82
+ body: JSON.stringify(body),
83
+ headers: {
84
+ Authorization: `Bearer ${environment.WORKOS_API_KEY}`,
85
+ "Content-Type": "application/json",
86
+ // Optional idempotency key.
87
+ // See: https://workos.com/docs/reference/idempotency
88
+ // "Idempotency-Key": "YOUR_KEY_HERE"
89
+ },
90
+ });
91
+ });
92
+
93
+ return request;
94
+ }
95
+ ```
@@ -0,0 +1,81 @@
1
+ ---
2
+ title: "Azure Pipelines"
3
+ sidebar_label: Azure Pipelines
4
+ ---
5
+
6
+ Azure Pipelines brings enterprise-grade CI/CD to your Zuplo API gateway. Build
7
+ complex deployment workflows with stages, approvals, and integrations across
8
+ your Azure ecosystem.
9
+
10
+ ## Why Azure Pipelines with Zuplo?
11
+
12
+ The Zuplo CLI integrates naturally with Azure Pipelines YAML workflows:
13
+
14
+ **Enterprise pipeline features** — Multi-stage pipelines, deployment jobs,
15
+ environment approvals, and service connections. Build the exact workflow your
16
+ organization requires.
17
+
18
+ **Azure ecosystem integration** — Deploy alongside your Azure Functions, App
19
+ Services, and Kubernetes workloads. Manage secrets through Azure Key Vault.
20
+ Track deployments in Azure DevOps.
21
+
22
+ **Variable groups and templates** — Share configuration across pipelines. Define
23
+ deployment templates once and reuse them across projects.
24
+
25
+ **Compliance and auditing** — Full audit trails, branch policies, and approval
26
+ gates satisfy enterprise compliance requirements.
27
+
28
+ ## How It Works
29
+
30
+ The Zuplo CLI handles deployment and testing. Azure Pipelines orchestrates your
31
+ workflow:
32
+
33
+ ```bash
34
+ # Deploy to Zuplo (environment name from branch or --environment flag)
35
+ npx zuplo deploy --api-key "$ZUPLO_API_KEY"
36
+
37
+ # Run tests against any Zuplo environment
38
+ npx zuplo test --endpoint https://your-env.zuplo.dev
39
+
40
+ # Clean up environments you no longer need
41
+ npx zuplo delete --environment pr-123 --api-key "$ZUPLO_API_KEY"
42
+
43
+ # Test locally before deploying
44
+ npx zuplo dev # starts local server on port 9000
45
+ ```
46
+
47
+ Use `tee` to capture deployment output for passing the URL to test stages. The
48
+ CLI outputs `Deployed to https://...` which you can parse with `grep` or `sed`.
49
+
50
+ ## Prerequisites
51
+
52
+ 1. **Disconnect Git integration** — If you're using Azure Pipelines for
53
+ deployments, disconnect the native Git integration to avoid duplicate
54
+ deployments. Go to **Settings** > **Source Control** and click
55
+ **Disconnect**.
56
+
57
+ 2. **Add your API key** — Store your Zuplo API key as a pipeline variable or in
58
+ a variable group. Go to **Pipelines** > **Library** to create a variable
59
+ group with `ZUPLO_API_KEY`.
60
+
61
+ ## Examples
62
+
63
+ Start with the workflow that matches your needs:
64
+
65
+ - **[Basic Deployment](./ci-cd-azure/basic-deployment.mdx)** — Deploy on every
66
+ push to main
67
+ - **[Deploy and Test](./ci-cd-azure/deploy-and-test.mdx)** — Run tests after
68
+ deployment
69
+ - **[PR Preview Environments](./ci-cd-azure/pr-preview-environments.mdx)** —
70
+ Isolated environments for every pull request
71
+ - **[Local Testing in CI](./ci-cd-azure/local-testing.mdx)** — Test with local
72
+ Zuplo server before deploying
73
+ - **[Tag-Based Releases](./ci-cd-azure/tag-based-releases.mdx)** — Deploy only
74
+ on tagged releases
75
+ - **[Multi-Stage Deployment](./ci-cd-azure/multi-stage-deployment.mdx)** —
76
+ Staging to production with approval gates
77
+
78
+ ## Complete Example Repository
79
+
80
+ See all these patterns working together in the
81
+ [Zuplo CLI Example Project](https://github.com/zuplo/zup-cli-example-project).
@@ -0,0 +1,80 @@
1
+ ---
2
+ title: "Bitbucket Pipelines"
3
+ sidebar_label: Bitbucket Pipelines
4
+ ---
5
+
6
+ Bitbucket Pipelines brings CI/CD directly into your Bitbucket workflow. Define
7
+ pipelines in `bitbucket-pipelines.yml` and deploy your Zuplo API gateway
8
+ alongside your code reviews and pull requests.
9
+
10
+ ## Why Bitbucket Pipelines with Zuplo?
11
+
12
+ The Zuplo CLI integrates naturally with Bitbucket's pipeline model:
13
+
14
+ **Integrated with Bitbucket** — Pipelines run automatically on pushes and pull
15
+ requests. See deployment status right in your PR. No external CI service to
16
+ manage.
17
+
18
+ **Branch and PR pipelines** — Define different pipelines for branches and pull
19
+ requests. Deploy preview environments for PRs, production from main.
20
+
21
+ **Deployment environments** — Track deployments with Bitbucket Deployments. See
22
+ history, compare environments, and manage releases.
23
+
24
+ **Atlassian ecosystem** — Connect with Jira for deployment tracking. Link
25
+ deployments to issues automatically.
26
+
27
+ ## How It Works
28
+
29
+ The Zuplo CLI handles deployment and testing. Bitbucket Pipelines orchestrates
30
+ your workflow:
31
+
32
+ ```bash
33
+ # Deploy to Zuplo (environment name from branch or --environment flag)
34
+ npx zuplo deploy --api-key "$ZUPLO_API_KEY"
35
+
36
+ # Run tests against any Zuplo environment
37
+ npx zuplo test --endpoint https://your-env.zuplo.dev
38
+
39
+ # Clean up environments you no longer need
40
+ npx zuplo delete --environment pr-123 --api-key "$ZUPLO_API_KEY"
41
+
42
+ # Test locally before deploying
43
+ npx zuplo dev # starts local server on port 9000
44
+ ```
45
+
46
+ Use artifacts to pass the deployment URL between steps. Write the URL to a file
47
+ and mark it as an artifact for subsequent steps.
48
+
49
+ ## Prerequisites
50
+
51
+ 1. **Disconnect Git integration** — If you're using Bitbucket Pipelines for
52
+ deployments, disconnect the native Git integration to avoid duplicate
53
+ deployments. Go to **Settings** > **Source Control** and click
54
+ **Disconnect**.
55
+
56
+ 2. **Add your API key** — Store your Zuplo API key as a repository variable. Go
57
+ to **Repository settings** > **Repository variables** and add
58
+ `ZUPLO_API_KEY`. Check **Secured** to hide it in logs.
59
+
60
+ ## Examples
61
+
62
+ Start with the workflow that matches your needs:
63
+
64
+ - **[Basic Deployment](./ci-cd-bitbucket/basic-deployment.mdx)** — Deploy on
65
+ every push to main
66
+ - **[Deploy and Test](./ci-cd-bitbucket/deploy-and-test.mdx)** — Run tests after
67
+ deployment
68
+ - **[PR Preview Environments](./ci-cd-bitbucket/pr-preview-environments.mdx)** —
69
+ Isolated environments for pull requests
70
+ - **[Local Testing in CI](./ci-cd-bitbucket/local-testing.mdx)** — Test with
71
+ local Zuplo server before deploying
72
+ - **[Tag-Based Releases](./ci-cd-bitbucket/tag-based-releases.mdx)** — Deploy
73
+ only on tagged releases
74
+ - **[Multi-Stage Deployment](./ci-cd-bitbucket/multi-stage-deployment.mdx)** —
75
+ Staging to production with manual triggers
76
+
77
+ ## Complete Example Repository
78
+
79
+ See all these patterns working together in the
80
+ [Zuplo CLI Example Project](https://github.com/zuplo/zup-cli-example-project).