Build with AI

Zuplo MCP Server

The Zuplo MCP server exposes the Zuplo Developer API through the Model Context Protocol. Agents can manage accounts, deployments, API keys, custom domains, tunnels, audit logs, and more — all in a single, authenticated session.

Endpoint: https://dev.zuplo.com/mcp

Unlike the Docs MCP server, this server is authenticated and performs real operations against your Zuplo account. Use it carefully.

Connecting an agent to this server gives it the same permissions as the API key you authenticate with. Scope the API key tightly (project, environment, permissions) and treat the token like any other production credential.

Authentication

Authenticate using a Zuplo API key. Create one in the Zuplo Portal under Account Settings → API Keys, then pass it as a bearer token:

Code
Authorization: Bearer <ZUPLO_API_KEY>

The API key determines which accounts, projects, and operations the agent can access — only the resources granted to the key are exposed as MCP tools at runtime.

What it does

The server exposes the Developer API surface as MCP tools. Capabilities include:

Area	What agents can do
Accounts	List accounts and identify the caller (`WhoAmI`).
Projects	List projects and environments in an account.
Deployments	List, read, redeploy, and delete deployments. Upload sources and check deployment status.
API Key Buckets	Create, list, read, update, and delete API key buckets.
API Key Consumers	Create, list, read, update, delete, and roll keys for consumers. Manage consumer managers.
API Keys	Create (single or bulk), list, read, update, and delete keys for a consumer.
Custom Domains	Create, list, update, and delete custom domains.
Client mTLS CAs	Create, list, update, and delete client mTLS CA certificates.
Tunnels	Create, list, read, update, and delete tunnels. Configure and inspect tunneled services.
Variables	Create and update environment variables on a project branch.
Audit Logs	Query audit logs with filtering and pagination.
Analytics	Get recent calls and request statistics by status code for a deployment.

The full tool catalog is generated from the Developer API's OpenAPI spec, so new endpoints become available as MCP tools automatically when the API ships them.

Add it to your client

See the Zuplo MCP Server setup guide for step-by-step instructions across Claude Desktop, Claude Code, and other MCP clients. Send the API key in the Authorization header as a bearer token.

Example workflows

Once connected, ask the agent to drive Zuplo through natural-language prompts:

"List all deployments in the production environment of project my-api."
"Create a new API key consumer named acme-corp and generate a key that expires in 30 days."
"Roll all API keys for consumer legacy-client and set a 7-day expiration on the old key."
"Show me the request stats by status code for the latest deployment over the last 24 hours."
"Add api.example.com as a custom domain on the production environment."
"Set the environment variable STRIPE_API_KEY on the main branch."

Security best practices

Use short-lived, narrowly-scoped API keys. Create a dedicated key per agent session or project; don't reuse a single all-powerful key.
Restrict permissions. Limit the key to the smallest set of projects, environments, and permissions the agent needs. See API Keys for the full permissions model.
Never commit keys. Store them in environment variables or a secret manager — not in .claude/settings.json or .cursor/mcp.json.
Audit usage. Use the ListAuditLogsService tool or the Audit Logs view in the Portal to review what the agent did.
Revoke when done. Delete the API key from the Portal as soon as the session is over.

Zuplo Developer API — the underlying REST API.
Zuplo API Keys — create and manage the API keys used to authenticate this MCP server.
Docs MCP Server — pair this with the docs server so agents can both read docs and operate the gateway.
Audit Logs — review changes made by an agent.

Edit this page

Last modified on May 20, 2026

Docs MCP Server Overview

Authentication

Authenticate using a Zuplo API key. Create one in the Zuplo Portal under Account Settings → API Keys, then pass it as a bearer token:

Code

Authorization: Bearer <ZUPLO_API_KEY>

The API key determines which accounts, projects, and operations the agent can access — only the resources granted to the key are exposed as MCP tools at runtime.

What it does

The server exposes the Developer API surface as MCP tools. Capabilities include:

Area

What agents can do

Accounts

List accounts and identify the caller (WhoAmI).

Projects

List projects and environments in an account.

Deployments

List, read, redeploy, and delete deployments. Upload sources and check deployment status.

API Key Buckets

Create, list, read, update, and delete API key buckets.

API Key Consumers

Create, list, read, update, delete, and roll keys for consumers. Manage consumer managers.

API Keys

Create (single or bulk), list, read, update, and delete keys for a consumer.

Custom Domains

Create, list, update, and delete custom domains.

Client mTLS CAs

Create, list, update, and delete client mTLS CA certificates.

Tunnels

Create, list, read, update, and delete tunnels. Configure and inspect tunneled services.

Variables

Create and update environment variables on a project branch.

Audit Logs

Query audit logs with filtering and pagination.

Analytics

Get recent calls and request statistics by status code for a deployment.

The full tool catalog is generated from the Developer API's OpenAPI spec, so new endpoints become available as MCP tools automatically when the API ships them.

Example workflows

Once connected, ask the agent to drive Zuplo through natural-language prompts:

"List all deployments in the production environment of project my-api."

"Create a new API key consumer named acme-corp and generate a key that expires in 30 days."

"Roll all API keys for consumer legacy-client and set a 7-day expiration on the old key."

"Show me the request stats by status code for the latest deployment over the last 24 hours."

"Add api.example.com as a custom domain on the production environment."

"Set the environment variable STRIPE_API_KEY on the main branch."

Security best practices

Use short-lived, narrowly-scoped API keys. Create a dedicated key per agent session or project; don't reuse a single all-powerful key.

Restrict permissions. Limit the key to the smallest set of projects, environments, and permissions the agent needs. See API Keys for the full permissions model.

Never commit keys. Store them in environment variables or a secret manager — not in .claude/settings.json or .cursor/mcp.json.

Audit usage. Use the ListAuditLogsService tool or the Audit Logs view in the Portal to review what the agent did.

Revoke when done. Delete the API key from the Portal as soon as the session is over.

Zuplo Developer API — the underlying REST API.

Zuplo API Keys — create and manage the API keys used to authenticate this MCP server.

Docs MCP Server — pair this with the docs server so agents can both read docs and operate the gateway.

Audit Logs — review changes made by an agent.

Edit this page

Last modified on May 20, 2026

Authentication

What it does

Add it to your client

Example workflows

Security best practices

Related

Authentication

What it does

Add it to your client

Example workflows

Security best practices

Related