Skip to main content

Natural Language for Your API Control Plane — Introducing Zerq Copilot

Zerq Copilot for Management lets platform and operations teams configure and run the gateway through natural language, backed by Management MCP. Full platform scope — collections, proxies, workflows, policies, clients, credentials, audit history, and metrics — with every action running under your OIDC session.

  • copilot
  • ai
  • platform
  • api-management
  • operations
Zerq team

There is a category of operational task that every platform team recognises: the five-minute thing that takes forty minutes. Stand up a new collection, wire a proxy to an upstream, attach a rate-limit policy, create a client credential, assign it to the right access profile, and verify the published product looks correct. Each step is a few clicks or a few lines of config. But you have to remember the sequence, navigate between screens, and check the results before moving to the next step.

Zerq Copilot for Management is designed to collapse that sequence into a single conversation. Describe the outcome in plain language. The platform maps your intent to the right Management MCP actions using your signed-in session, executes them in order, and narrates what happened — including a confirmation before any destructive step.

What it actually does

Copilot for Management is embedded in the Zerq console, alongside the work you are already doing. It does not require a separate login, a separate toolchain, or a separate configuration path. It uses your OIDC session — the same identity that governs what you can do in the graphical console — to determine what actions it is allowed to take.

The scope is the full platform surface:

  • Collections and proxies — create, inspect, update, or retire
  • Workflows — design and attach fan-out, transformation, or retry sequences
  • Policies — assign, modify, or audit rate limits, auth rules, and access controls
  • Clients and credentials — provision, rotate, or revoke
  • Audit history — query and summarise recent changes or incidents
  • Metrics — pull traffic summaries, error rates, and latency distributions without leaving the conversation

This is the same breadth as the graphical console. The difference is that you describe what you want and the platform figures out the sequence.

Three things it does well in practice

Shipping a new API product end-to-end

In the console, publishing a new API product from scratch involves creating a collection, adding proxy definitions, wiring each backend, selecting or creating a policy, configuring access profiles, and verifying the published spec. Each step is in a different part of the UI. Copilot handles this as a single conversation:

"Create a Payments collection, add a POST /payments endpoint pointing to https://payments-internal.svc, cap traffic at 500 RPM, and show me what changed."

Copilot creates the collection, adds the proxy, configures the rate limit, and returns a summary of the created resources — including their IDs and the current state — for you to review before moving on.

Triaging an incident without context-switching

When error rates spike, the standard workflow is: open the metrics dashboard, pull the affected endpoint's traffic graph, open the audit log in a different tab, correlate timestamps, and check recent config changes. Copilot keeps all of that in one thread:

"Why are 502s spiking on /orders? Pull the last ten failed calls and summarise the pattern."

Copilot queries the traffic history, groups errors by upstream response, and surfaces the most recent config changes to the proxy — in the same thread where you can immediately respond with a rollback or a policy change if needed.

Onboarding a partner without back-and-forth

Partner onboarding typically involves coordinating between the platform team and the partner — collecting details, creating credentials, assigning the right access profile, and communicating the resulting config. Copilot handles the platform side in a single thread:

"New client for Acme Corp on the Standard policy with JWT authentication. Show me the credential before issuing."

Copilot creates the client record, binds the policy, generates the credential, and shows you the configuration for review before committing. The partner gets credentials faster; the audit log has a complete record of what was created and by whom.

The guardrail that makes it safe

Copilot for Management does not bypass Zerq's control plane. Every action it takes runs through Management MCP with the identity of your signed-in session. That has two direct implications:

Viewers can only read. If your session has a viewer role, Copilot can query and summarise — but it cannot create, update, or delete resources. The role model is not advisory; it is enforced at the API layer.

Every action produces an audit record. Changes made through Copilot appear in the platform audit log with your identity, the timestamp, and the full change diff — identical to changes made through the console. There is no separate audit trail for "AI did this." It is one trail.

This matters for regulated environments. When a compliance auditor asks who provisioned a credential or changed a rate limit policy, the answer is the same whether the action came from the UI, from an API client, or from Copilot.

What Copilot is not

It is not an autonomous agent running in the background. It does not poll for conditions and take action without being asked. It operates within a conversation: you describe an intent, it proposes actions, it asks for confirmation before destructive steps, it executes, and it reports results. The operator stays in the loop for every meaningful action.

It is also not a chatbot layered on top of documentation. The answers it gives about platform state — "what policies are assigned to this client?" or "what changed on this proxy in the last 24 hours?" — are live queries against the actual platform, not answers synthesised from training data. If a resource does not exist, Copilot says so.

Where to start

Copilot for Management ships with the Zerq enterprise platform. It is available in the console from day one, with the same LLM configuration options as any other Copilot component. You bring the model provider (or use the default); Zerq handles the Management MCP integration, the OIDC session binding, and the audit trail.

The first conversation most teams start with is not a complex workflow — it is a question: "Show me the policies currently attached to the Production collection and summarise any rate limits." From there, the operational patterns tend to develop quickly.

See Zerq Copilot for the full product overview, or request a demo to walk through a live operations session with your team.

Request Enterprise DemoExplore capabilities