364 Photos and videos
We're running a survey on MCP adoption and would love your input. Takes ~5 minutes, and we'll share the full results with all respondents.
zuplo.link/mcpsurvey
Whether you're building servers, integrating MCP, or just exploring it, your perspective matters.
@MCP_Community
1
2
346
A token minted for one MCP server should be worthless at the next. Usually it isn't.
Two servers behind one identity provider. A token for one is accepted by the other: the signature checks out, nobody reads the aud claim.
Bind it to one server: zuplo.link/SR0qNaJ
ALT Bind Every MCP Token to One Server
35
A developer's editor config has a GitHub PAT, a Stripe key, and a Notion secret. Plaintext, broad scope, and nobody on security knows they exist.
That's shadow MCP. Don't ban it. Put it behind an MCP gateway:
zuplo.link/vwEvGpl
ALT Your Team Already Installed Shadow MCP
1
39
One agent. Four requesters. Eight people's files. Under a minute.
RBAC can't express "this agent, for Alice, may read document 42." Agent authorization has to be per-resource.
zuplo.link/hW1p43i
1
2
107
MCP gateways went from concept to 10-vendor category in a year. PANW just acquired Portkey. Anthropic made the containment case without ever saying "gateway." Full week of deep dives on the Zuplo blog:
zuplo.link/oEi6zWc
43
To celebrate the launch of Zuplo's MCP Gateway, we sat down with Alex Nahas, inventor of WebMCP and collaborator on the Gateway, for a whiteboard breakdown of what WebMCP actually is.
Watch it in full: zuplo.link/yaynahas
1
124
Anthropic found users approve 93% of agent permission prompts. Rubber-stamping starts within weeks. Their fix: a deterministic boundary that cut prompts 84%. Sounds a lot like the functionality you'd get from an MCP Gateway 😉 .
zuplo.link/JSO9Qxt
ALT Anthropic Just Made the Case for MCP Gateways
2
43
Zuplo's MCP Gateway launched this week! It makes it easy to add your own IdP in front of the MCP servers you and your team use daily.
You can also curate those tools, downstream from the official MCP server and reduce the risk surface area, or save on context by stripping out tools you don't use: zuplo.link/bF6VNps
ALT Front a Third-Party Server with the Zuplo MCP Gateway
3
55
Launching the MCP Gateway. Public beta, open today.
One gateway in front of every MCP server your agents touch, yours and third-party.
✅ Full OAuth 2.0, spec-compliant
✅ Expose only the tools you pick
✅ Analytics on every call
Get started for free: zuplo.link/oEi6zWc
1
2
200
Your agent needs API keys from fifteen services. Every one requires a human to sign up first.
auth.md standardises how agents register for credentials on a user's behalf: zuplo.link/bP2dFf6
1
31
Your agent needs three APIs to finish one task. It can't sign up for any of them without you manually creating a key for it to use.
auth.md standardises how agents register for API credentials on your behalf:
zuplo.link/bP2dFf6
ALT How auth.md Standardises Agent Signup
1
29
Arazzo 1.0 only understood OpenAPI. If your workflow crossed into event-driven territory, the spec couldn't follow.
1.1 adds AsyncAPI as a first-class source, workflow chaining, and a Selector Object for pulling values from responses.
zuplo.link/f9avva2
ALT Arazzo Goes Cross-Protocol
1
1
52
The Zuplo MCP server is live.
Add it to Claude Code, Cursor, or any MCP client and your agent can drive your gateway: projects, deployments, keys, domains, logs, config.
Pair with our Agent Skills for maximum effect.
zuplo.link/rl5sRfO
ALT Meet the Zuplo MCP Server
1
1
125
Your error rate spikes at 3am and your dashboard can't tell you it's Claude Code hammering an endpoint.
Zuplo Analytics now breaks out AI agent traffic by agent, error rate, and latency:
zuplo.link/8bGz96i
ALT Introducing Agents Analytics
1
1
69
You connect Claude to GitHub's MCP server and hit a 403 two minutes later. 5,000 req/hour, gone.
Most public MCP servers have no limit, the wrong limit, or one so tight it breaks the protocol handshake.
zuplo.link/gEXsXRT
ALT Never Ship an MCP Server Without a Rate Limit
1
70
Instructure had to rotate every API key across 7,000 schools at once after the Canvas breach. That plus token-based LLM rate limiting, why IP rate limits punish the wrong people, and more on the Zuplo blog this week.
zuplo.link/4VwGoCn
60
Your customer has no idea how close they are to the rate limit until a 429 hits. Wire rate limits, billing, and keys into a developer portal so they never have to guess:
zuplo.link/mQw37xW
ALT Rate Limiting and API Monetization Through the Developer Portal
50
Your customer hits 80% of their API quota and the gateway counted the request that tipped it. Fire the warning email right there. One fetch call, no queue, no worker.
zuplo.link/GG1wH3B
ALT Fire Email Alerts From a Zuplo Policy
34
A new user signs into your developer portal, opens the API playground, and there's no API key. Yet more clicks before "Hello, World."
Fortunately, most auth providers expose a hook that you can use to auto-provision an API key for new developers by the time the portal loads.
In our final #APIKeyWeek tutorial, we walk through creating this seamless first API call experience using Auth0 and the Zuplo Developer Portal: zuplo.link/wmlSxx1
48
Your API needs to accept JWTs from logged-in users and API keys from services. Same endpoint, two credential types.
Zuplo handles it with built-in policies that you chain together, check out how it works: zuplo.link/7j8R2n5
37
Hand-rolling API key management means building hashing, rotation, leak detection, and a key store you have to trust. Or you use Zuplo's API Key Management APIs because it handles all of it, you just need to plug it in to your app: zuplo.link/NwtFDF4
1
72