npm - zuplo - Versions diffs - 6.70.26 → 6.70.28 - Mend

zuplo 6.70.26 → 6.70.28

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/docs/articles/accounts/switching-between-accounts.mdx +160 -0
package/docs/articles/monetization/api-access.mdx +0 -130
package/docs/articles/monetization/going-to-production.mdx +516 -0
package/docs/articles/monetization/index.mdx +1 -0
package/docs/articles/monetization/monetization-policy.md +1 -4
package/docs/articles/monetization/plan-examples.mdx +34 -6
package/docs/articles/monetization/stripe-integration.md +2 -12
package/docs/articles/monetization/troubleshooting.md +45 -28
package/package.json +4 -4

package/docs/articles/accounts/switching-between-accounts.mdx ADDED Viewed

@@ -0,0 +1,160 @@
+---
+title: Switching Between Accounts
+sidebar_label: Switching Accounts
+---
+If you belong to more than one Zuplo account (for example, your own personal
+account plus an account you were invited to join), you can switch between them
+in the Zuplo Portal without signing out.
+This guide covers accepting an invitation, finding the account switcher, and
+troubleshooting common issues when you can't see an account you expect to have
+access to.
+:::caution{title="Sign in with the same identity"}
+The invitation must be accepted using the same identity (email address and
+sign-in method) it was sent to. Zuplo treats Google sign-in, GitHub sign-in, and
+email-password as separate identities, even when they share an email address. If
+you click an invitation while signed in with a different identity, the
+invitation does not apply.
+:::
+## Accept an account invitation
+When an account admin invites you, Zuplo sends an invitation email to the
+address they entered.
+<Stepper>
+1. Open the invitation email and click the link to accept the invitation.
+1. If you are not already signed in to the Zuplo Portal, sign in with the **same
+   email address and method** the invitation was sent to. See
+   [I accepted the invitation but I don't see the account](#i-accepted-the-invitation-but-i-dont-see-the-account)
+   if you hit a mismatch.
+1. After signing in, the invited account appears in the **Switch Account**
+   submenu of your avatar dropdown.
+</Stepper>
+## Switch accounts in the portal
+Once you belong to multiple accounts, switch between them from the avatar menu.
+<Stepper>
+1. Click your avatar in the **top-right corner** of the portal. The currently
+   active account name appears at the top of the dropdown.
+1. Hover over **Switch Account** to open the submenu, which lists every account
+   you belong to.
+1. Select the account you want to switch to.
+1. The portal reloads in the context of the selected account, showing that
+   account's projects, settings, and resources.
+</Stepper>
+After switching, all navigation within the portal (project lists, account
+settings, billing, logs) reflects the selected account.
+## How multi-account membership works
+When you first sign up for Zuplo, an account is automatically created for you.
+An admin on another account can then invite you by opening their avatar menu,
+selecting **Account Settings → Members**, clicking **Invite to account**, and
+entering your email address and role. Once you accept, you become a member of
+that account in addition to your own.
+Each account is independent. Projects, billing, custom domains, and API keys all
+belong to a specific account. When you switch accounts in the portal, you see
+only the resources that belong to the account you switched into.
+## Roles in an invited account
+Your role in the invited account determines what you can access. The account
+admin assigns your role at invitation and can update it later. For the full
+permission matrix, see [Role Permissions](./roles-and-permissions.mdx).
+:::note
+Role-Based Access Control (RBAC) with Developer and Member roles is an
+enterprise feature. On non-enterprise accounts, all invited users are added as
+**Admin** by default.
+:::
+## Troubleshooting
+### I accepted the invitation but I don't see the account
+This is almost always an **identity mismatch**. Zuplo supports signing in with
+Google, GitHub, and email-password. Different sign-in methods are treated as
+separate identities, even when the underlying email address is the same.
+Work through this checklist:
+- **Check the email address on the invitation.** Confirm it matches exactly the
+  email you use to sign in to Zuplo.
+- **Check your sign-in method.** If the invitation was sent to `you@company.com`
+  and you usually sign in with Google OAuth using that same email, that
+  combination should work. But if you also created a separate email-password
+  account with the same address, Zuplo treats those as different identities.
+  Sign in with the method that matches how the invitation was sent.
+- **Click the invitation link again.** Open the original invitation email and
+  click the accept link while signed in with the correct identity. If you were
+  signed in with a different identity the first time, the invitation may have
+  been applied to the wrong account.
+- **Ask the account admin to verify.** The admin can check **Account Settings →
+  Members** to confirm the invitation status. If it shows as pending, it hasn't
+  been accepted yet. The admin can also remove and re-send the invitation to
+  ensure it goes to the right email.
+### I see the account but not its projects
+If you switched into an account but the project list appears empty or you can't
+open a specific project, check the following:
+- **Your account-level role may not include project visibility.** Users with the
+  **Member** role at the account level cannot view projects unless an admin has
+  granted them a project-level role. Ask the account admin to assign you a role
+  on the specific project you need access to. See
+  [Managing Project Members](./managing-project-members.mdx) for details.
+- **The project may require source control access.** Some projects are connected
+  to a GitHub, GitLab, Bitbucket, or Azure DevOps repository. You may need
+  access to the linked repository in addition to your Zuplo project role.
+### Why doesn't my invitation link work?
+Invitation links can fail for a few reasons:
+- **The link is expired or already used.** Ask the account admin to resend the
+  invitation from **Account Settings → Members**.
+- **The link was opened while signed in as the wrong identity.** Sign out, open
+  the invitation in a fresh browser session, and sign in with the address the
+  invitation was sent to.
+### Why don't I see the account switcher in my avatar menu?
+The **Switch Account** submenu only lists other accounts when you belong to more
+than one. If hovering **Switch Account** shows only your current account, you
+belong to a single account. Ask the relevant account admin to send (or resend)
+an invitation to your address.
+### Do I get the invited account's plan features?
+Yes. Plan-tier features (Free, Builder, Enterprise) are attached to the
+**account**, not to individual users. While working inside a higher-tier
+account, you have access to all features your role permits on that plan,
+regardless of your personal account's plan.
+When you switch back to your personal account, you have access only to the
+features available on your personal account's plan.
+## Related topics
+- [Managing Account Members](./managing-account-members.mdx): How to invite
+  users and manage their roles (admin perspective).
+- [Managing Project Members](./managing-project-members.mdx): How to grant
+  project-level access to account members.
+- [Role Permissions](./roles-and-permissions.mdx): Full permission matrix for
+  account and project roles.

package/docs/articles/monetization/api-access.mdx CHANGED Viewed

@@ -61,136 +61,6 @@ curl \
   --header "Authorization: Bearer $ZAPI_KEY"
 ```
-## Bucket monetization configuration
-Each bucket has an optional `MonetizationConfiguration` record that holds
-bucket-wide defaults. The configuration is read by the runtime and the Developer
-Portal.
-| Method   | Path                                                 |
-| -------- | ---------------------------------------------------- |
-| `GET`    | `/v3/metering/{bucketId}/monetization-configuration` |
-| `PUT`    | `/v3/metering/{bucketId}/monetization-configuration` |
-| `DELETE` | `/v3/metering/{bucketId}/monetization-configuration` |
-The `PUT` endpoint upserts the record. At least one of the four fields below
-must be present. Pass any combination — fields that are omitted retain their
-previous value.
-| Field                          | Type               | Description                                                                                                                                                                                                                                                                                                                                                    |
-| ------------------------------ | ------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `multipleSubscriptionsEnabled` | `boolean`          | Stored on the bucket. Reserved for future enforcement of multi-subscription rules; today the Developer Portal create-subscription path enforces a single active subscription per customer regardless of this flag.                                                                                                                                             |
-| `planOrder`                    | `string[]`         | Plan keys in display order. Drives the pricing page sort and is used by [plan changes](./subscription-lifecycle.md#plan-changes-upgrades-and-downgrades) to decide upgrade vs downgrade — moving to a plan with a higher (or equal) index is treated as an upgrade with `"immediate"` timing; a lower index is a downgrade with `"next_billing_cycle"` timing. |
-| `planSettings`                 | `object`           | Per-plan overrides keyed by plan key. The supported sub-key today is `visiblePhases` — an array of phase keys that should appear on the pricing page. Omitted means no filtering; `[]` hides all phases for that plan.                                                                                                                                         |
-| `maxPaymentOverdueDays`        | `integer` (`>= 0`) | Bucket-level grace period for overdue payments. Used as the lowest-priority value in the resolution chain: customer metadata → plan metadata → this bucket value → built-in default of `3` days. See [Subscription and payment validation](./monetization-policy.md#subscription-and-payment-validation).                                                      |
-```bash
-curl -X PUT "https://dev.zuplo.com/v3/metering/$BUCKET_ID/monetization-configuration" \
-  --header "Authorization: Bearer $ZAPI_KEY" \
-  --header "Content-Type: application/json" \
-  --data '{
-    "planOrder": ["free", "developer", "pro"],
-    "planSettings": {
-      "pro": { "visiblePhases": ["default"] }
-    },
-    "maxPaymentOverdueDays": 7
-  }'
-```
-`DELETE` removes the record entirely; `GET` on a bucket with no record returns
-the schema defaults (`multipleSubscriptionsEnabled: false`, `planOrder: []`,
-`planSettings: {}`, `maxPaymentOverdueDays: 3`).
-## Stripe setup and billing readiness
-These endpoints script the Stripe integration that the
-[Monetization Service UI](./stripe-integration.md#connecting-your-stripe-account)
-runs interactively. They live on the Zuplo developer API, so the request shape
-is documented here.
-### Connect a Stripe app
-```http
-POST /v3/metering/{bucketId}/setup/stripe
-```
-Installs a Stripe app on the bucket and creates the default billing profile
-linked to that app.
-| Field         | Type      | Description                                                                                      |
-| ------------- | --------- | ------------------------------------------------------------------------------------------------ |
-| `apiKey`      | `string`  | Stripe secret or restricted key. Required.                                                       |
-| `name`        | `string`  | Display name for the app. Required.                                                              |
-| `taxEnabled`  | `boolean` | Initial value for `workflow.tax.enabled` on the billing profile. Optional; defaults to `false`.  |
-| `taxEnforced` | `boolean` | Initial value for `workflow.tax.enforced` on the billing profile. Optional; defaults to `false`. |
-| `country`     | `string`  | ISO 3166-1 alpha-2 supplier country for the billing profile. Optional; defaults to `"US"`.       |
-The request fails if the key prefix does not match the bucket environment:
-- Working-copy or preview buckets accept `sk_test_*` or `rk_test_*`.
-- Production buckets accept `sk_live_*` or `rk_live_*`.
-```bash
-curl -X POST "https://dev.zuplo.com/v3/metering/$BUCKET_ID/setup/stripe" \
-  --header "Authorization: Bearer $ZAPI_KEY" \
-  --header "Content-Type: application/json" \
-  --data '{
-    "apiKey": "rk_test_...",
-    "name": "Zuplo Monetization (test)",
-    "taxEnabled": false,
-    "country": "US"
-  }'
-```
-### Read the connected Stripe app
-```http
-GET /v3/metering/{bucketId}/setup/stripe
-```
-Returns a summary of the connected Stripe app, the matched billing profile, and
-connection-test status. Use this to confirm the integration is wired up before
-continuing.
-### Add a billing profile to a Stripe app
-```http
-POST /v3/metering/{bucketId}/setup/stripe/{stripeAppId}/billing-profile
-```
-Creates an additional billing profile against an already-installed Stripe app.
-This is rarely needed — the default profile is created during initial setup. Use
-this endpoint to create per-supplier-country profiles.
-### Check billing readiness
-```http
-GET /v3/metering/{bucketId}/billing-readiness
-```
-Returns:
-```json
-{
-  "hasStripeApp": true,
-  "stripeAppId": "app_01H...",
-  "hasDefaultBillingProfile": true,
-  "defaultBillingProfileId": "bp_01H..."
-}
-```
-Use this in setup wizards to gate the UI on whether Stripe is connected.
-### Update an app
-```http
-PUT /v3/metering/{bucketId}/apps/{appId}
-```
-Replaces an app's configuration (name, description, metadata, and — for Stripe
-apps — `secretAPIKey`). The same key-prefix validation as `POST /setup/stripe`
-applies: a Stripe key must match the bucket environment.
 ## API Reference
 For complete API operations, see the API Reference documentation:

package/docs/articles/monetization/going-to-production.mdx ADDED Viewed

@@ -0,0 +1,516 @@
+---
+title: Going to Production with Monetization
+sidebar_label: Going to Production
+description:
+  Pre-production checklist, Stripe live-mode cutover, billing model readiness,
+  and beta limitations for launching Zuplo API monetization.
+---
+:::note{title="Beta"}
+API Monetization is in beta and free to try. The APIs are stable but should be
+evaluated in non-production environments first. To go to production, contact
+[sales@zuplo.com](mailto:sales@zuplo.com). Production pricing has not yet been
+announced.
+:::
+You have built out your monetization configuration in Stripe test mode and your
+customers are ready to pay real money. This guide covers:
+- The **pre-production checklist**: items to verify before enabling real charges
+- **Billing model readiness**: which pricing models are production-ready today
+- **Stripe live-mode cutover**: step-by-step instructions to connect live
+  payments
+- **Beta limitations**: constraints to design around before launch
+## Before you start
+Going to production with monetization requires coordination with the Zuplo team.
+The monetization feature is currently in **public beta**. The APIs are stable
+and the core billing flows work end-to-end, but production pricing for the
+monetization feature itself has not yet been announced.
+:::tip{title="Email sales to go live"}
+Email [sales@zuplo.com](mailto:sales@zuplo.com) with:
+- Your account slug and project slug
+- The Stripe account ID you plan to use in production
+- Your target go-live date
+- A summary of your pricing model (flat-fee, overages, pay-as-you-go, etc.)
+:::
+The Zuplo team will confirm your configuration, walk you through any
+beta-specific considerations for your use case, and enable your production
+bucket for live billing.
+## Pre-production checklist
+Work through each item before enabling real charges. The summary table lists
+every check; the sections below give the detail and links.
+| #   | Check                              | Why it matters                                                        |
+| --- | ---------------------------------- | --------------------------------------------------------------------- |
+| 1   | Authentication provider verified   | Customers cannot sign in, subscribe, or manage keys without it        |
+| 2   | Meters, features, plans configured | Configuration is per-bucket and does not promote between environments |
+| 3   | Stripe live-mode connected         | Test keys and live keys are completely separate environments          |
+| 4   | Billing profile configured         | Tax calculations and supplier country depend on it                    |
+| 5   | Webhook endpoint validated         | Payment events (charges, failures, disputes) must reach Zuplo         |
+| 6   | Quota behavior chosen and tested   | Hard vs. soft limits change customer experience and billing           |
+| 7   | Subscription lifecycle tested      | Every state transition must work before real money is on the line     |
+| 8   | Payment grace period configured    | Controls when overdue customers lose API access                       |
+### Authentication provider verified
+Your Developer Portal must have an authentication provider configured so that
+customers can sign in, subscribe, and manage their API keys. Verify that your
+auth provider (Auth0, Clerk, or a custom OpenID Connect provider) works
+correctly across all environments: working copy, preview, and production.
+See
+[Developer Portal Setup → Prerequisites](./developer-portal.md#prerequisites)
+for details.
+### Meters, features, and plans configured
+Confirm that your production bucket has the same meters, features, and plans you
+tested in your working-copy or preview bucket. Monetization configuration is
+scoped per-bucket, so you must recreate it in production. It does not
+automatically promote between environments.
+Key checks:
+- **Meter keys match policy configuration.** The meter `slug`/`eventType`, the
+  feature `key`, and the `meters` map in your `MonetizationInboundPolicy` must
+  all use the same key. See
+  [Meters → Naming Consistency](./meters.mdx#naming-consistency).
+- **Plans are published.** Draft plans are not visible to customers. Publish
+  each plan from the Monetization Service in the Zuplo Portal.
+- **Currency is correct.** Plans support any ISO 4217 currency code (USD, EUR,
+  AUD, GBP, etc.). Verify the `currency` field on every plan. It cannot be
+  changed after a plan is created.
+- **Plan ordering is set.** The
+  [monetization configuration](./api-access.mdx#bucket-monetization-configuration)
+  `planOrder` array controls both the pricing page display order and
+  upgrade/downgrade logic. Make sure it reflects your intended tier hierarchy.
+### Stripe live-mode connected
+Your production environment must use a Stripe **live** key (`sk_live_*` or
+`rk_live_*`). Test keys and live keys are completely separate environments in
+Stripe. Customers, invoices, and payment methods created in test mode do not
+exist in live mode.
+:::tip
+Use a **restricted key** (`rk_live_*`) rather than a secret key. A restricted
+key follows the principle of least privilege. See
+[Using a Stripe restricted key](./stripe-integration.md#using-a-stripe-restricted-key)
+for the exact eight permissions your key needs.
+:::
+:::caution
+Use one Stripe key type per Zuplo environment. Do not replace a test key with a
+live key in the same environment. Zuplo rejects a live key on a non-production
+bucket and a test key on a production bucket.
+:::
+### Billing profile configured
+Every bucket that processes payments needs a default billing profile. The
+billing profile is created automatically when you connect Stripe, but you should
+verify:
+| Setting              | What to check                                                    | Reference                                                                              |
+| -------------------- | ---------------------------------------------------------------- | -------------------------------------------------------------------------------------- |
+| **Supplier country** | Set correctly. Tax calculations depend on this value             | [Enable tax collection](./tax-collection.md#enable-tax-collection)                     |
+| **Tax collection**   | Tax registrations added in Stripe and `workflow.tax.enabled` set | [Add tax registrations in Stripe](./tax-collection.md#add-tax-registrations-in-stripe) |
+| **Tax behavior**     | Inclusive vs. exclusive matches your pricing page                | [Tax behavior configuration](./tax-collection.md#tax-behavior-configuration)           |
+### Webhook endpoint validated
+When you connect Stripe, Zuplo registers a webhook endpoint automatically so it
+can react to payment events (successful charges, failed payments, disputes).
+Verify the webhook is healthy:
+<Stepper>
+1. Open your
+   [Stripe Dashboard → Developers → Webhooks](https://dashboard.stripe.com/webhooks).
+1. Find the Zuplo-managed endpoint.
+1. Confirm recent deliveries show `2xx` responses (typically `201 OK`), not
+   failures or timeouts.
+</Stepper>
+<ModalScreenshot size="md">
+![Stripe Dashboard Webhooks workbench showing event deliveries to the Zuplo metering endpoint with consecutive 201 OK responses for invoice.paid, invoice.payment_succeeded, and invoice.finalized events](../../../public/media/monetization-going-to-production/stripe-webhooks.png)
+</ModalScreenshot>
+### Quota behavior chosen and tested
+Each metered entitlement can enforce a **hard limit** or a **soft limit**:
+| Setting              | Quota exhausted behavior         | Overage billed?          |
+| -------------------- | -------------------------------- | ------------------------ |
+| `isSoftLimit: false` | Returns `403 Forbidden`          | No                       |
+| `isSoftLimit: true`  | Request allowed, usage continues | Yes, per-unit in arrears |
+Test both paths in your working-copy environment before going live:
+<Stepper>
+1. Subscribe to a plan with a low quota (e.g., 10 requests).
+1. Exceed the quota and verify the correct behavior: either a `403` response
+   (hard limit) or continued access with usage counting above the entitlement
+   (soft limit).
+1. Check the Stripe test dashboard to verify that invoices include the expected
+   line items.
+</Stepper>
+See [Rate Cards](./rate-cards.mdx) for how `isSoftLimit` and `issueAfterReset`
+interact, and [Monetization Policy Reference](./monetization-policy.md) for how
+the gateway enforces limits.
+### Subscription lifecycle tested
+Before real money is on the line, walk through every lifecycle state:
+| State          | How to test                                                                                                                                                                                   |
+| -------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Subscribe      | Subscribe to a plan via the Developer Portal using [Stripe test cards](https://docs.stripe.com/testing)                                                                                       |
+| Upgrade        | Move from a lower plan to a higher plan. Entitlements should change immediately and the proration credit should appear on the next invoice                                                    |
+| Downgrade      | Move from a higher plan to a lower plan. The change should take effect at the next billing cycle, not immediately                                                                             |
+| Cancel         | Cancel a subscription. Access should continue until the billing period ends, then be revoked                                                                                                  |
+| Reactivate     | Reactivate a canceled subscription before the period ends. Access should be restored                                                                                                          |
+| Failed payment | Use Stripe test card `4000 0000 0000 0341` (attaches to customer but fails on charge) to verify grace period behavior and that access is blocked after the configured `maxPaymentOverdueDays` |
+See [Subscription Lifecycle](./subscription-lifecycle.md) for the full details
+on each state transition.
+### Payment grace period configured
+The default grace period for overdue payments is 3 days. During this window,
+customers retain API access while Stripe retries the charge. After the grace
+period, access is blocked.
+You can customize the grace period at three levels. Higher precedence overrides
+lower:
+| Precedence  | Where                      | Field / Key                                                                               |
+| ----------- | -------------------------- | ----------------------------------------------------------------------------------------- |
+| 1 (highest) | Stripe customer metadata   | `zuplo_max_payment_overdue_days`                                                          |
+| 2           | Stripe plan metadata       | `zuplo_max_payment_overdue_days`                                                          |
+| 3 (lowest)  | Bucket monetization config | `maxPaymentOverdueDays` ([reference](./api-access.mdx#bucket-monetization-configuration)) |
+Set the value to `0` to block access immediately when payment fails.
+## Billing models in production
+Not all billing models have the same level of portal support today. Choose the
+right model for your launch based on current readiness.
+| Model                        | Status                 | Notes                                                         |
+| ---------------------------- | ---------------------- | ------------------------------------------------------------- |
+| Fixed monthly quotas         | Production-ready       | Fully supported end-to-end                                    |
+| Monthly quotas with overages | Production-ready       | Modeled as graduated tiered pricing with `isSoftLimit: true`  |
+| Pay-as-you-go                | Limited portal support | Underlying model works; portal pricing table not fully tested |
+| Credits / tokens (prepaid)   | Limited portal support | Underlying model works; portal experience not fully tested    |
+### Fixed monthly quotas (production-ready)
+The most common and most stable model. Customers pay a flat monthly price for an
+included number of requests. When the quota is exhausted, the API returns
+`403 Forbidden` (hard limit) or bills overages (soft limit).
+This model is fully supported in the Developer Portal pricing table, checkout
+flow, usage dashboard, and invoicing.
+See
+[Billing Models → Fixed monthly quotas](./billing-models.md#fixed-monthly-quotas)
+for configuration examples.
+### Monthly quotas with overages (production-ready)
+A hybrid model where customers pay a base price for an included allowance, with
+per-unit overage billing in arrears for usage above the limit. This is modeled
+using graduated tiered pricing with `isSoftLimit: true`.
+Fully supported end-to-end. See
+[Billing Models → Monthly quotas with overages](./billing-models.md#monthly-quotas-with-overages)
+for examples.
+### Pay-as-you-go (limited portal support)
+Pure pay-as-you-go billing (no upfront cost, bill entirely in arrears for actual
+usage) is supported by the underlying monetization models, but the **Developer
+Portal pricing table experience has not been fully tested** for this billing
+model yet.
+If you need pay-as-you-go pricing in production, contact
+[support@zuplo.com](mailto:support@zuplo.com) to discuss your use case and
+current workarounds.
+See [Billing Models → Pay-as-you-go](./billing-models.md#pay-as-you-go) for the
+data model and configuration.
+### Credits / tokens (prepaid, limited portal support)
+Credit/token-based billing is supported by the underlying data model, but the
+**Developer Portal experience has not been fully tested** for this billing
+model.
+If you need prepaid credit billing, contact
+[sales@zuplo.com](mailto:sales@zuplo.com) to discuss your use case.
+See
+[Billing Models → Credits / tokens](./billing-models.md#credits--tokens-prepaid)
+for configuration examples.
+## How usage metering works with Stripe
+A common point of confusion: Zuplo does **not** use Stripe Billing Meters,
+Stripe Subscriptions, Stripe Products, or Stripe Prices. Zuplo manages plans,
+subscriptions, metering, and entitlements internally. Stripe is used only for
+**money**: collecting payments and issuing invoices.
+![API requests are metered by Zuplo's MonetizationInboundPolicy, aggregated and priced inside the Zuplo platform, then materialized as a Stripe invoice at the end of the billing period for Stripe to collect from the customer](../../../public/media/monetization-going-to-production/metering-flow.png)
+The flow works like this:
+1. Every API request that hits a monetized route is metered in real time by the
+   `MonetizationInboundPolicy`.
+2. Usage events are aggregated internally by Zuplo. They are not sent to Stripe
+   as individual events.
+3. At the end of each billing period, Zuplo calculates the total usage, applies
+   the plan's pricing model (flat fee, tiered, per-unit, etc.), and creates a
+   **Stripe Invoice** with the appropriate line items.
+4. Stripe collects payment from the customer's saved payment method.
+This means you will **not** see usage events, billing meters, or subscription
+objects in your Stripe dashboard. You will see **Customers** and **Invoices**.
+To check usage and subscription state, use the
+[Zuplo metering API](./api-access.mdx#authentication) or the Developer Portal's
+usage dashboard.
+<details>
+<summary>Why usage events might not appear in Stripe</summary>
+If you expected to see per-request usage events in Stripe and they are not
+there, this is by design. Zuplo does not call Stripe's metered billing APIs.
+Usage is materialized as invoice line items at billing time only.
+To verify that metering is working:
+1. Make API requests to a monetized endpoint.
+2. Check the Developer Portal usage dashboard. It should show real-time usage.
+3. Query the meter directly via the API:
+```bash
+curl -X POST "https://dev.zuplo.com/v3/metering/$BUCKET_ID/meters/api_requests/query" \
+  -H "Authorization: Bearer $ZAPI_KEY" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "filterSubscription": ["SUBSCRIPTION_ID"],
+    "from": "2026-05-01T00:00:00Z",
+    "to": "2026-05-31T23:59:59Z",
+    "windowSize": "DAY"
+  }'
+```
+If the usage dashboard shows zero despite active traffic, see
+[Troubleshooting → Usage dashboard shows zero](./troubleshooting.md#usage-dashboard-shows-zero-despite-active-api-traffic).
+</details>
+## Connecting Stripe live mode
+When your test configuration is validated and you are ready to accept real
+payments, follow these steps to connect your production environment to Stripe
+live mode.
+### Step 1: Create a Stripe restricted key for production
+<Stepper>
+1. In the [Stripe Dashboard](https://dashboard.stripe.com), switch to **live
+   mode** (toggle in the top-right corner).
+1. Go to **Developers → API keys → Create restricted key**.
+1. Name the key `Zuplo Monetization (production)`.
+1. Enable the eight permissions listed in
+   [Using a Stripe restricted key](./stripe-integration.md#using-a-stripe-restricted-key).
+1. Click **Create key** and copy the value (`rk_live_...`).
+</Stepper>
+### Step 2: Connect to your production environment
+<Stepper>
+1. Open your project's
+   [**Services**](https://portal.zuplo.com/+/account/project/services) page in
+   the Zuplo Portal.
+1. Select the **Production** environment.
+1. Open the Monetization Service, then go to **Payment Provider**.
+1. Paste your live restricted key (`rk_live_...`) and click **Save**.
+</Stepper>
+<ModalScreenshot size="md">
+![Zuplo Portal Monetization Service with the Prod environment selected and the Payment Provider tab open, showing the disconnected Stripe card, Stripe API Key field with Save button, Billing Profiles, and Payment Overage sections](../../../public/media/monetization-going-to-production/configure-stripe-production.png)
+</ModalScreenshot>
+### Step 3: Recreate your monetization configuration
+Because monetization configuration is scoped per-bucket, you need to set up
+meters, features, plans, and the monetization configuration in your production
+bucket. You can do this through the Portal UI or via the
+[monetization APIs](./api-access.mdx).
+### Step 4: Verify with a real charge
+<Stepper>
+1. Publish at least one plan in your production environment.
+1. Open the Developer Portal on your production URL.
+1. Subscribe to a plan using a real payment method.
+1. Confirm in the Stripe Dashboard (live mode) that a **Customer** was created
+   and the **Webhook** endpoint is registered and showing `2xx` responses.
+1. Make a few API requests and verify the usage dashboard updates.
+1. Cancel the test subscription when done.
+</Stepper>
+### Step 5: Monitor first production transactions
+After going live, keep a close eye on:
+| Surface                            | What to check                                                                            |
+| ---------------------------------- | ---------------------------------------------------------------------------------------- |
+| Stripe Dashboard → Invoices        | Invoices are created at the end of each billing period with the correct line items       |
+| Stripe Dashboard → Webhooks        | All webhook deliveries are succeeding                                                    |
+| Developer Portal → Usage Dashboard | Customer-facing usage numbers match your expectations                                    |
+| API responses                      | Monetized routes return `200` for subscribed customers and `403` for over-quota requests |
+## Known beta limitations
+The following limitations apply during the beta period. Design around them when
+planning your production launch. As noted in
+[Before you start](#before-you-start), production access requires coordination
+with the Zuplo sales team, and production pricing for the monetization feature
+has not yet been announced.
+<details>
+<summary>Pay-as-you-go and credits portal experience</summary>
+Pure pay-as-you-go and credit/token-based billing models are supported by the
+underlying data model and APIs, but the Developer Portal pricing table has not
+been fully tested for these models. If your business requires either model,
+coordinate with Zuplo support for guidance on workarounds.
+</details>
+<details>
+<summary>Configuration does not promote between environments</summary>
+Meters, features, plans, and monetization configuration are scoped to individual
+buckets. There is no built-in promotion mechanism to copy configuration from
+working-copy to production. You must recreate or script the configuration in
+each environment separately using the APIs documented in
+[API Access](./api-access.mdx).
+</details>
+<details>
+<summary>Single active subscription per customer (default)</summary>
+By default, each customer can hold one active subscription at a time.
+Multi-subscription support (e.g., a primary subscription plus a credit pack) is
+available on request. Contact [sales@zuplo.com](mailto:sales@zuplo.com) to
+enable it for your bucket.
+See
+[Subscription Lifecycle → Subscriptions per customer](./subscription-lifecycle.md#subscriptions-per-customer)
+for details on multi-subscription scenarios.
+</details>
+## Zuplo plan requirements for monetization
+Monetization is available during beta on all Zuplo plan tiers, including Free
+and Builder. However, production workloads typically need capabilities that
+exceed what the Free and Builder tiers offer.
+| Plan                    | Gateway devs | Custom domains | Support                     | Production fit                                                    |
+| ----------------------- | ------------ | -------------- | --------------------------- | ----------------------------------------------------------------- |
+| **Free**                | Up to 2      | 0              | Community                   | Testing monetization only; not suitable for production billing    |
+| **Builder** ($25/mo)    | Up to 2      | 2              | Community                   | Small-scale production if you don't need more team members or SLA |
+| **Enterprise** (custom) | Custom       | Custom         | Priority, SLA up to 99.999% | Required for >2 devs, additional domains, log retention, or SLA   |
+There is currently no self-serve plan between Builder and Enterprise. If you
+need capabilities beyond Builder but are not ready for a full Enterprise
+engagement, email [sales@zuplo.com](mailto:sales@zuplo.com) to discuss your
+options.
+For current plan details and pricing, see the
+[Zuplo pricing page](https://zuplo.com/pricing).
+## Getting help when going live
+| Situation                                                                                                                                                  | Contact                                       |
+| ---------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------- |
+| Ready to enable production billing for the first time, discussing production pricing, multi-subscription support, or a plan between Builder and Enterprise | [sales@zuplo.com](mailto:sales@zuplo.com)     |
+| Something is not working as expected, debugging a billing or metering issue, or questions about a beta limitation or workaround                            | [support@zuplo.com](mailto:support@zuplo.com) |
+### What to include in your request
+To help the team resolve your issue quickly, include:
+| Field              | Where to find / what to provide                        |
+| ------------------ | ------------------------------------------------------ |
+| Account slug       | Your Zuplo account identifier                          |
+| Project slug       | The project with monetization enabled                  |
+| Bucket ID          | Project Services → Bucket Details                      |
+| Stripe account ID  | Stripe Dashboard → Settings, starts with `acct_`       |
+| Plan keys          | The plan keys involved in the issue                    |
+| Subscription ID    | If the issue is subscription-specific                  |
+| Steps to reproduce | What you did, what you expected, what happened instead |
+## Next steps
+Once you have completed the checklist, connected Stripe live mode, and verified
+your first real charge, your monetized API is in production. Monitor your
+[Stripe Dashboard](https://dashboard.stripe.com) webhooks and invoices closely
+during the first billing cycle.
+- [Troubleshooting](./troubleshooting.md): common issues and debugging tools
+- [Subscription Lifecycle](./subscription-lifecycle.md): managing ongoing
+  upgrades, downgrades, and cancellations
+- [Billing Models Guide](./billing-models.md): exploring additional pricing
+  strategies as your business grows

package/docs/articles/monetization/index.mdx CHANGED Viewed

@@ -110,5 +110,6 @@ pricing, wire up Stripe, and configure your gateway to enforce quotas.
 | [Subscription Lifecycle](./monetization/subscription-lifecycle.md)     | Managing trials, upgrades, downgrades, and cancellations                              |
 | [Private Plans](./monetization/private-plans.md)                       | Invite-only plans for specific users                                                  |
 | [Tax Collection](./monetization/tax-collection.md)                     | Enabling VAT, sales tax, or GST via Stripe Tax                                        |
+| [Going to Production](./monetization/going-to-production.mdx)          | Pre-launch checklist, Stripe live mode, and beta considerations                       |
 | [Plan Examples](./monetization/plan-examples.mdx)                      | Real-world plan configurations                                                        |
 | [Troubleshooting](./monetization/troubleshooting.md)                   | Common issues, debugging, and FAQ                                                     |

package/docs/articles/monetization/monetization-policy.md CHANGED Viewed

@@ -154,10 +154,7 @@ below it:
 1. **Customer metadata** — `zuplo_max_payment_overdue_days` on the customer
 2. **Plan metadata** — `zuplo_max_payment_overdue_days` on the plan
-3. **Bucket configuration** — `maxPaymentOverdueDays` on the bucket's
-   monetization configuration (PUT
-   `/v3/metering/{bucketId}/monetization-configuration`)
-4. **Default** — `3` days
+3. **Default** — `3` days
 Set the value to `0` to block requests immediately when payment is overdue.

package/docs/articles/monetization/plan-examples.mdx CHANGED Viewed

@@ -190,6 +190,17 @@ curl \
       "name": "Default",
       "duration": null,
       "rateCards": [
+        {
+          "type": "flat_fee",
+          "key": "subscription_fee",
+          "name": "Starter Plan Subscription",
+          "billingCadence": "P1M",
+          "price": {
+            "type": "flat",
+            "amount": "9.99",
+            "paymentTerm": "in_advance"
+          }
+        },
         {
           "type": "usage_based",
           "key": "api_requests",
@@ -208,7 +219,7 @@ curl \
             "tiers": [
               {
                 "upToAmount": "1000",
-                "flatPrice": { "type": "flat", "amount": "9.99" },
+                "flatPrice": { "type": "flat", "amount": "0.00" },
                 "unitPrice": null
               },
               {
@@ -227,10 +238,16 @@ EOF
 **What changed:**
-- Changed the rate card from `flat_fee` to `usage_based`
-- Changed `isSoftLimit` to `true` - requests continue after 1,000
-- Combined base fee and overage into tiered pricing: first 1,000 cost $9.99
-  flat, then $0.01 per additional request
+- Split the default phase into two rate cards: a billing-only `flat_fee` rate
+  card (no `featureKey`, `paymentTerm: "in_advance"`) that collects the $9.99
+  subscription fee at the start of each billing period, and a `usage_based` rate
+  card that grants the entitlement and prices overage
+- Tier 1's `flatPrice` is set to $0 because the $9.99 is now collected by the
+  separate `flat_fee` rate card — leaving it at $9.99 here would double-charge
+  the customer in arrears at the end of the period
+- Changed `isSoftLimit` to `true` so requests continue past 1,000 and tier 2
+  applies — overage is billed at $0.01 per request above the allowance, in
+  arrears at the end of the period
 **Example billing:**
@@ -305,6 +322,17 @@ curl \
       "name": "Default",
       "duration": null,
       "rateCards": [
+        {
+          "type": "flat_fee",
+          "key": "subscription_fee",
+          "name": "Starter Plan Subscription",
+          "billingCadence": "P1M",
+          "price": {
+            "type": "flat",
+            "amount": "9.99",
+            "paymentTerm": "in_advance"
+          }
+        },
         {
           "type": "usage_based",
           "key": "api_requests",
@@ -323,7 +351,7 @@ curl \
             "tiers": [
               {
                 "upToAmount": "1000",
-                "flatPrice": { "type": "flat", "amount": "9.99" },
+                "flatPrice": { "type": "flat", "amount": "0.00" },
                 "unitPrice": null
               },
               {

package/docs/articles/monetization/stripe-integration.md CHANGED Viewed

@@ -49,15 +49,6 @@ in Stripe at the moment a charge is needed (as invoice line items).
 3. Paste your **Stripe API Key**
 4. Click **Save**
-:::tip
-To script the same flow (CI, infrastructure-as-code, etc.) use the
-[Stripe setup API](./api-access.mdx#stripe-setup-and-billing-readiness) — it
-exposes `POST /setup/stripe`, `GET /billing-readiness`, and key-rotation
-endpoints with the same prefix validation as the UI.
-:::
 The connection authorizes Zuplo to manage Stripe objects on your behalf —
 specifically Customers, Checkout Sessions, Customer Portal Sessions, Invoices,
 and Tax Calculations. See
@@ -255,9 +246,8 @@ Stripe retries the payment.
 | `failed`        | Access blocked after grace period (configurable) |
 | `uncollectible` | Access blocked                                   |
-The grace period is configurable, with customer metadata overriding plan
-metadata, which overrides the bucket-level `maxPaymentOverdueDays`. Default is 3
-days. See
+The grace period is configurable via customer or plan metadata, with customer
+metadata overriding plan metadata. Default is 3 days. See
 [Subscription and payment validation](./monetization-policy.md#subscription-and-payment-validation)
 for the full resolution order.

package/docs/articles/monetization/troubleshooting.md CHANGED Viewed

@@ -26,13 +26,12 @@ announced.
    access is blocked.
    ```bash
-   curl https://dev.zuplo.com/v3/metering/{bucketId}/customers/{CUSTOMER_ID}/subscriptions \
-     -H "Authorization: Bearer {API_KEY}"
+   curl https://dev.zuplo.com/v3/metering/${BUCKET_ID}/customers/${CUSTOMER_ID}/subscriptions \
+     -H "Authorization: Bearer ${API_KEY}"
    ```
    Fix: Either resolve the payment issue in Stripe, or adjust the grace period.
-   The window resolves customer metadata → plan metadata → bucket configuration
-   → 3-day default. See
+   The window resolves customer metadata → plan metadata → 3-day default. See
    [Subscription and payment validation](./monetization-policy.md#subscription-and-payment-validation)
    for details.
@@ -142,27 +141,29 @@ entitlements don't change.
 ```bash
 # List subscriptions for a customer
-curl https://dev.zuplo.com/v3/metering/{bucketId}/customers/{CUSTOMER_ID}/subscriptions \
-  -H "Authorization: Bearer {API_KEY}"
+curl https://dev.zuplo.com/v3/metering/${BUCKET_ID}/customers/${CUSTOMER_ID}/subscriptions \
+  -H "Authorization: Bearer ${API_KEY}"
 # Check subscription access and entitlements
-curl https://dev.zuplo.com/v3/metering/{bucketId}/subscriptions/{subscriptionId}/access \
-  -H "Authorization: Bearer {API_KEY}"
+curl https://dev.zuplo.com/v3/metering/${BUCKET_ID}/subscriptions/${SUBSCRIPTION_ID}/access \
+  -H "Authorization: Bearer ${API_KEY}"
 ```
 ### Check meter usage
 ```bash
 # Query meter usage for the current month
-curl -X POST https://dev.zuplo.com/v3/metering/{bucketId}/meters/{meterIdOrSlug}/query \
-  -H "Authorization: Bearer {API_KEY}" \
+curl -X POST https://dev.zuplo.com/v3/metering/${BUCKET_ID}/meters/${METER_ID_OR_SLUG}/query \
+  -H "Authorization: Bearer ${API_KEY}" \
   -H "Content-Type: application/json" \
-  -d '{
-    "filterSubscription": ["{SUBSCRIPTION_ID}"],
-    "from": "2026-03-01T00:00:00Z",
-    "to": "2026-03-31T23:59:59Z",
-    "windowSize": "DAY"
-  }'
+  -d @- <<EOF
+{
+  "filterSubscription": ["${SUBSCRIPTION_ID}"],
+  "from": "2026-03-01T00:00:00Z",
+  "to": "2026-12-31T23:59:59Z",
+  "windowSize": "DAY"
+}
+EOF
 ```
 ### Test with cURL
@@ -171,7 +172,7 @@ Verify the full flow manually:
 ```bash
 # Make a request to a monetized endpoint
-curl -v -H "Authorization: Bearer {CUSTOMER_API_KEY}" \
+curl -v -H "Authorization: Bearer ${CUSTOMER_API_KEY}" \
   https://your-api.zuplo.dev/api/v1/resource
 # Check the response status and body for error details
@@ -195,30 +196,46 @@ products.
 ### What happens if Stripe is down?
-Zuplo caches subscription and quota state locally. If Stripe is temporarily
-unavailable, existing customers continue to have access based on their cached
-subscription state. New subscriptions and plan changes require Stripe to be
-available.
+Zuplo's API request path doesn't go through Stripe. The runtime validates each
+request against Zuplo's own subscription store, so existing customers keep
+access while Stripe is unavailable. New paid subscriptions and billing-affecting
+plan changes do need Stripe and have to wait; free plans skip Stripe Checkout
+entirely and still work. If Stripe misses scheduled payments during the outage,
+the [grace period](./monetization-policy.md#subscription-and-payment-validation)
+(default 3 days) absorbs them once Stripe recovers and reports the failures.
 ### Can I use currencies other than USD?
 Yes. Plans support any ISO 4217 currency code. Set the `currency` field when
 creating a plan. You can offer the same plan in multiple currencies by creating
-separate plan objects (e.g., `pro-usd` and `pro-eur`).
+separate plan objects (e.g., `pro_usd` and `pro_eur`).
 ### How are overages calculated?
-Overages are modeled using graduated tiered pricing. The first tier covers the
-included allowance at a flat price, and subsequent tiers charge per-unit for
-usage beyond the allowance. See [Pricing Models](./pricing-models.mdx) for
-details.
+Overage uses graduated tiered pricing on a `usage_based` rate card. Every tier
+has two price slots, `flatPrice` and `unitPrice` — either or both can be set
+(each may be 0), and a tier charges its flat price plus its per-unit price times
+the units consumed inside the tier. All tier-based charges are billed in arrears
+at the end of the billing cycle. The entitlement must set `isSoftLimit: true`,
+otherwise the policy returns 403 at the quota line and there's no overage to
+bill.
+For example, tier 1 with `flatPrice: $499` covers the first 1M requests; tier 2
+with `unitPrice: $0.0005` covers each request after. A customer who used 1.2M
+requests invoices $499 + (200,000 × $0.0005) = $599 at the end of the period.
+If you need a fixed fee billed at the **start** of the cycle instead, add a
+separate billing-only rate card alongside the usage-based one (no `featureKey`,
+`paymentTerm: "in_advance"`) — see
+[Base fee in advance](./billing-models.md#example-base-fee-in-advance). For the
+full rate card shape, see
+[Included Usage with Overage](./pricing-models.mdx#included-usage-with-overage).
 ### Can I set spending limits for pay-as-you-go customers?
 You can set a hard entitlement limit that acts as a spending cap (e.g., max
 100,000 requests regardless of willingness to pay). Alternatively, use a custom
-policy to check current usage against a configurable limit, or set up Stripe
-billing alerts to notify customers approaching a threshold.
+policy to check current usage against a configurable limit.
 ### Do meters count retried requests?

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "zuplo",
-  "version": "6.70.26",
+  "version": "6.70.28",
   "type": "module",
   "description": "The programmable API Gateway",
   "author": "Zuplo, Inc.",
@@ -19,9 +19,9 @@
     "zuplo": "zuplo.js"
   },
   "dependencies": {
-    "@zuplo/cli": "6.70.26",
-    "@zuplo/core": "6.70.26",
-    "@zuplo/runtime": "6.70.26",
+    "@zuplo/cli": "6.70.28",
+    "@zuplo/core": "6.70.28",
+    "@zuplo/runtime": "6.70.28",
     "@zuplo/test": "1.4.0"
   }
 }