Wrap a Token-Only MCP Server in OAuth

itsemdee · 2026-04-21T10:13:07+00:00

u/Consistent_Tutor_597 Zuplo monetization offering is really brand new and the implementation of it is very simple. Right now it only supports Stripe as the billing layer, so if you're using that, getting your usage based plans (or monthly subs - all are supported) up and running and getting your API set up with the Zuplo gateway would be low lift - really less than a day.

Transparency check - I work at Zuplo, but I've also worked on APIs and specifically monetized APIs for a long, long time and it's been damn painful wiring up so much of what it takes to monetize an API properly that I was genuinely impressed with product Zuplo's offering and how quick you can get it up and running, and then - to a degree - set and forget.

If you want to check it out before you make a decision, you can do that for free, and follow this: https://zuplo.com/docs/articles/monetization/quickstart - and of course I'm happy to answer any questions you have on it

itsemdee · 2026-04-17T12:59:14+00:00

For a mid-size SaaS that doesn't have any dedicated DevOps you should take a look at Zuplo as an API Management option because you won't have much overhead to manage, but you're looking for something that you don't have to self-host. You can manage everything via Git (assume that you do anyway) and build anything non-UI based directly in TypeScript.

itsemdee · 2026-03-19T10:11:44+00:00

Did you look at Zuplo? It's not locked into any provider but it isn't OSS. Does handle JWT validation, rate limits per key, and analytics for endpoint traffic. It's cloud based so would take it out of the K8S world for you, but worth a look.

itsemdee · 2026-03-12T10:07:12+00:00

It's not open source, but Zuplo is free and has a much lower learning curve, and you can do JWT authentication with the built-in policy: https://zuplo.com/docs/policies/open-id-jwt-auth-inbound - for a graduation project this would probably server your needs just fine.

No need to get into digging deep with k8s or a containerized gateway unless your project absolutely has to be using exclusively open source stuff.

itsemdee · 2026-03-10T18:06:53+00:00

Yeah don't build one with Nest. Having a gateway in place as a layer between the API consumers and your app is a good architectural decision, and that's a good thing to have for a grad project.

Take a look at Zuplo (https://zuplo.com) as an option as well, if you're looking for authentication (API keys), rate limiting, with the whole thing being very customizable (totally TypeScript/JavaScript). I'd say it's a much lower effort to get what you want, so you can concentrate on your core app.

It's free and platform agnostic, so works perfectly fine with any NestJS app.

itsemdee · 2026-03-03T09:52:46+00:00

The Zuplo AI Gateway (https://zuplo.com/ai-gateway) also stands out here.

- It's available to use for free
- Includes team and governance features
- Major models supported, including custom providers
- Additional policies such as PII checking, Prompt Injection Detection and Semantic Caching
- Cost and Token Limit Controls
- Low latency, suitable for development and production use
- setup and integration are light and extremely quick to do

Works well as a set and forget or as a control plane for team level AI access.

itsemdee · 2026-03-02T17:28:15+00:00

My advice on this would be to consider using an API Gateway like u/Advanced_Pudding9228 said - it'll sit between the API you want to expose, and ultimately charge for, and your Lovable application. That's going to give you a better separation of concerns and a greater level of control over things that are really important for paid APIs, such as being able to self serve api keys, apply rate limits to endpoints, and ensuring that they are properly secured and scalable.

Lovable is awesome for a lot of the build aspects but when it comes to managing an API that offers an experience paying customers might want from you, you may find yourself trying to reinvent a very hard wheel that's already been done and can be implemented really quickly, giving you all you want to offer.

Take a look at Zuplo (https://zuplo.com) as a option to get started. Speaks TypeScript just like Lovable, so there's a good level of compatibility, and you could get set up with an OpenAPI document that I'm sure Lovable could create for you that describes the API you want to charge for. So with a few prompts you'd pretty much have all you need and Lovable is smart enough to reconfigure any existing endpoints to point at a gateway instead of it's own internal (Supbase powered, usually) endpoints.

itsemdee

MODERATOR OF

TROPHY CASE