Overview
What is Zuplo?
Zuplo is the fastest way to secure, scale, and monetize your APIs. Get authentication, rate limiting, and a developer portal up and running on a fully managed dedicated service, with no infrastructure to operate. The AI Gateway and MCP tooling are built in from the start, letting you govern LLM usage and expose your APIs as tools for any AI agent.
The platform
Zuplo is a fully managed API gateway. It intercepts HTTP traffic between clients and backend services, executing a configurable pipeline of policies — authentication, rate limiting, routing, and response transformation — on every request.
How it's built
Gateway logic is written in TypeScript and stored in a git repository. Routes, policies, and configuration are all code: version-controlled, reviewed in pull requests, and deployed through standard CI/CD.
Where it runs
Zuplo is deployed on Akamai Connected Cloud. Every instance is hosted and maintained by Zuplo — customers deploy code and configuration, not infrastructure. Akamai's CDN and App & API Protector sit upstream as the edge security layer.
The product portfolio
Six products sharing the same gateway runtime, with no separate infrastructure per use case.
Core Product
API Management
A fully managed, programmable API gateway that handles the critical policies every production API needs, without requiring you to build or operate infrastructure.
- Authentication (JWT, OAuth, API keys)
- Rate limiting and quota enforcement per consumer
- Request/response transforms with TypeScript policies
- OpenAPI-native with automatic documentation generation
Platform
Monetization
Turn your APIs into revenue-generating products. Usage-based billing, tiered subscription plans, and Stripe integration are all built into the gateway layer.
- Usage-based billing by request, token, or event
- Tiered plans with quota and rate limit enforcement
- Stripe integration for automated billing
- Revenue and usage analytics per consumer
Platform
Developer Portal
Every Zuplo gateway ships with a branded, self-serve developer portal. API consumers sign up, read docs, generate keys, and manage subscriptions without opening a support ticket.
- Self-serve API key provisioning
- Interactive API documentation
- Usage monitoring and quota visibility
- Custom branding and domain
AI Product
AI Gateway
Purpose-built API management for AI workloads. Sits in front of LLM providers to add the enterprise controls that raw LLM APIs lack.
- Token-based rate limiting and spend controls per consumer
- Unified routing across OpenAI, Anthropic, Google Gemini, and more
- Semantic caching to reduce LLM costs
- Integration with Akamai AI Firewall for AI security and threat detection
Emerging Product
MCP Server
Auto-generate Model Context Protocol servers from any OpenAPI spec, letting AI agents interact with your APIs the same way developers do.
- MCP server configuration from existing OpenAPI specs in minutes
- Authentication and rate limiting applied automatically
- Works with Claude, Cursor, GitHub Copilot, and other MCP clients
Emerging Product
MCP Gateway
Govern MCP servers across your organization at scale. RBAC per team, centralized audit logs, and a central registry that prevents tool sprawl.
- Internal + external MCP server registry
- RBAC per team for tool access control
- Centralized audit logs across all tool calls
- Private beta: request early access
What makes Zuplo different
Most API gateways require you to choose between flexibility and operational simplicity. Zuplo doesn't.
Developer-first
Policies are TypeScript functions, config is code, and everything is reviewable in a pull request. No GUI-only workflows.
Fully managed
No clusters to size, no gateway VMs to patch. Zuplo handles the infrastructure so teams ship features, not ops.
Programmable policies
Any logic that can't be configured with a plugin can be expressed as a TypeScript policy, with full access to request and response.
Built-in developer portal
Every gateway ships with a branded portal. Consumers sign up, read docs, generate keys, and manage subscriptions without a support ticket.
GitOps native
Routes, policies, and config live in a git repo. Deployments are triggered by a push, with no separate deploy-to-gateway step.
Native on Akamai Connected Cloud
Runs on Akamai Connected Cloud with Akamai's CDN and App & API Protector as the upstream security layer — the full Akamai stack, no extra integration work.
API Management
Why every API needs management
An API without management is a liability. The same four gaps appear in every organization that ships an API without a gateway layer, and each one has real business consequences.
No authentication means an open door
Without knowing who is making a request, you can't enforce policies, audit access, or hold anyone accountable for misuse. Any caller, malicious or accidental, can read or modify your data.
No rate limiting means one bad actor can take down your service
A misbehaving client, a runaway script, or a coordinated attack can exhaust your infrastructure in seconds. Rate limiting is the circuit breaker that protects everyone else on the platform.
No observability means problems are invisible
Without logs, metrics, and traces, you're flying blind. You can't diagnose latency spikes, identify error patterns, or understand how your API is actually being used in production.
No monetization means value leaks
APIs power billions in B2B commerce, but only when they're treated as products. Without subscription plans, usage metering, and a self-serve portal, usage doesn't convert to revenue.
Zuplo's API Gateway handles all four in a single programmable layer: authentication, rate limiting, observability, and a built-in developer portal for monetization. Deployed on Akamai Connected Cloud with Akamai's CDN and security layer upstream.
AI Solutions
AI without controls creates new risks at every layer
Deploying AI isn't just an infrastructure problem. It's a governance problem. Each layer of the AI stack introduces a distinct class of risk that generic API management wasn't designed to handle.
AI agents need the same controls as human callers, but they generate far more traffic
An AI agent can fire thousands of requests per minute without rate limiting or auth. The same gateway that protects human-facing APIs must also enforce policies on automated AI clients with the same precision.
LLM calls are expensive and unpredictable without controls
A single misbehaving agent can exhaust your monthly LLM budget in hours. Without token budgets, semantic caching, model routing, and spend limits, AI costs become unpredictable and your margin disappears.
Ungoverned MCP servers become unmanageable at scale
As every team registers their own MCP servers independently, tool access sprawls across the organization. Without RBAC, a central registry, and audit logs, you can't control what AI systems can access or prove it to auditors.
Zuplo's three gateway types address each layer independently. Paired with Akamai AI Firewall, which analyzes AI traffic for prompt injection, jailbreaks, and data exfiltration, you get security coverage across every layer of the AI stack.