Concepts

Request Lifecycle

Every request that reaches Zuplo passes through a well-defined pipeline of stages. Click any stage below to learn what it does, when to use it, and find relevant documentation.

Client Request

Pre-Routing Hooks

Global

When to use

Modify the request URL or headers before Zuplo decides which route handles it. Common for URL normalization, API version routing, or trailing-slash cleanup.

How it works

Receives a standard Request and returns a (possibly modified) Request.

Learn more

Runtime Extensions →Register global hooks and plugins Hooks Reference →All hook types and execution order

Client Response

Client Request

Client Response

Pre-Routing Hooks

Global

When to use

Modify the request URL or headers before Zuplo decides which route handles it. Common for URL normalization, API version routing, or trailing-slash cleanup.

How it works

Receives a standard Request and returns a (possibly modified) Request.

Learn more

Runtime Extensions →Register global hooks and plugins Hooks Reference →All hook types and execution order

Short-circuiting

At several stages, the pipeline can be short-circuited by returning a Response instead of passing the request through:

Pre-routing hooks can return a Response to skip routing entirely
Request hooks can return a Response to skip policies and the handler
Inbound policies can return a Response (e.g., 401 Unauthorized) to skip the handler and outbound policies

This is how authentication policies work: they check credentials and return an error response if the request is not authorized, preventing it from reaching your backend.

Choosing the right extension point

Use a policy when you need reusable logic that applies to multiple routes. Policies are configured per-route in your OpenAPI spec and can be shared across any number of routes. Examples: authentication, rate limiting, request validation, header manipulation.

Use a handler when you need to define the core behavior of a route - forwarding to a backend, generating a response, or implementing business logic. Each route has exactly one handler.

Use a hook when you need logic that runs on every request globally, regardless of route. Examples: adding correlation IDs, security headers, logging, analytics.

I want to...	Use
Authenticate requests	Inbound policy
Rate limit requests	Inbound policy
Validate request bodies	Inbound policy
Forward to a backend	URL Forward Handler
Return custom responses	Function Handler
Transform response bodies	Outbound policy
Add headers to all responses	Response hook
Log every request	Response final hook
Normalize URLs before routing	Pre-routing hook

Edit this page

Last modified on March 27, 2026

How Zuplo Works Project Structure

Concepts

Request Lifecycle

Every request that reaches Zuplo passes through a well-defined pipeline of stages. Click any stage below to learn what it does, when to use it, and find relevant documentation.

Client Request

Pre-Routing Hooks

Global

When to use

Modify the request URL or headers before Zuplo decides which route handles it. Common for URL normalization, API version routing, or trailing-slash cleanup.

How it works

Receives a standard Request and returns a (possibly modified) Request.

Learn more

Runtime Extensions →Register global hooks and plugins Hooks Reference →All hook types and execution order

Client Response

Client Request

Client Response

Pre-Routing Hooks

Global

When to use

Modify the request URL or headers before Zuplo decides which route handles it. Common for URL normalization, API version routing, or trailing-slash cleanup.

How it works

Receives a standard Request and returns a (possibly modified) Request.

Learn more

Runtime Extensions →Register global hooks and plugins Hooks Reference →All hook types and execution order

Short-circuiting

At several stages, the pipeline can be short-circuited by returning a Response instead of passing the request through:

Pre-routing hooks can return a Response to skip routing entirely
Request hooks can return a Response to skip policies and the handler
Inbound policies can return a Response (e.g., 401 Unauthorized) to skip the handler and outbound policies

This is how authentication policies work: they check credentials and return an error response if the request is not authorized, preventing it from reaching your backend.

Choosing the right extension point

Use a handler when you need to define the core behavior of a route - forwarding to a backend, generating a response, or implementing business logic. Each route has exactly one handler.

Use a hook when you need logic that runs on every request globally, regardless of route. Examples: adding correlation IDs, security headers, logging, analytics.

I want to...	Use
Authenticate requests	Inbound policy
Rate limit requests	Inbound policy
Validate request bodies	Inbound policy
Forward to a backend	URL Forward Handler
Return custom responses	Function Handler
Transform response bodies	Outbound policy
Add headers to all responses	Response hook
Log every request	Response final hook
Normalize URLs before routing	Pre-routing hook

Edit this page

Last modified on March 27, 2026

How Zuplo Works Project Structure