zuplo 6.67.32 → 6.68.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +9 -0
- package/docs/_index.md +44 -0
- package/docs/ai-gateway/apps.mdx +28 -0
- package/docs/ai-gateway/custom-providers.mdx +54 -0
- package/docs/ai-gateway/getting-started.mdx +224 -0
- package/docs/ai-gateway/guardrails.mdx +65 -0
- package/docs/ai-gateway/integrations/ai-sdk.mdx +109 -0
- package/docs/ai-gateway/integrations/claude-code.mdx +49 -0
- package/docs/ai-gateway/integrations/codex.mdx +78 -0
- package/docs/ai-gateway/integrations/goose.mdx +104 -0
- package/docs/ai-gateway/integrations/langchain.mdx +66 -0
- package/docs/ai-gateway/integrations/openai.mdx +99 -0
- package/docs/ai-gateway/introduction.mdx +85 -0
- package/docs/ai-gateway/managing-apps.mdx +46 -0
- package/docs/ai-gateway/managing-providers.mdx +66 -0
- package/docs/ai-gateway/managing-teams.mdx +63 -0
- package/docs/ai-gateway/policies/akamai-ai-firewall.mdx +125 -0
- package/docs/ai-gateway/policies/comet-opik-tracing.mdx +139 -0
- package/docs/ai-gateway/policies/galileo-tracing.mdx +147 -0
- package/docs/ai-gateway/providers.mdx +32 -0
- package/docs/ai-gateway/teams.mdx +38 -0
- package/docs/ai-gateway/universal-api.mdx +43 -0
- package/docs/ai-gateway/usage-limits.mdx +89 -0
- package/docs/api-management/introduction.md +127 -0
- package/docs/articles/accounts/audit-logs.mdx +227 -0
- package/docs/articles/accounts/billing.mdx +25 -0
- package/docs/articles/accounts/default-api-key.mdx +30 -0
- package/docs/articles/accounts/delete-account.mdx +36 -0
- package/docs/articles/accounts/enterprise-sso.mdx +116 -0
- package/docs/articles/accounts/managing-account-members.mdx +45 -0
- package/docs/articles/accounts/managing-project-members.mdx +37 -0
- package/docs/articles/accounts/members-and-roles.mdx +21 -0
- package/docs/articles/accounts/roles-and-permissions.mdx +115 -0
- package/docs/articles/accounts/zuplo-api-keys.mdx +94 -0
- package/docs/articles/add-api-to-backstage.mdx +216 -0
- package/docs/articles/advanced-path-matching.mdx +139 -0
- package/docs/articles/api-key-administration.mdx +47 -0
- package/docs/articles/api-key-api.mdx +220 -0
- package/docs/articles/api-key-authentication.mdx +195 -0
- package/docs/articles/api-key-buckets.mdx +61 -0
- package/docs/articles/api-key-end-users.mdx +52 -0
- package/docs/articles/api-key-leak-detection.mdx +75 -0
- package/docs/articles/api-key-management.mdx +100 -0
- package/docs/articles/api-key-react-component.mdx +90 -0
- package/docs/articles/api-key-service-limits.mdx +14 -0
- package/docs/articles/archiving-requests-to-storage.mdx +119 -0
- package/docs/articles/branch-based-deployments.mdx +184 -0
- package/docs/articles/bypass-policy-for-testing.mdx +117 -0
- package/docs/articles/check-ip-address.mdx +17 -0
- package/docs/articles/ci-cd-azure/basic-deployment.mdx +49 -0
- package/docs/articles/ci-cd-azure/deploy-and-test.mdx +47 -0
- package/docs/articles/ci-cd-azure/local-testing.mdx +59 -0
- package/docs/articles/ci-cd-azure/multi-stage-deployment.mdx +88 -0
- package/docs/articles/ci-cd-azure/pr-preview-environments.mdx +50 -0
- package/docs/articles/ci-cd-azure/tag-based-releases.mdx +37 -0
- package/docs/articles/ci-cd-bitbucket/basic-deployment.mdx +27 -0
- package/docs/articles/ci-cd-bitbucket/deploy-and-test.mdx +41 -0
- package/docs/articles/ci-cd-bitbucket/local-testing.mdx +34 -0
- package/docs/articles/ci-cd-bitbucket/multi-stage-deployment.mdx +52 -0
- package/docs/articles/ci-cd-bitbucket/pr-preview-environments.mdx +46 -0
- package/docs/articles/ci-cd-bitbucket/tag-based-releases.mdx +27 -0
- package/docs/articles/ci-cd-circleci/basic-deployment.mdx +34 -0
- package/docs/articles/ci-cd-circleci/deploy-and-test.mdx +44 -0
- package/docs/articles/ci-cd-circleci/local-testing.mdx +50 -0
- package/docs/articles/ci-cd-circleci/multi-stage-deployment.mdx +82 -0
- package/docs/articles/ci-cd-circleci/pr-preview-environments.mdx +47 -0
- package/docs/articles/ci-cd-circleci/tag-based-releases.mdx +38 -0
- package/docs/articles/ci-cd-github/basic-deployment.mdx +48 -0
- package/docs/articles/ci-cd-github/cleanup-on-branch-delete.mdx +123 -0
- package/docs/articles/ci-cd-github/deploy-and-test.mdx +82 -0
- package/docs/articles/ci-cd-github/local-testing.mdx +102 -0
- package/docs/articles/ci-cd-github/multi-stage-deployment.mdx +136 -0
- package/docs/articles/ci-cd-github/pr-preview-environments.mdx +106 -0
- package/docs/articles/ci-cd-github/tag-based-releases.mdx +99 -0
- package/docs/articles/ci-cd-gitlab/basic-deployment.mdx +28 -0
- package/docs/articles/ci-cd-gitlab/deploy-and-test.mdx +44 -0
- package/docs/articles/ci-cd-gitlab/local-testing.mdx +39 -0
- package/docs/articles/ci-cd-gitlab/mr-preview-environments.mdx +52 -0
- package/docs/articles/ci-cd-gitlab/multi-stage-deployment.mdx +64 -0
- package/docs/articles/ci-cd-gitlab/tag-based-releases.mdx +28 -0
- package/docs/articles/composite-policy-reference.mdx +284 -0
- package/docs/articles/configuring-auth0-for-mcp-auth.mdx +186 -0
- package/docs/articles/configuring-okta-for-mcp-auth.mdx +208 -0
- package/docs/articles/convert-urls-to-openapi.mdx +62 -0
- package/docs/articles/cors.mdx +447 -0
- package/docs/articles/custom-audit-log-policy.mdx +95 -0
- package/docs/articles/custom-ci-cd-azure.mdx +81 -0
- package/docs/articles/custom-ci-cd-bitbucket.mdx +80 -0
- package/docs/articles/custom-ci-cd-circleci.mdx +78 -0
- package/docs/articles/custom-ci-cd-github.mdx +99 -0
- package/docs/articles/custom-ci-cd-gitlab.mdx +79 -0
- package/docs/articles/custom-ci-cd.mdx +82 -0
- package/docs/articles/custom-code-patterns.md +418 -0
- package/docs/articles/custom-domains.mdx +258 -0
- package/docs/articles/custom-logging-example.mdx +139 -0
- package/docs/articles/ddos-protection.mdx +138 -0
- package/docs/articles/development-options.mdx +49 -0
- package/docs/articles/environment-variables.mdx +134 -0
- package/docs/articles/environments.mdx +143 -0
- package/docs/articles/fastly-zuplo-host-setup.mdx +41 -0
- package/docs/articles/github-deployment-testing.mdx +101 -0
- package/docs/articles/gke-with-upstream-auth-policy.mdx +192 -0
- package/docs/articles/graphql-security.mdx +180 -0
- package/docs/articles/handling-form-data.mdx +61 -0
- package/docs/articles/health-checks.mdx +109 -0
- package/docs/articles/hosting-options.mdx +70 -0
- package/docs/articles/lazy-load-configuration-into-cache.mdx +92 -0
- package/docs/articles/limits.mdx +98 -0
- package/docs/articles/local-development-debugging.mdx +44 -0
- package/docs/articles/local-development-env-variables.mdx +23 -0
- package/docs/articles/local-development-installing-packages.mdx +23 -0
- package/docs/articles/local-development-routes-designer.mdx +27 -0
- package/docs/articles/local-development-services.mdx +40 -0
- package/docs/articles/local-development-troubleshooting.mdx +56 -0
- package/docs/articles/local-development.mdx +81 -0
- package/docs/articles/log-plugin-aws-cloudwatch.mdx +83 -0
- package/docs/articles/log-plugin-datadog.mdx +84 -0
- package/docs/articles/log-plugin-dynatrace.mdx +75 -0
- package/docs/articles/log-plugin-gcp.mdx +75 -0
- package/docs/articles/log-plugin-loki.mdx +136 -0
- package/docs/articles/log-plugin-new-relic.mdx +84 -0
- package/docs/articles/log-plugin-splunk.mdx +104 -0
- package/docs/articles/log-plugin-sumo.mdx +73 -0
- package/docs/articles/log-plugin-vmware-log-insight.mdx +154 -0
- package/docs/articles/log-request-response-data.mdx +398 -0
- package/docs/articles/logging.mdx +115 -0
- package/docs/articles/manual-mcp-oauth-testing.mdx +193 -0
- package/docs/articles/mcp-quickstart.mdx +135 -0
- package/docs/articles/metrics-plugins.mdx +371 -0
- package/docs/articles/migrate-from-apigee.md +408 -0
- package/docs/articles/migrate-from-aws-api-gateway.md +248 -0
- package/docs/articles/migrate-from-azure-apim.md +292 -0
- package/docs/articles/migrate-from-kong.md +300 -0
- package/docs/articles/migration-overview.md +81 -0
- package/docs/articles/monetization/api-access.mdx +69 -0
- package/docs/articles/monetization/billing-models.md +520 -0
- package/docs/articles/monetization/developer-portal.md +167 -0
- package/docs/articles/monetization/features.mdx +98 -0
- package/docs/articles/monetization/index.mdx +113 -0
- package/docs/articles/monetization/meters.mdx +135 -0
- package/docs/articles/monetization/monetization-policy.md +314 -0
- package/docs/articles/monetization/plan-examples.mdx +366 -0
- package/docs/articles/monetization/plans.mdx +266 -0
- package/docs/articles/monetization/pricing-models.mdx +225 -0
- package/docs/articles/monetization/private-plans.md +154 -0
- package/docs/articles/monetization/quickstart.md +355 -0
- package/docs/articles/monetization/rate-cards.mdx +171 -0
- package/docs/articles/monetization/stripe-integration.md +195 -0
- package/docs/articles/monetization/subscription-lifecycle.md +298 -0
- package/docs/articles/monetization/tax-collection.md +166 -0
- package/docs/articles/monetization/troubleshooting.md +272 -0
- package/docs/articles/monetization-custom.mdx +71 -0
- package/docs/articles/monetization-integrations.mdx +104 -0
- package/docs/articles/monitoring-your-gateway.mdx +53 -0
- package/docs/articles/monorepo-deployment.mdx +350 -0
- package/docs/articles/multiple-auth-policies.mdx +81 -0
- package/docs/articles/non-standard-ports.mdx +30 -0
- package/docs/articles/oauth-authentication.mdx +54 -0
- package/docs/articles/openapi-server-urls.mdx +60 -0
- package/docs/articles/openapi.mdx +130 -0
- package/docs/articles/opentelemetry.mdx +250 -0
- package/docs/articles/per-user-rate-limits-using-db.mdx +112 -0
- package/docs/articles/performance-testing.mdx +304 -0
- package/docs/articles/plugin-akamai-api-security.mdx +76 -0
- package/docs/articles/plugin-azure-blob.mdx +73 -0
- package/docs/articles/plugin-azure-event-hubs.mdx +64 -0
- package/docs/articles/plugin-hydrolix-traffic-peak.mdx +147 -0
- package/docs/articles/policies.mdx +33 -0
- package/docs/articles/rename-or-move-project.mdx +39 -0
- package/docs/articles/rick-and-morty-api-developer-portal-example.mdx +23 -0
- package/docs/articles/routing.mdx +193 -0
- package/docs/articles/s3-signed-url-uploads.mdx +521 -0
- package/docs/articles/secure-tunnel.mdx +84 -0
- package/docs/articles/securing-backend-mtls.mdx +268 -0
- package/docs/articles/securing-your-backend.mdx +148 -0
- package/docs/articles/security.mdx +105 -0
- package/docs/articles/sharing-code-across-projects.mdx +412 -0
- package/docs/articles/source-control-setup-azure.mdx +13 -0
- package/docs/articles/source-control-setup-bitbucket.mdx +43 -0
- package/docs/articles/source-control-setup-github.mdx +172 -0
- package/docs/articles/source-control-setup-gitlab.mdx +12 -0
- package/docs/articles/source-control.mdx +80 -0
- package/docs/articles/step-1-setup-basic-gateway-local.mdx +136 -0
- package/docs/articles/step-1-setup-basic-gateway.mdx +118 -0
- package/docs/articles/step-2-add-rate-limiting-local.mdx +126 -0
- package/docs/articles/step-2-add-rate-limiting.mdx +82 -0
- package/docs/articles/step-3-add-api-key-auth-local.mdx +199 -0
- package/docs/articles/step-3-add-api-key-auth.mdx +166 -0
- package/docs/articles/step-4-deploying-to-the-edge.mdx +220 -0
- package/docs/articles/step-5-dynamic-rate-limiting.mdx +167 -0
- package/docs/articles/support.mdx +144 -0
- package/docs/articles/terraform.mdx +114 -0
- package/docs/articles/testing-graphql.mdx +34 -0
- package/docs/articles/testing.mdx +522 -0
- package/docs/articles/troubleshooting-slow-responses.mdx +301 -0
- package/docs/articles/troubleshooting.md +302 -0
- package/docs/articles/tsconfig.mdx +105 -0
- package/docs/articles/tunnel-setup.mdx +195 -0
- package/docs/articles/tunnel-troubleshooting.mdx +50 -0
- package/docs/articles/update-zup-in-github-action.mdx +110 -0
- package/docs/articles/use-openapi-extension-data.mdx +79 -0
- package/docs/articles/users/multifactor-authentication.mdx +64 -0
- package/docs/articles/users/profile.mdx +13 -0
- package/docs/articles/versioning-on-zuplo.mdx +89 -0
- package/docs/articles/waf-ddos-akamai.md +133 -0
- package/docs/articles/waf-ddos-aws-waf-shield.mdx +85 -0
- package/docs/articles/waf-ddos-fastly.mdx +251 -0
- package/docs/articles/waf-ddos.mdx +140 -0
- package/docs/articles/zuplo-waf.mdx +156 -0
- package/docs/ask.mdx +3 -0
- package/docs/cli/authentication.mdx +56 -0
- package/docs/cli/connectivity.mdx +38 -0
- package/docs/cli/create-zuplo-api.mdx +80 -0
- package/docs/cli/delete.mdx +79 -0
- package/docs/cli/deploy.mdx +156 -0
- package/docs/cli/deploy.partial.mdx +46 -0
- package/docs/cli/dev.mdx +115 -0
- package/docs/cli/docs.mdx +66 -0
- package/docs/cli/editor.mdx +50 -0
- package/docs/cli/global-options.mdx +19 -0
- package/docs/cli/init.mdx +74 -0
- package/docs/cli/link.mdx +74 -0
- package/docs/cli/list.mdx +55 -0
- package/docs/cli/mtls-certificate-create.mdx +94 -0
- package/docs/cli/mtls-certificate-delete.mdx +55 -0
- package/docs/cli/mtls-certificate-describe.mdx +55 -0
- package/docs/cli/mtls-certificate-disable.mdx +55 -0
- package/docs/cli/mtls-certificate-list.mdx +47 -0
- package/docs/cli/mtls-certificate-update.mdx +72 -0
- package/docs/cli/openapi-convert.mdx +111 -0
- package/docs/cli/openapi-merge.mdx +138 -0
- package/docs/cli/openapi-merge.partial.mdx +29 -0
- package/docs/cli/openapi-overlay.mdx +123 -0
- package/docs/cli/overview.mdx +78 -0
- package/docs/cli/project-create.mdx +43 -0
- package/docs/cli/source-migrate.mdx +18 -0
- package/docs/cli/source-upgrade.mdx +41 -0
- package/docs/cli/test.mdx +70 -0
- package/docs/cli/test.partial.mdx +7 -0
- package/docs/cli/tunnel-create.mdx +53 -0
- package/docs/cli/tunnel-create.partial.mdx +9 -0
- package/docs/cli/tunnel-delete.mdx +35 -0
- package/docs/cli/tunnel-delete.partial.mdx +9 -0
- package/docs/cli/tunnel-describe.mdx +45 -0
- package/docs/cli/tunnel-describe.partial.mdx +5 -0
- package/docs/cli/tunnel-list.mdx +35 -0
- package/docs/cli/tunnel-list.partial.mdx +9 -0
- package/docs/cli/tunnel-rate-token.partial.mdx +9 -0
- package/docs/cli/tunnel-rotate-token.mdx +39 -0
- package/docs/cli/tunnel-services-describe.mdx +45 -0
- package/docs/cli/tunnel-services-describe.partial.mdx +9 -0
- package/docs/cli/tunnel-services-update.mdx +48 -0
- package/docs/cli/variable-create.mdx +91 -0
- package/docs/cli/variable-create.partial.mdx +5 -0
- package/docs/cli/variable-update.mdx +75 -0
- package/docs/cli/variable-update.partial.mdx +5 -0
- package/docs/concepts/api-keys.md +146 -0
- package/docs/concepts/authentication.mdx +109 -0
- package/docs/concepts/how-zuplo-works.mdx +120 -0
- package/docs/concepts/project-structure.mdx +174 -0
- package/docs/concepts/rate-limiting.md +246 -0
- package/docs/concepts/request-lifecycle.mdx +56 -0
- package/docs/concepts/source-control-and-deployment.mdx +229 -0
- package/docs/conferences/conference-prize-terms.mdx +80 -0
- package/docs/dedicated/akamai/ai-powered-applications.mdx +223 -0
- package/docs/dedicated/akamai/architecture.mdx +280 -0
- package/docs/dedicated/akamai/caching.mdx +212 -0
- package/docs/dedicated/akamai/cdn.mdx +156 -0
- package/docs/dedicated/architecture.mdx +208 -0
- package/docs/dedicated/custom-domains.mdx +31 -0
- package/docs/dedicated/federated-gateways.mdx +80 -0
- package/docs/dedicated/networking.mdx +69 -0
- package/docs/dedicated/overview.mdx +80 -0
- package/docs/dedicated/source-control.mdx +63 -0
- package/docs/dev-portal/dev-portal-create-consumer-on-auth.mdx +134 -0
- package/docs/dev-portal/introduction.mdx +65 -0
- package/docs/dev-portal/local-development.mdx +72 -0
- package/docs/dev-portal/migration.mdx +526 -0
- package/docs/dev-portal/node-modules.mdx +45 -0
- package/docs/dev-portal/updating.mdx +28 -0
- package/docs/dev-portal/zudoku/components/alert.mdx +130 -0
- package/docs/dev-portal/zudoku/components/badge.mdx +70 -0
- package/docs/dev-portal/zudoku/components/button.mdx +132 -0
- package/docs/dev-portal/zudoku/components/callout.mdx +112 -0
- package/docs/dev-portal/zudoku/components/card.mdx +104 -0
- package/docs/dev-portal/zudoku/components/checkbox.mdx +72 -0
- package/docs/dev-portal/zudoku/components/client-only.mdx +79 -0
- package/docs/dev-portal/zudoku/components/code-tabs.mdx +179 -0
- package/docs/dev-portal/zudoku/components/dialog.mdx +167 -0
- package/docs/dev-portal/zudoku/components/head.mdx +199 -0
- package/docs/dev-portal/zudoku/components/icons.mdx +27 -0
- package/docs/dev-portal/zudoku/components/input.mdx +96 -0
- package/docs/dev-portal/zudoku/components/label.mdx +86 -0
- package/docs/dev-portal/zudoku/components/link.mdx +242 -0
- package/docs/dev-portal/zudoku/components/markdown.mdx +151 -0
- package/docs/dev-portal/zudoku/components/mermaid.mdx +81 -0
- package/docs/dev-portal/zudoku/components/playground.mdx +87 -0
- package/docs/dev-portal/zudoku/components/secret.mdx +78 -0
- package/docs/dev-portal/zudoku/components/select.mdx +176 -0
- package/docs/dev-portal/zudoku/components/shadcn.mdx +73 -0
- package/docs/dev-portal/zudoku/components/slider.mdx +108 -0
- package/docs/dev-portal/zudoku/components/slot.mdx +119 -0
- package/docs/dev-portal/zudoku/components/stepper.mdx +138 -0
- package/docs/dev-portal/zudoku/components/switch.mdx +96 -0
- package/docs/dev-portal/zudoku/components/syntax-highlight.mdx +602 -0
- package/docs/dev-portal/zudoku/components/textarea.mdx +78 -0
- package/docs/dev-portal/zudoku/components/tooltip.mdx +195 -0
- package/docs/dev-portal/zudoku/components/typography.mdx +61 -0
- package/docs/dev-portal/zudoku/configuration/ai-assistants.md +64 -0
- package/docs/dev-portal/zudoku/configuration/api-catalog.md +108 -0
- package/docs/dev-portal/zudoku/configuration/api-reference.md +397 -0
- package/docs/dev-portal/zudoku/configuration/authentication-auth0.md +173 -0
- package/docs/dev-portal/zudoku/configuration/authentication-azure-ad.md +238 -0
- package/docs/dev-portal/zudoku/configuration/authentication-clerk.md +110 -0
- package/docs/dev-portal/zudoku/configuration/authentication-firebase.md +61 -0
- package/docs/dev-portal/zudoku/configuration/authentication-pingfederate.md +136 -0
- package/docs/dev-portal/zudoku/configuration/authentication-supabase.md +225 -0
- package/docs/dev-portal/zudoku/configuration/authentication.md +199 -0
- package/docs/dev-portal/zudoku/configuration/build-configuration.mdx +147 -0
- package/docs/dev-portal/zudoku/configuration/docs.md +282 -0
- package/docs/dev-portal/zudoku/configuration/footer.mdx +214 -0
- package/docs/dev-portal/zudoku/configuration/llms.md +89 -0
- package/docs/dev-portal/zudoku/configuration/navigation.mdx +408 -0
- package/docs/dev-portal/zudoku/configuration/overview.md +380 -0
- package/docs/dev-portal/zudoku/configuration/protected-routes.md +149 -0
- package/docs/dev-portal/zudoku/configuration/search.md +169 -0
- package/docs/dev-portal/zudoku/configuration/sentry.mdx +44 -0
- package/docs/dev-portal/zudoku/configuration/site.md +124 -0
- package/docs/dev-portal/zudoku/configuration/slots.mdx +124 -0
- package/docs/dev-portal/zudoku/configuration/vite-config.md +18 -0
- package/docs/dev-portal/zudoku/custom-plugins.md +287 -0
- package/docs/dev-portal/zudoku/customization/colors-theme.mdx +275 -0
- package/docs/dev-portal/zudoku/customization/fonts.md +110 -0
- package/docs/dev-portal/zudoku/extending/events.md +124 -0
- package/docs/dev-portal/zudoku/guides/custom-pages.md +106 -0
- package/docs/dev-portal/zudoku/guides/environment-variables.md +99 -0
- package/docs/dev-portal/zudoku/guides/mermaid.mdx +70 -0
- package/docs/dev-portal/zudoku/guides/navigation-migration.md +87 -0
- package/docs/dev-portal/zudoku/guides/navigation-rules.mdx +197 -0
- package/docs/dev-portal/zudoku/guides/processors.mdx +234 -0
- package/docs/dev-portal/zudoku/guides/static-files.md +55 -0
- package/docs/dev-portal/zudoku/guides/transforming-examples.md +156 -0
- package/docs/dev-portal/zudoku/guides/using-multiple-apis.md +87 -0
- package/docs/dev-portal/zudoku/markdown/admonitions.md +128 -0
- package/docs/dev-portal/zudoku/markdown/code-blocks.md +196 -0
- package/docs/dev-portal/zudoku/markdown/frontmatter.md +172 -0
- package/docs/dev-portal/zudoku/markdown/mdx.md +68 -0
- package/docs/dev-portal/zudoku/markdown/overview.md +275 -0
- package/docs/dev-portal/zudoku/plugins.md +5 -0
- package/docs/dev-portal/zudoku/writing.mdx +72 -0
- package/docs/errors/bad-request.mdx +39 -0
- package/docs/errors/build-error.mdx +45 -0
- package/docs/errors/fatal-project-error.mdx +39 -0
- package/docs/errors/gateway-timeout.mdx +33 -0
- package/docs/errors/get-head-body-error.mdx +41 -0
- package/docs/errors/main-mod-error.mdx +40 -0
- package/docs/errors/no-project-set.mdx +41 -0
- package/docs/errors/not-found.mdx +43 -0
- package/docs/errors/rate-limit-exceeded.mdx +31 -0
- package/docs/errors/schema-validation-failed.mdx +51 -0
- package/docs/errors/system-configuration-error.mdx +44 -0
- package/docs/errors/unauthorized.mdx +50 -0
- package/docs/errors/unknown-error.mdx +42 -0
- package/docs/errors.mdx +14 -0
- package/docs/guides/canary-routing-for-employees.mdx +385 -0
- package/docs/guides/geolocation-backend-routing.mdx +404 -0
- package/docs/guides/modify-openapi-paths.mdx +371 -0
- package/docs/guides/openapi-overlays.mdx +492 -0
- package/docs/guides/overview.mdx +12 -0
- package/docs/guides/user-based-backend-routing.mdx +437 -0
- package/docs/handlers/aws-lambda.mdx +201 -0
- package/docs/handlers/custom-handler.mdx +112 -0
- package/docs/handlers/legacy-dev-portal-handler.mdx +135 -0
- package/docs/handlers/mcp-server.mdx +730 -0
- package/docs/handlers/openapi.mdx +78 -0
- package/docs/handlers/redirect.mdx +115 -0
- package/docs/handlers/system-handlers.mdx +41 -0
- package/docs/handlers/url-forward.mdx +204 -0
- package/docs/handlers/url-rewrite.mdx +224 -0
- package/docs/handlers/websocket-handler.mdx +154 -0
- package/docs/home.mdx +6 -0
- package/docs/managed-edge/overview.md +78 -0
- package/docs/mcp-server/configuration-migration-guide.mdx +344 -0
- package/docs/mcp-server/custom-tools.mdx +487 -0
- package/docs/mcp-server/graphql.mdx +241 -0
- package/docs/mcp-server/introduction.mdx +122 -0
- package/docs/mcp-server/openai-apps-sdk.mdx +160 -0
- package/docs/mcp-server/prompts.mdx +283 -0
- package/docs/mcp-server/resources.mdx +288 -0
- package/docs/mcp-server/testing.mdx +53 -0
- package/docs/mcp-server/tools.mdx +306 -0
- package/docs/policies/_index.md +92 -0
- package/docs/policies/ab-test-inbound/intro.md +8 -0
- package/docs/policies/ab-test-inbound/policy.ts +14 -0
- package/docs/policies/ab-test-inbound/schema.json +27 -0
- package/docs/policies/ab-test-outbound/intro.md +8 -0
- package/docs/policies/ab-test-outbound/policy.ts +26 -0
- package/docs/policies/ab-test-outbound/schema.json +27 -0
- package/docs/policies/acl-policy-inbound/intro.md +5 -0
- package/docs/policies/acl-policy-inbound/policy.ts +32 -0
- package/docs/policies/acl-policy-inbound/schema.json +52 -0
- package/docs/policies/akamai-ai-firewall/schema.json +98 -0
- package/docs/policies/amberflo-metering-inbound/doc.md +183 -0
- package/docs/policies/amberflo-metering-inbound/intro.md +20 -0
- package/docs/policies/amberflo-metering-inbound/schema.json +108 -0
- package/docs/policies/api-key-inbound/doc.md +77 -0
- package/docs/policies/api-key-inbound/intro.md +30 -0
- package/docs/policies/api-key-inbound/schema.json +84 -0
- package/docs/policies/archive-request-aws-s3-inbound/intro.md +4 -0
- package/docs/policies/archive-request-aws-s3-inbound/policy.ts +58 -0
- package/docs/policies/archive-request-aws-s3-inbound/schema.json +68 -0
- package/docs/policies/archive-request-azure-storage-inbound/doc.md +31 -0
- package/docs/policies/archive-request-azure-storage-inbound/intro.md +4 -0
- package/docs/policies/archive-request-azure-storage-inbound/policy.ts +54 -0
- package/docs/policies/archive-request-azure-storage-inbound/schema.json +53 -0
- package/docs/policies/archive-request-gcp-storage-inbound/doc.md +63 -0
- package/docs/policies/archive-request-gcp-storage-inbound/intro.md +4 -0
- package/docs/policies/archive-request-gcp-storage-inbound/policy.ts +68 -0
- package/docs/policies/archive-request-gcp-storage-inbound/schema.json +47 -0
- package/docs/policies/archive-response-aws-s3-outbound/intro.md +2 -0
- package/docs/policies/archive-response-aws-s3-outbound/policy.ts +59 -0
- package/docs/policies/archive-response-aws-s3-outbound/schema.json +68 -0
- package/docs/policies/archive-response-azure-storage-outbound/doc.md +31 -0
- package/docs/policies/archive-response-azure-storage-outbound/intro.md +3 -0
- package/docs/policies/archive-response-azure-storage-outbound/policy.ts +54 -0
- package/docs/policies/archive-response-azure-storage-outbound/schema.json +53 -0
- package/docs/policies/audit-log-inbound/doc.md +78 -0
- package/docs/policies/audit-log-inbound/intro.md +10 -0
- package/docs/policies/audit-log-inbound/schema.json +81 -0
- package/docs/policies/auth0-jwt-auth-inbound/doc.md +125 -0
- package/docs/policies/auth0-jwt-auth-inbound/intro.md +17 -0
- package/docs/policies/auth0-jwt-auth-inbound/schema.json +74 -0
- package/docs/policies/authzen-inbound/doc.md +24 -0
- package/docs/policies/authzen-inbound/intro.md +31 -0
- package/docs/policies/authzen-inbound/schema.json +126 -0
- package/docs/policies/axiomatics-authz-inbound/doc.md +144 -0
- package/docs/policies/axiomatics-authz-inbound/intro.md +11 -0
- package/docs/policies/axiomatics-authz-inbound/schema.json +161 -0
- package/docs/policies/basic-auth-inbound/intro.md +9 -0
- package/docs/policies/basic-auth-inbound/schema.json +99 -0
- package/docs/policies/bot-detection-inbound/intro.md +4 -0
- package/docs/policies/bot-detection-inbound/schema.json +56 -0
- package/docs/policies/brownout-inbound/doc.md +55 -0
- package/docs/policies/brownout-inbound/intro.md +12 -0
- package/docs/policies/brownout-inbound/schema.json +115 -0
- package/docs/policies/caching-inbound/doc.md +209 -0
- package/docs/policies/caching-inbound/intro.md +23 -0
- package/docs/policies/caching-inbound/schema.json +98 -0
- package/docs/policies/change-method-inbound/schema.json +56 -0
- package/docs/policies/clear-headers-inbound/schema.json +59 -0
- package/docs/policies/clear-headers-outbound/schema.json +59 -0
- package/docs/policies/clerk-jwt-auth-inbound/doc.md +85 -0
- package/docs/policies/clerk-jwt-auth-inbound/intro.md +4 -0
- package/docs/policies/clerk-jwt-auth-inbound/schema.json +68 -0
- package/docs/policies/cognito-jwt-auth-inbound/intro.md +7 -0
- package/docs/policies/cognito-jwt-auth-inbound/schema.json +74 -0
- package/docs/policies/comet-opik-tracing-inbound/schema.json +65 -0
- package/docs/policies/complex-rate-limit-inbound/doc.md +20 -0
- package/docs/policies/complex-rate-limit-inbound/intro.md +23 -0
- package/docs/policies/complex-rate-limit-inbound/schema.json +142 -0
- package/docs/policies/composite-inbound/doc.md +69 -0
- package/docs/policies/composite-inbound/intro.md +15 -0
- package/docs/policies/composite-inbound/schema.json +59 -0
- package/docs/policies/composite-outbound/intro.md +6 -0
- package/docs/policies/composite-outbound/schema.json +59 -0
- package/docs/policies/curity-phantom-token-inbound/doc.md +109 -0
- package/docs/policies/curity-phantom-token-inbound/intro.md +3 -0
- package/docs/policies/curity-phantom-token-inbound/schema.json +68 -0
- package/docs/policies/custom-code-inbound/doc.md +267 -0
- package/docs/policies/custom-code-inbound/intro.md +2 -0
- package/docs/policies/custom-code-inbound/schema.json +48 -0
- package/docs/policies/custom-code-outbound/doc.md +235 -0
- package/docs/policies/custom-code-outbound/intro.md +2 -0
- package/docs/policies/custom-code-outbound/schema.json +43 -0
- package/docs/policies/firebase-jwt-inbound/intro.md +6 -0
- package/docs/policies/firebase-jwt-inbound/schema.json +68 -0
- package/docs/policies/formdata-to-json-inbound/schema.json +60 -0
- package/docs/policies/galileo-tracing-inbound/schema.json +65 -0
- package/docs/policies/geo-filter-inbound/doc.md +33 -0
- package/docs/policies/geo-filter-inbound/schema.json +108 -0
- package/docs/policies/graphql-complexity-limit-inbound/doc.md +48 -0
- package/docs/policies/graphql-complexity-limit-inbound/intro.md +2 -0
- package/docs/policies/graphql-complexity-limit-inbound/schema.json +90 -0
- package/docs/policies/graphql-disable-introspection-inbound/doc.md +66 -0
- package/docs/policies/graphql-disable-introspection-inbound/intro.md +15 -0
- package/docs/policies/graphql-disable-introspection-inbound/schema.json +48 -0
- package/docs/policies/graphql-introspection-filter-outbound/doc.md +148 -0
- package/docs/policies/graphql-introspection-filter-outbound/schema.json +79 -0
- package/docs/policies/hmac-auth-inbound/doc.md +30 -0
- package/docs/policies/hmac-auth-inbound/intro.md +10 -0
- package/docs/policies/hmac-auth-inbound/policy.ts +70 -0
- package/docs/policies/hmac-auth-inbound/schema.json +53 -0
- package/docs/policies/http-deprecation-outbound/doc.md +73 -0
- package/docs/policies/http-deprecation-outbound/schema.json +83 -0
- package/docs/policies/ip-restriction-inbound/intro.md +8 -0
- package/docs/policies/ip-restriction-inbound/policy.ts +40 -0
- package/docs/policies/ip-restriction-inbound/schema.json +58 -0
- package/docs/policies/jwt-scopes-inbound/schema.json +59 -0
- package/docs/policies/ldap-auth-inbound/schema.json +56 -0
- package/docs/policies/mock-api-inbound/schema.json +72 -0
- package/docs/policies/moesif-inbound/doc.md +44 -0
- package/docs/policies/moesif-inbound/intro.md +6 -0
- package/docs/policies/moesif-inbound/schema.json +68 -0
- package/docs/policies/monetization-inbound/doc.md +87 -0
- package/docs/policies/monetization-inbound/intro.md +6 -0
- package/docs/policies/monetization-inbound/schema.json +102 -0
- package/docs/policies/mtls-auth-inbound/intro.md +6 -0
- package/docs/policies/mtls-auth-inbound/schema.json +68 -0
- package/docs/policies/okta-fga-authz-inbound/doc.md +181 -0
- package/docs/policies/okta-fga-authz-inbound/intro.md +20 -0
- package/docs/policies/okta-fga-authz-inbound/schema.json +104 -0
- package/docs/policies/okta-jwt-auth-inbound/intro.md +7 -0
- package/docs/policies/okta-jwt-auth-inbound/schema.json +74 -0
- package/docs/policies/open-id-jwt-auth-inbound/doc.md +58 -0
- package/docs/policies/open-id-jwt-auth-inbound/intro.md +30 -0
- package/docs/policies/open-id-jwt-auth-inbound/schema.json +128 -0
- package/docs/policies/openfga-authz-inbound/doc.md +207 -0
- package/docs/policies/openfga-authz-inbound/intro.md +17 -0
- package/docs/policies/openfga-authz-inbound/schema.json +191 -0
- package/docs/policies/openmeter-inbound/doc.md +163 -0
- package/docs/policies/openmeter-inbound/intro.md +18 -0
- package/docs/policies/openmeter-inbound/schema.json +183 -0
- package/docs/policies/prompt-injection-outbound/doc.md +106 -0
- package/docs/policies/prompt-injection-outbound/intro.md +4 -0
- package/docs/policies/prompt-injection-outbound/schema.json +74 -0
- package/docs/policies/propel-auth-jwt-inbound/doc.md +88 -0
- package/docs/policies/propel-auth-jwt-inbound/intro.md +4 -0
- package/docs/policies/propel-auth-jwt-inbound/schema.json +74 -0
- package/docs/policies/query-param-to-header-inbound/doc.md +70 -0
- package/docs/policies/query-param-to-header-inbound/intro.md +5 -0
- package/docs/policies/query-param-to-header-inbound/schema.json +74 -0
- package/docs/policies/quota-inbound/doc.md +235 -0
- package/docs/policies/quota-inbound/intro.md +7 -0
- package/docs/policies/quota-inbound/schema.json +133 -0
- package/docs/policies/rate-limit-inbound/doc.md +78 -0
- package/docs/policies/rate-limit-inbound/intro.md +30 -0
- package/docs/policies/rate-limit-inbound/schema.json +134 -0
- package/docs/policies/rbac-policy-inbound/intro.md +3 -0
- package/docs/policies/rbac-policy-inbound/policy.ts +42 -0
- package/docs/policies/rbac-policy-inbound/schema.json +52 -0
- package/docs/policies/readme-metrics-inbound/doc.md +1 -0
- package/docs/policies/readme-metrics-inbound/intro.md +3 -0
- package/docs/policies/readme-metrics-inbound/schema.json +84 -0
- package/docs/policies/remove-headers-inbound/schema.json +59 -0
- package/docs/policies/remove-headers-outbound/schema.json +59 -0
- package/docs/policies/remove-query-params-inbound/schema.json +59 -0
- package/docs/policies/replace-string-outbound/schema.json +69 -0
- package/docs/policies/request-size-limit-inbound/schema.json +60 -0
- package/docs/policies/request-validation-inbound/doc.md +72 -0
- package/docs/policies/request-validation-inbound/intro.md +24 -0
- package/docs/policies/request-validation-inbound/schema.json +98 -0
- package/docs/policies/require-origin-inbound/intro.md +12 -0
- package/docs/policies/require-origin-inbound/schema.json +65 -0
- package/docs/policies/secret-masking-outbound/doc.md +41 -0
- package/docs/policies/secret-masking-outbound/intro.md +13 -0
- package/docs/policies/secret-masking-outbound/schema.json +65 -0
- package/docs/policies/semantic-cache-inbound/doc.md +63 -0
- package/docs/policies/semantic-cache-inbound/intro.md +4 -0
- package/docs/policies/semantic-cache-inbound/schema.json +179 -0
- package/docs/policies/set-body-inbound/intro.md +7 -0
- package/docs/policies/set-body-inbound/schema.json +56 -0
- package/docs/policies/set-headers-inbound/doc.md +41 -0
- package/docs/policies/set-headers-inbound/intro.md +2 -0
- package/docs/policies/set-headers-inbound/schema.json +83 -0
- package/docs/policies/set-headers-outbound/schema.json +83 -0
- package/docs/policies/set-query-params-inbound/schema.json +83 -0
- package/docs/policies/set-status-outbound/schema.json +62 -0
- package/docs/policies/sleep-inbound/schema.json +56 -0
- package/docs/policies/stripe-webhook-verification-inbound/intro.md +2 -0
- package/docs/policies/stripe-webhook-verification-inbound/schema.json +60 -0
- package/docs/policies/supabase-jwt-auth-inbound/doc.md +29 -0
- package/docs/policies/supabase-jwt-auth-inbound/intro.md +12 -0
- package/docs/policies/supabase-jwt-auth-inbound/schema.json +86 -0
- package/docs/policies/transform-body-inbound/intro.md +8 -0
- package/docs/policies/transform-body-inbound/policy.ts +16 -0
- package/docs/policies/transform-body-inbound/schema.json +27 -0
- package/docs/policies/transform-body-outbound/intro.md +8 -0
- package/docs/policies/transform-body-outbound/policy.ts +19 -0
- package/docs/policies/transform-body-outbound/schema.json +27 -0
- package/docs/policies/upstream-azure-ad-service-auth-inbound/doc.md +82 -0
- package/docs/policies/upstream-azure-ad-service-auth-inbound/intro.md +20 -0
- package/docs/policies/upstream-azure-ad-service-auth-inbound/schema.json +84 -0
- package/docs/policies/upstream-firebase-admin-auth-inbound/intro.md +10 -0
- package/docs/policies/upstream-firebase-admin-auth-inbound/schema.json +68 -0
- package/docs/policies/upstream-firebase-user-auth-inbound/intro.md +2 -0
- package/docs/policies/upstream-firebase-user-auth-inbound/schema.json +113 -0
- package/docs/policies/upstream-gcp-federated-auth-inbound/doc.md +139 -0
- package/docs/policies/upstream-gcp-federated-auth-inbound/intro.md +21 -0
- package/docs/policies/upstream-gcp-federated-auth-inbound/schema.json +96 -0
- package/docs/policies/upstream-gcp-jwt-inbound/intro.md +10 -0
- package/docs/policies/upstream-gcp-jwt-inbound/schema.json +62 -0
- package/docs/policies/upstream-gcp-service-auth-inbound/doc.md +132 -0
- package/docs/policies/upstream-gcp-service-auth-inbound/intro.md +25 -0
- package/docs/policies/upstream-gcp-service-auth-inbound/schema.json +95 -0
- package/docs/policies/upstream-zuplo-jwt-auth-inbound/doc.md +213 -0
- package/docs/policies/upstream-zuplo-jwt-auth-inbound/intro.md +16 -0
- package/docs/policies/upstream-zuplo-jwt-auth-inbound/schema.json +101 -0
- package/docs/policies/validate-json-schema-inbound/doc.md +129 -0
- package/docs/policies/validate-json-schema-inbound/intro.md +7 -0
- package/docs/policies/validate-json-schema-inbound/schema.json +56 -0
- package/docs/policies/web-bot-auth-inbound/doc.md +104 -0
- package/docs/policies/web-bot-auth-inbound/intro.md +16 -0
- package/docs/policies/web-bot-auth-inbound/schema.json +76 -0
- package/docs/policies/xml-to-json-outbound/doc.md +71 -0
- package/docs/policies/xml-to-json-outbound/intro.md +4 -0
- package/docs/policies/xml-to-json-outbound/schema.json +117 -0
- package/docs/programmable-api/audit-log.mdx +74 -0
- package/docs/programmable-api/background-dispatcher.mdx +124 -0
- package/docs/programmable-api/background-loader.mdx +104 -0
- package/docs/programmable-api/cache.mdx +186 -0
- package/docs/programmable-api/compatibility-dates.mdx +201 -0
- package/docs/programmable-api/console-logging.mdx +48 -0
- package/docs/programmable-api/context-data.mdx +127 -0
- package/docs/programmable-api/custom-cors-policy.mdx +64 -0
- package/docs/programmable-api/environment.mdx +328 -0
- package/docs/programmable-api/hooks.mdx +569 -0
- package/docs/programmable-api/http-problems.mdx +385 -0
- package/docs/programmable-api/jwt-service-plugin.mdx +420 -0
- package/docs/programmable-api/logger.mdx +223 -0
- package/docs/programmable-api/memory-zone-read-through-cache.mdx +96 -0
- package/docs/programmable-api/node-modules.mdx +67 -0
- package/docs/programmable-api/not-found-handler.mdx +47 -0
- package/docs/programmable-api/oauth-protected-resource-plugin.mdx +46 -0
- package/docs/programmable-api/overview.mdx +213 -0
- package/docs/programmable-api/problem-response-formatter.mdx +183 -0
- package/docs/programmable-api/request-user.mdx +289 -0
- package/docs/programmable-api/reusing-code.mdx +26 -0
- package/docs/programmable-api/route-raw.mdx +55 -0
- package/docs/programmable-api/runtime-behaviors.mdx +25 -0
- package/docs/programmable-api/runtime-errors.mdx +246 -0
- package/docs/programmable-api/runtime-extensions.mdx +340 -0
- package/docs/programmable-api/safely-clone-a-request-or-response.mdx +57 -0
- package/docs/programmable-api/streaming-zone-cache.mdx +155 -0
- package/docs/programmable-api/web-crypto-apis.mdx +219 -0
- package/docs/programmable-api/web-standard-apis.mdx +109 -0
- package/docs/programmable-api/zone-cache.mdx +131 -0
- package/docs/programmable-api/zp-body-removed.mdx +32 -0
- package/docs/programmable-api/zuplo-context.mdx +414 -0
- package/docs/programmable-api/zuplo-id-token.mdx +90 -0
- package/docs/programmable-api/zuplo-json.mdx +91 -0
- package/docs/programmable-api/zuplo-request.mdx +200 -0
- package/docs/sample-apis.mdx +78 -0
- package/docs/self-hosted/overview.md +60 -0
- package/package.json +6 -5
|
@@ -0,0 +1,447 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Configuring CORS
|
|
3
|
+
sidebar_label: CORS
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
Cross-Origin Resource Sharing (CORS) controls which web applications on
|
|
7
|
+
different domains can access your API. Zuplo handles CORS at the gateway level,
|
|
8
|
+
automatically responding to preflight requests and adding the appropriate
|
|
9
|
+
headers to responses.
|
|
10
|
+
|
|
11
|
+
## Built-in Policies
|
|
12
|
+
|
|
13
|
+
Every route has a `corsPolicy` property in its `x-zuplo-route` configuration.
|
|
14
|
+
Zuplo provides two built-in policies:
|
|
15
|
+
|
|
16
|
+
### `none`
|
|
17
|
+
|
|
18
|
+
Disables CORS for the route. All CORS headers are stripped from responses, and
|
|
19
|
+
preflight `OPTIONS` requests return a `404` response. This is the default when
|
|
20
|
+
no `corsPolicy` is set.
|
|
21
|
+
|
|
22
|
+
```json title="config/routes.oas.json"
|
|
23
|
+
"x-zuplo-route": {
|
|
24
|
+
"corsPolicy": "none",
|
|
25
|
+
"handler": {
|
|
26
|
+
"export": "urlForwardHandler",
|
|
27
|
+
"module": "$import(@zuplo/runtime)"
|
|
28
|
+
}
|
|
29
|
+
}
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
### `anything-goes`
|
|
33
|
+
|
|
34
|
+
Allows any origin, method, and header. This is useful for development or
|
|
35
|
+
internal APIs but is **not recommended for production**. It sets:
|
|
36
|
+
|
|
37
|
+
- `Access-Control-Allow-Origin`: The requesting origin (reflected back)
|
|
38
|
+
- `Access-Control-Allow-Methods`: The route's configured methods
|
|
39
|
+
- `Access-Control-Allow-Headers`: `*`
|
|
40
|
+
- `Access-Control-Expose-Headers`: `*`
|
|
41
|
+
- `Access-Control-Allow-Credentials`: `true`
|
|
42
|
+
- `Access-Control-Max-Age`: `600`
|
|
43
|
+
|
|
44
|
+
```json title="config/routes.oas.json"
|
|
45
|
+
"x-zuplo-route": {
|
|
46
|
+
"corsPolicy": "anything-goes",
|
|
47
|
+
"handler": {
|
|
48
|
+
"export": "urlForwardHandler",
|
|
49
|
+
"module": "$import(@zuplo/runtime)"
|
|
50
|
+
}
|
|
51
|
+
}
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
## Custom CORS Policies
|
|
55
|
+
|
|
56
|
+
For production use, create custom CORS policies with fine-grained control over
|
|
57
|
+
which origins, methods, and headers are allowed.
|
|
58
|
+
|
|
59
|
+
Custom CORS policies are defined in the `policies.json` file alongside regular
|
|
60
|
+
policies, under the `corsPolicies` array:
|
|
61
|
+
|
|
62
|
+
```json title="config/policies.json"
|
|
63
|
+
{
|
|
64
|
+
"policies": [],
|
|
65
|
+
"corsPolicies": [
|
|
66
|
+
{
|
|
67
|
+
"name": "my-cors-policy",
|
|
68
|
+
"allowedOrigins": [
|
|
69
|
+
"https://app.example.com",
|
|
70
|
+
"https://admin.example.com"
|
|
71
|
+
],
|
|
72
|
+
"allowedMethods": ["GET", "POST", "PUT", "DELETE"],
|
|
73
|
+
"allowedHeaders": ["Authorization", "Content-Type"],
|
|
74
|
+
"exposeHeaders": ["X-Request-Id"],
|
|
75
|
+
"maxAge": 3600,
|
|
76
|
+
"allowCredentials": true
|
|
77
|
+
}
|
|
78
|
+
]
|
|
79
|
+
}
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
Then reference the policy by name on each route:
|
|
83
|
+
|
|
84
|
+
```json title="config/routes.oas.json"
|
|
85
|
+
"x-zuplo-route": {
|
|
86
|
+
"corsPolicy": "my-cors-policy",
|
|
87
|
+
"handler": {
|
|
88
|
+
"export": "urlForwardHandler",
|
|
89
|
+
"module": "$import(@zuplo/runtime)"
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
You can also select the CORS policy from the route designer dropdown in the
|
|
95
|
+
Zuplo Portal.
|
|
96
|
+
|
|
97
|
+
### Policy Properties
|
|
98
|
+
|
|
99
|
+
| Property | Type | Required | Description |
|
|
100
|
+
| ------------------ | ---------------------- | -------- | -------------------------------------------------------------------------------------------------------------- |
|
|
101
|
+
| `name` | `string` | Yes | A unique name used to reference this policy on routes. |
|
|
102
|
+
| `allowedOrigins` | `string[]` or `string` | Yes | Origins permitted to make cross-origin requests. Supports wildcards (see [Origin Matching](#origin-matching)). |
|
|
103
|
+
| `allowedMethods` | `string[]` or `string` | No | HTTP methods allowed for cross-origin requests (e.g., `GET`, `POST`). |
|
|
104
|
+
| `allowedHeaders` | `string[]` or `string` | No | Request headers the client can send. Use `*` to allow any header. |
|
|
105
|
+
| `exposeHeaders` | `string[]` or `string` | No | Response headers the browser can access from JavaScript. |
|
|
106
|
+
| `maxAge` | `number` | No | Time in seconds the browser caches preflight results. |
|
|
107
|
+
| `allowCredentials` | `boolean` | No | Whether to include credentials (cookies, authorization headers) in cross-origin requests. |
|
|
108
|
+
|
|
109
|
+
All list properties (`allowedOrigins`, `allowedMethods`, `allowedHeaders`,
|
|
110
|
+
`exposeHeaders`) accept either a JSON array of strings or a single
|
|
111
|
+
comma-separated string:
|
|
112
|
+
|
|
113
|
+
```json
|
|
114
|
+
// Array format
|
|
115
|
+
"allowedOrigins": ["https://app.example.com", "https://admin.example.com"]
|
|
116
|
+
|
|
117
|
+
// Comma-separated string format
|
|
118
|
+
"allowedOrigins": "https://app.example.com, https://admin.example.com"
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
:::warning
|
|
122
|
+
|
|
123
|
+
Do not include a trailing `/` on origin values. For example,
|
|
124
|
+
`https://example.com` is valid but `https://example.com/` does not work.
|
|
125
|
+
|
|
126
|
+
:::
|
|
127
|
+
|
|
128
|
+
## Origin Matching
|
|
129
|
+
|
|
130
|
+
The `allowedOrigins` property supports several matching patterns:
|
|
131
|
+
|
|
132
|
+
### Exact Match
|
|
133
|
+
|
|
134
|
+
Specify the full origin including the protocol:
|
|
135
|
+
|
|
136
|
+
```json
|
|
137
|
+
"allowedOrigins": ["https://app.example.com"]
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
Origin matching is case-insensitive, so `https://APP.EXAMPLE.COM` matches
|
|
141
|
+
`https://app.example.com`.
|
|
142
|
+
|
|
143
|
+
### Wildcard (`*`)
|
|
144
|
+
|
|
145
|
+
Allow any origin:
|
|
146
|
+
|
|
147
|
+
```json
|
|
148
|
+
"allowedOrigins": ["*"]
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
### Subdomain Wildcards
|
|
152
|
+
|
|
153
|
+
Use `*.` to match a single subdomain level:
|
|
154
|
+
|
|
155
|
+
```json
|
|
156
|
+
"allowedOrigins": ["https://*.example.com"]
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
This matches `https://app.example.com` and `https://api.example.com`, but does
|
|
160
|
+
**not** match:
|
|
161
|
+
|
|
162
|
+
- `https://example.com` (no subdomain)
|
|
163
|
+
- `https://v2.api.example.com` (multi-level subdomain)
|
|
164
|
+
|
|
165
|
+
### Wildcards with Ports
|
|
166
|
+
|
|
167
|
+
Subdomain wildcards work with ports:
|
|
168
|
+
|
|
169
|
+
```json
|
|
170
|
+
"allowedOrigins": ["http://*.localhost:3000"]
|
|
171
|
+
```
|
|
172
|
+
|
|
173
|
+
This matches `http://app.localhost:3000` but not `http://localhost:3000`.
|
|
174
|
+
|
|
175
|
+
### Multiple Patterns
|
|
176
|
+
|
|
177
|
+
Combine exact origins and wildcard patterns:
|
|
178
|
+
|
|
179
|
+
```json
|
|
180
|
+
"allowedOrigins": [
|
|
181
|
+
"https://*.example.com",
|
|
182
|
+
"https://specific.domain.com",
|
|
183
|
+
"http://localhost:3000"
|
|
184
|
+
]
|
|
185
|
+
```
|
|
186
|
+
|
|
187
|
+
## Using Environment Variables
|
|
188
|
+
|
|
189
|
+
Use [environment variables](./environment-variables.mdx) to configure different
|
|
190
|
+
origins per environment:
|
|
191
|
+
|
|
192
|
+
```json title="config/policies.json"
|
|
193
|
+
{
|
|
194
|
+
"corsPolicies": [
|
|
195
|
+
{
|
|
196
|
+
"name": "my-cors-policy",
|
|
197
|
+
"allowedOrigins": "$env(ALLOWED_ORIGINS)",
|
|
198
|
+
"allowedHeaders": "$env(ALLOWED_HEADERS)",
|
|
199
|
+
"allowedMethods": ["GET", "POST", "PUT"],
|
|
200
|
+
"maxAge": 600,
|
|
201
|
+
"allowCredentials": true
|
|
202
|
+
}
|
|
203
|
+
]
|
|
204
|
+
}
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
Set the environment variable as a comma-separated string:
|
|
208
|
+
|
|
209
|
+
```
|
|
210
|
+
ALLOWED_ORIGINS=https://app.example.com, https://admin.example.com
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
Environment variables work for `allowedOrigins`, `allowedMethods`,
|
|
214
|
+
`allowedHeaders`, and `exposeHeaders`.
|
|
215
|
+
|
|
216
|
+
## How CORS Works in Zuplo
|
|
217
|
+
|
|
218
|
+
### Preflight Requests
|
|
219
|
+
|
|
220
|
+
When a browser makes a cross-origin request that requires preflight, it sends an
|
|
221
|
+
`OPTIONS` request with `Origin` and `Access-Control-Request-Method` headers.
|
|
222
|
+
Zuplo handles these automatically:
|
|
223
|
+
|
|
224
|
+
1. Zuplo matches the `OPTIONS` request path and the requested method to a
|
|
225
|
+
configured route.
|
|
226
|
+
2. If the route has a CORS policy, Zuplo checks whether the request origin
|
|
227
|
+
matches the policy's `allowedOrigins`.
|
|
228
|
+
3. If the origin matches, Zuplo responds with a `200 OK` and the appropriate
|
|
229
|
+
CORS headers.
|
|
230
|
+
4. If the origin does not match or the route has no CORS policy, Zuplo responds
|
|
231
|
+
with a `404 Not Found`.
|
|
232
|
+
|
|
233
|
+
Preflight handling runs before any policies or handlers on the route.
|
|
234
|
+
|
|
235
|
+
### Simple Requests
|
|
236
|
+
|
|
237
|
+
For simple cross-origin requests (e.g., `GET` with standard headers), there is
|
|
238
|
+
no preflight. Zuplo adds CORS headers to the response based on the route's
|
|
239
|
+
policy. If the origin does not match, no CORS headers are added and the browser
|
|
240
|
+
blocks the response.
|
|
241
|
+
|
|
242
|
+
### Header Precedence
|
|
243
|
+
|
|
244
|
+
Zuplo strips any existing CORS headers from upstream responses before applying
|
|
245
|
+
the configured policy headers. This prevents conflicts and ensures the gateway
|
|
246
|
+
is the single source of truth for CORS configuration.
|
|
247
|
+
|
|
248
|
+
## Troubleshooting
|
|
249
|
+
|
|
250
|
+
### No CORS headers in response
|
|
251
|
+
|
|
252
|
+
- Verify the route has a `corsPolicy` set (not `none`).
|
|
253
|
+
- Check that the request includes an `Origin` header. Browsers add this
|
|
254
|
+
automatically for cross-origin requests, but tools like `curl` do not.
|
|
255
|
+
- Confirm the `Origin` value matches one of the `allowedOrigins` patterns
|
|
256
|
+
exactly (including the protocol like `https://`).
|
|
257
|
+
|
|
258
|
+
### Preflight returns 404
|
|
259
|
+
|
|
260
|
+
- Ensure the `corsPolicy` on the matching route is not set to `none`.
|
|
261
|
+
- Verify the `Access-Control-Request-Method` header in the preflight request
|
|
262
|
+
matches a method configured on the route.
|
|
263
|
+
- Check that the request path matches an existing route.
|
|
264
|
+
|
|
265
|
+
### Preflight returns 400
|
|
266
|
+
|
|
267
|
+
- The preflight request must include both the `Origin` and
|
|
268
|
+
`Access-Control-Request-Method` headers. A `400` response means one or both
|
|
269
|
+
are missing.
|
|
270
|
+
|
|
271
|
+
### Wildcard subdomain not matching
|
|
272
|
+
|
|
273
|
+
- The `*.` pattern only matches a **single** subdomain level.
|
|
274
|
+
`https://*.example.com` does not match `https://v2.api.example.com`.
|
|
275
|
+
- The `*.` pattern does not match the base domain. `https://*.example.com` does
|
|
276
|
+
not match `https://example.com`. Add the base domain separately if needed.
|
|
277
|
+
|
|
278
|
+
### Credentials not working
|
|
279
|
+
|
|
280
|
+
- Set `allowCredentials` to `true` in the CORS policy.
|
|
281
|
+
- When using credentials, `allowedOrigins` cannot rely on a literal `*` being
|
|
282
|
+
sent as the `Access-Control-Allow-Origin` header value. Zuplo reflects the
|
|
283
|
+
actual requesting origin instead, which is compatible with credentials.
|
|
284
|
+
|
|
285
|
+
### Backend CORS headers conflicting with Zuplo
|
|
286
|
+
|
|
287
|
+
If your backend service sends its own `Access-Control-*` headers, they can
|
|
288
|
+
conflict with the headers Zuplo sets from the CORS policy. Zuplo strips existing
|
|
289
|
+
CORS headers from upstream responses before applying the configured policy, but
|
|
290
|
+
if you have custom outbound policies that interact with the response, backend
|
|
291
|
+
CORS headers may leak through.
|
|
292
|
+
|
|
293
|
+
To prevent conflicts, use the
|
|
294
|
+
[Remove Response Headers](../policies/remove-headers-outbound.mdx) outbound
|
|
295
|
+
policy to explicitly strip CORS headers from your backend response:
|
|
296
|
+
|
|
297
|
+
```json title="config/policies.json"
|
|
298
|
+
{
|
|
299
|
+
"name": "strip-backend-cors-headers",
|
|
300
|
+
"policyType": "remove-headers-outbound",
|
|
301
|
+
"handler": {
|
|
302
|
+
"export": "RemoveHeadersOutboundPolicy",
|
|
303
|
+
"module": "$import(@zuplo/runtime)",
|
|
304
|
+
"options": {
|
|
305
|
+
"headers": [
|
|
306
|
+
"access-control-allow-origin",
|
|
307
|
+
"access-control-allow-methods",
|
|
308
|
+
"access-control-allow-headers",
|
|
309
|
+
"access-control-expose-headers",
|
|
310
|
+
"access-control-allow-credentials",
|
|
311
|
+
"access-control-max-age"
|
|
312
|
+
]
|
|
313
|
+
}
|
|
314
|
+
}
|
|
315
|
+
}
|
|
316
|
+
```
|
|
317
|
+
|
|
318
|
+
Alternatively, disable CORS on your backend entirely and let Zuplo be the single
|
|
319
|
+
source of truth for CORS configuration.
|
|
320
|
+
|
|
321
|
+
### Browser shows "CORS error" but the real issue is a 401 or 403
|
|
322
|
+
|
|
323
|
+
When an API request fails with a `401 Unauthorized` or `403 Forbidden` response,
|
|
324
|
+
the browser often reports it as a CORS error. This happens because the error
|
|
325
|
+
response may not include the required `Access-Control-Allow-Origin` header, so
|
|
326
|
+
the browser blocks access to the response entirely and surfaces a generic CORS
|
|
327
|
+
message.
|
|
328
|
+
|
|
329
|
+
This is especially common when an inbound policy (such as API key
|
|
330
|
+
authentication) rejects the request before the handler runs. The preflight
|
|
331
|
+
`OPTIONS` request succeeds because it runs before any policies, but the actual
|
|
332
|
+
`GET` or `POST` request gets rejected by the authentication policy.
|
|
333
|
+
|
|
334
|
+
To diagnose this:
|
|
335
|
+
|
|
336
|
+
1. Check the request in the browser's Network tab. Look at the actual HTTP
|
|
337
|
+
status code -- if it is `401` or `403`, the problem is authentication, not
|
|
338
|
+
CORS.
|
|
339
|
+
2. Test the same request with `curl` and include an `Origin` header to see the
|
|
340
|
+
full response:
|
|
341
|
+
```bash
|
|
342
|
+
curl -v -H "Origin: https://app.example.com" \
|
|
343
|
+
-H "Authorization: Bearer YOUR_TOKEN" \
|
|
344
|
+
https://your-api.zuplo.dev/your-route
|
|
345
|
+
```
|
|
346
|
+
3. Fix the underlying authentication issue. Once the request returns a
|
|
347
|
+
successful response, the CORS headers are included and the browser error goes
|
|
348
|
+
away.
|
|
349
|
+
|
|
350
|
+
### CORS headers lost in custom outbound policies
|
|
351
|
+
|
|
352
|
+
When a custom outbound policy creates a new `Response` object, CORS headers that
|
|
353
|
+
Zuplo added can be lost if the new response does not carry them forward. Zuplo
|
|
354
|
+
applies CORS headers after the handler runs but before outbound policies
|
|
355
|
+
execute, so any outbound policy that replaces the response must preserve the
|
|
356
|
+
existing headers.
|
|
357
|
+
|
|
358
|
+
Always pass the original response headers when constructing a new `Response`:
|
|
359
|
+
|
|
360
|
+
```ts title="modules/my-outbound-policy.ts"
|
|
361
|
+
export default async function (
|
|
362
|
+
response: Response,
|
|
363
|
+
request: ZuploRequest,
|
|
364
|
+
context: ZuploContext,
|
|
365
|
+
) {
|
|
366
|
+
const data = await response.json();
|
|
367
|
+
|
|
368
|
+
// Transform the data as needed
|
|
369
|
+
data.transformed = true;
|
|
370
|
+
|
|
371
|
+
// Preserve headers (including CORS headers) from the original response
|
|
372
|
+
return new Response(JSON.stringify(data), {
|
|
373
|
+
status: response.status,
|
|
374
|
+
headers: response.headers,
|
|
375
|
+
});
|
|
376
|
+
}
|
|
377
|
+
```
|
|
378
|
+
|
|
379
|
+
If you need to modify headers, copy them into a new `Headers` object first:
|
|
380
|
+
|
|
381
|
+
```ts
|
|
382
|
+
const headers = new Headers(response.headers);
|
|
383
|
+
headers.set("x-custom-header", "value");
|
|
384
|
+
|
|
385
|
+
return new Response(body, {
|
|
386
|
+
status: response.status,
|
|
387
|
+
headers,
|
|
388
|
+
});
|
|
389
|
+
```
|
|
390
|
+
|
|
391
|
+
Avoid constructing a `Response` with no headers argument or with an empty
|
|
392
|
+
`Headers` object, as this drops all CORS headers and causes the browser to block
|
|
393
|
+
the response.
|
|
394
|
+
|
|
395
|
+
### CORS on localhost during development
|
|
396
|
+
|
|
397
|
+
When developing locally, the browser enforces CORS even for `localhost`. Common
|
|
398
|
+
issues include:
|
|
399
|
+
|
|
400
|
+
- **Port mismatch**: `http://localhost:3000` and `http://localhost:5173` are
|
|
401
|
+
different origins. Add each port you use to `allowedOrigins`.
|
|
402
|
+
- **Protocol mismatch**: `http://localhost:3000` and `https://localhost:3000`
|
|
403
|
+
are different origins. Make sure the protocol matches.
|
|
404
|
+
- **Missing localhost**: If you use a custom CORS policy without `localhost` in
|
|
405
|
+
`allowedOrigins`, browser requests from your local development server are
|
|
406
|
+
blocked.
|
|
407
|
+
|
|
408
|
+
For development, either add your local origins to a custom CORS policy:
|
|
409
|
+
|
|
410
|
+
```json
|
|
411
|
+
"allowedOrigins": [
|
|
412
|
+
"https://app.example.com",
|
|
413
|
+
"http://localhost:3000",
|
|
414
|
+
"http://localhost:5173"
|
|
415
|
+
]
|
|
416
|
+
```
|
|
417
|
+
|
|
418
|
+
Or use [environment variables](./environment-variables.mdx) to keep production
|
|
419
|
+
and development origins separate:
|
|
420
|
+
|
|
421
|
+
```json title="config/policies.json"
|
|
422
|
+
{
|
|
423
|
+
"corsPolicies": [
|
|
424
|
+
{
|
|
425
|
+
"name": "my-cors-policy",
|
|
426
|
+
"allowedOrigins": "$env(ALLOWED_ORIGINS)"
|
|
427
|
+
}
|
|
428
|
+
]
|
|
429
|
+
}
|
|
430
|
+
```
|
|
431
|
+
|
|
432
|
+
Then set different values per environment:
|
|
433
|
+
|
|
434
|
+
- **Production**: `ALLOWED_ORIGINS=https://app.example.com`
|
|
435
|
+
- **Development**:
|
|
436
|
+
`ALLOWED_ORIGINS=https://app.example.com, http://localhost:3000`
|
|
437
|
+
|
|
438
|
+
:::tip
|
|
439
|
+
|
|
440
|
+
Use the `anything-goes` built-in policy for quick local testing when you do not
|
|
441
|
+
need to validate CORS behavior. Switch to a custom policy before deploying to
|
|
442
|
+
production.
|
|
443
|
+
|
|
444
|
+
:::
|
|
445
|
+
|
|
446
|
+
For more details on CORS, see the MDN documentation:
|
|
447
|
+
[Cross-Origin Resource Sharing (CORS)](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS).
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: Custom Audit Logging Policy
|
|
3
|
+
sidebar_label: Audit Logging
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
This guide explains how to add custom audit logging beyond the scope of the
|
|
7
|
+
`AuditLogsInboundPolicy`.
|
|
8
|
+
|
|
9
|
+
Audit logging is an important part of API security that plays a critical role in
|
|
10
|
+
detecting and correcting issues such as unauthorized access or permission
|
|
11
|
+
elevations within your system. Audit logging is also a requirement for many
|
|
12
|
+
compliance certifications as well as part of the buying criteria for larger
|
|
13
|
+
enterprises.
|
|
14
|
+
|
|
15
|
+
Adding Audit Logging to your APIs that are secured with Zuplo is as easy as
|
|
16
|
+
adding a custom policy. Typically you want to add audit logs to any API that
|
|
17
|
+
modifies data, however depending on the API you may want it on read operations
|
|
18
|
+
as well (for example retrieve a secret key, etc.)
|
|
19
|
+
|
|
20
|
+
## Example Policy: WorkOS Audit Logs
|
|
21
|
+
|
|
22
|
+
[WorkOS](https://workos.com/) provides various services that help enable
|
|
23
|
+
enterprise features on your service such as SSO and Audit Logs. With Zuplo it's
|
|
24
|
+
easy to create a [custom policy](../policies/custom-code-inbound.mdx) that uses
|
|
25
|
+
[runtime hooks](../programmable-api/runtime-extensions.mdx) to log API calls
|
|
26
|
+
using their API.
|
|
27
|
+
|
|
28
|
+
```ts
|
|
29
|
+
import { ZuploContext, ZuploRequest, environment } from "@zuplo/runtime";
|
|
30
|
+
|
|
31
|
+
export async function auditLogPlugin(
|
|
32
|
+
request: ZuploRequest,
|
|
33
|
+
context: ZuploContext,
|
|
34
|
+
policyName: string,
|
|
35
|
+
) {
|
|
36
|
+
// Clone the request so the body can be read in the hook
|
|
37
|
+
// note: remove this is you don't need content from the body
|
|
38
|
+
const cloned = request.clone();
|
|
39
|
+
context.addResponseSendingFinalHook(async (response) => {
|
|
40
|
+
const incomingBody = await cloned.json();
|
|
41
|
+
// This is an example event. Extract any additional data needed from the
|
|
42
|
+
// request.
|
|
43
|
+
const body = {
|
|
44
|
+
organization_id: "org_01EHWNCE74X7JSDV0X3SZ3KJNY",
|
|
45
|
+
event: {
|
|
46
|
+
action: "user.signed_in",
|
|
47
|
+
occurred_at: "2022-09-02T16:35:39.317Z",
|
|
48
|
+
version: 1,
|
|
49
|
+
actor: {
|
|
50
|
+
type: "user",
|
|
51
|
+
// Add the use the user sub for authenticated users
|
|
52
|
+
id: request.user.sub,
|
|
53
|
+
metadata: {
|
|
54
|
+
role: "user",
|
|
55
|
+
},
|
|
56
|
+
},
|
|
57
|
+
targets: [
|
|
58
|
+
{
|
|
59
|
+
type: "user",
|
|
60
|
+
id: "user_98432YHF",
|
|
61
|
+
name: "Jon Smith",
|
|
62
|
+
},
|
|
63
|
+
{
|
|
64
|
+
type: "team",
|
|
65
|
+
id: "team_J8YASKA2",
|
|
66
|
+
metadata: {
|
|
67
|
+
owner: "user_01GBTCQ2",
|
|
68
|
+
},
|
|
69
|
+
},
|
|
70
|
+
],
|
|
71
|
+
context: {
|
|
72
|
+
location: request.headers.get("True-Client-IP"),
|
|
73
|
+
user_agent: request.headers.get("User-Agent"),
|
|
74
|
+
},
|
|
75
|
+
metadata: {
|
|
76
|
+
extra: incomingBody.extra,
|
|
77
|
+
},
|
|
78
|
+
},
|
|
79
|
+
};
|
|
80
|
+
await fetch("https://api.workos.com/audit_logs/events", {
|
|
81
|
+
method: "POST",
|
|
82
|
+
body: JSON.stringify(body),
|
|
83
|
+
headers: {
|
|
84
|
+
Authorization: `Bearer ${environment.WORKOS_API_KEY}`,
|
|
85
|
+
"Content-Type": "application/json",
|
|
86
|
+
// Optional idempotency key.
|
|
87
|
+
// See: https://workos.com/docs/reference/idempotency
|
|
88
|
+
// "Idempotency-Key": "YOUR_KEY_HERE"
|
|
89
|
+
},
|
|
90
|
+
});
|
|
91
|
+
});
|
|
92
|
+
|
|
93
|
+
return request;
|
|
94
|
+
}
|
|
95
|
+
```
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: "Azure Pipelines"
|
|
3
|
+
sidebar_label: Azure Pipelines
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
Azure Pipelines brings enterprise-grade CI/CD to your Zuplo API gateway. Build
|
|
7
|
+
complex deployment workflows with stages, approvals, and integrations across
|
|
8
|
+
your Azure ecosystem.
|
|
9
|
+
|
|
10
|
+
## Why Azure Pipelines with Zuplo?
|
|
11
|
+
|
|
12
|
+
The Zuplo CLI integrates naturally with Azure Pipelines YAML workflows:
|
|
13
|
+
|
|
14
|
+
**Enterprise pipeline features** — Multi-stage pipelines, deployment jobs,
|
|
15
|
+
environment approvals, and service connections. Build the exact workflow your
|
|
16
|
+
organization requires.
|
|
17
|
+
|
|
18
|
+
**Azure ecosystem integration** — Deploy alongside your Azure Functions, App
|
|
19
|
+
Services, and Kubernetes workloads. Manage secrets through Azure Key Vault.
|
|
20
|
+
Track deployments in Azure DevOps.
|
|
21
|
+
|
|
22
|
+
**Variable groups and templates** — Share configuration across pipelines. Define
|
|
23
|
+
deployment templates once and reuse them across projects.
|
|
24
|
+
|
|
25
|
+
**Compliance and auditing** — Full audit trails, branch policies, and approval
|
|
26
|
+
gates satisfy enterprise compliance requirements.
|
|
27
|
+
|
|
28
|
+
## How It Works
|
|
29
|
+
|
|
30
|
+
The Zuplo CLI handles deployment and testing. Azure Pipelines orchestrates your
|
|
31
|
+
workflow:
|
|
32
|
+
|
|
33
|
+
```bash
|
|
34
|
+
# Deploy to Zuplo (environment name from branch or --environment flag)
|
|
35
|
+
npx zuplo deploy --api-key "$ZUPLO_API_KEY"
|
|
36
|
+
|
|
37
|
+
# Run tests against any Zuplo environment
|
|
38
|
+
npx zuplo test --endpoint https://your-env.zuplo.dev
|
|
39
|
+
|
|
40
|
+
# Clean up environments you no longer need
|
|
41
|
+
npx zuplo delete --environment pr-123 --api-key "$ZUPLO_API_KEY"
|
|
42
|
+
|
|
43
|
+
# Test locally before deploying
|
|
44
|
+
npx zuplo dev # starts local server on port 9000
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
Use `tee` to capture deployment output for passing the URL to test stages. The
|
|
48
|
+
CLI outputs `Deployed to https://...` which you can parse with `grep` or `sed`.
|
|
49
|
+
|
|
50
|
+
## Prerequisites
|
|
51
|
+
|
|
52
|
+
1. **Disconnect Git integration** — If you're using Azure Pipelines for
|
|
53
|
+
deployments, disconnect the native Git integration to avoid duplicate
|
|
54
|
+
deployments. Go to **Settings** > **Source Control** and click
|
|
55
|
+
**Disconnect**.
|
|
56
|
+
|
|
57
|
+
2. **Add your API key** — Store your Zuplo API key as a pipeline variable or in
|
|
58
|
+
a variable group. Go to **Pipelines** > **Library** to create a variable
|
|
59
|
+
group with `ZUPLO_API_KEY`.
|
|
60
|
+
|
|
61
|
+
## Examples
|
|
62
|
+
|
|
63
|
+
Start with the workflow that matches your needs:
|
|
64
|
+
|
|
65
|
+
- **[Basic Deployment](./ci-cd-azure/basic-deployment.mdx)** — Deploy on every
|
|
66
|
+
push to main
|
|
67
|
+
- **[Deploy and Test](./ci-cd-azure/deploy-and-test.mdx)** — Run tests after
|
|
68
|
+
deployment
|
|
69
|
+
- **[PR Preview Environments](./ci-cd-azure/pr-preview-environments.mdx)** —
|
|
70
|
+
Isolated environments for every pull request
|
|
71
|
+
- **[Local Testing in CI](./ci-cd-azure/local-testing.mdx)** — Test with local
|
|
72
|
+
Zuplo server before deploying
|
|
73
|
+
- **[Tag-Based Releases](./ci-cd-azure/tag-based-releases.mdx)** — Deploy only
|
|
74
|
+
on tagged releases
|
|
75
|
+
- **[Multi-Stage Deployment](./ci-cd-azure/multi-stage-deployment.mdx)** —
|
|
76
|
+
Staging to production with approval gates
|
|
77
|
+
|
|
78
|
+
## Complete Example Repository
|
|
79
|
+
|
|
80
|
+
See all these patterns working together in the
|
|
81
|
+
[Zuplo CLI Example Project](https://github.com/zuplo/zup-cli-example-project).
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
---
|
|
2
|
+
title: "Bitbucket Pipelines"
|
|
3
|
+
sidebar_label: Bitbucket Pipelines
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
Bitbucket Pipelines brings CI/CD directly into your Bitbucket workflow. Define
|
|
7
|
+
pipelines in `bitbucket-pipelines.yml` and deploy your Zuplo API gateway
|
|
8
|
+
alongside your code reviews and pull requests.
|
|
9
|
+
|
|
10
|
+
## Why Bitbucket Pipelines with Zuplo?
|
|
11
|
+
|
|
12
|
+
The Zuplo CLI integrates naturally with Bitbucket's pipeline model:
|
|
13
|
+
|
|
14
|
+
**Integrated with Bitbucket** — Pipelines run automatically on pushes and pull
|
|
15
|
+
requests. See deployment status right in your PR. No external CI service to
|
|
16
|
+
manage.
|
|
17
|
+
|
|
18
|
+
**Branch and PR pipelines** — Define different pipelines for branches and pull
|
|
19
|
+
requests. Deploy preview environments for PRs, production from main.
|
|
20
|
+
|
|
21
|
+
**Deployment environments** — Track deployments with Bitbucket Deployments. See
|
|
22
|
+
history, compare environments, and manage releases.
|
|
23
|
+
|
|
24
|
+
**Atlassian ecosystem** — Connect with Jira for deployment tracking. Link
|
|
25
|
+
deployments to issues automatically.
|
|
26
|
+
|
|
27
|
+
## How It Works
|
|
28
|
+
|
|
29
|
+
The Zuplo CLI handles deployment and testing. Bitbucket Pipelines orchestrates
|
|
30
|
+
your workflow:
|
|
31
|
+
|
|
32
|
+
```bash
|
|
33
|
+
# Deploy to Zuplo (environment name from branch or --environment flag)
|
|
34
|
+
npx zuplo deploy --api-key "$ZUPLO_API_KEY"
|
|
35
|
+
|
|
36
|
+
# Run tests against any Zuplo environment
|
|
37
|
+
npx zuplo test --endpoint https://your-env.zuplo.dev
|
|
38
|
+
|
|
39
|
+
# Clean up environments you no longer need
|
|
40
|
+
npx zuplo delete --environment pr-123 --api-key "$ZUPLO_API_KEY"
|
|
41
|
+
|
|
42
|
+
# Test locally before deploying
|
|
43
|
+
npx zuplo dev # starts local server on port 9000
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
Use artifacts to pass the deployment URL between steps. Write the URL to a file
|
|
47
|
+
and mark it as an artifact for subsequent steps.
|
|
48
|
+
|
|
49
|
+
## Prerequisites
|
|
50
|
+
|
|
51
|
+
1. **Disconnect Git integration** — If you're using Bitbucket Pipelines for
|
|
52
|
+
deployments, disconnect the native Git integration to avoid duplicate
|
|
53
|
+
deployments. Go to **Settings** > **Source Control** and click
|
|
54
|
+
**Disconnect**.
|
|
55
|
+
|
|
56
|
+
2. **Add your API key** — Store your Zuplo API key as a repository variable. Go
|
|
57
|
+
to **Repository settings** > **Repository variables** and add
|
|
58
|
+
`ZUPLO_API_KEY`. Check **Secured** to hide it in logs.
|
|
59
|
+
|
|
60
|
+
## Examples
|
|
61
|
+
|
|
62
|
+
Start with the workflow that matches your needs:
|
|
63
|
+
|
|
64
|
+
- **[Basic Deployment](./ci-cd-bitbucket/basic-deployment.mdx)** — Deploy on
|
|
65
|
+
every push to main
|
|
66
|
+
- **[Deploy and Test](./ci-cd-bitbucket/deploy-and-test.mdx)** — Run tests after
|
|
67
|
+
deployment
|
|
68
|
+
- **[PR Preview Environments](./ci-cd-bitbucket/pr-preview-environments.mdx)** —
|
|
69
|
+
Isolated environments for pull requests
|
|
70
|
+
- **[Local Testing in CI](./ci-cd-bitbucket/local-testing.mdx)** — Test with
|
|
71
|
+
local Zuplo server before deploying
|
|
72
|
+
- **[Tag-Based Releases](./ci-cd-bitbucket/tag-based-releases.mdx)** — Deploy
|
|
73
|
+
only on tagged releases
|
|
74
|
+
- **[Multi-Stage Deployment](./ci-cd-bitbucket/multi-stage-deployment.mdx)** —
|
|
75
|
+
Staging to production with manual triggers
|
|
76
|
+
|
|
77
|
+
## Complete Example Repository
|
|
78
|
+
|
|
79
|
+
See all these patterns working together in the
|
|
80
|
+
[Zuplo CLI Example Project](https://github.com/zuplo/zup-cli-example-project).
|