*Want to learn more about the nuts and bolts of APIOps? Download our eBook, *[*Unlocking the Full Potential of your APIs with APIOps*](https://konghq.com/resources/e-book/unlock-apis-potential-with-apiops)*Unlocking the Full Potential of your APIs with APIOps**, and learn about the stages of APIOps, get an understanding of the technical assets required, and explore the tooling needed to transform API development and management.*
[APIOps](https://konghq.com/blog/apiops-devops-and-gitops-applied-to-api-lifecycle-end-to-end-automation-throughout-the-api-lifecycle)APIOps is the complete end-to-end automation of the API lifecycle, combining DevOps and GitOps. With APIOps, you can enhance your productivity through the reuse of APIs.
In this tutorial, we'll walk you through how to:
As you can see in the below diagram, decK follows four discrete steps.
The goal of decK is to tie the simple building blocks of capture, update, compare and synchronize into your automation pipeline. You can then include these in your existing source control and automation tooling in a machine-readable, easy-to-use format. That way, you'll keep everything within the current change management and governance processes that you already have in place.
Before following the steps below, make sure you [have installed decK](https://docs.konghq.com/deck/installation)have installed decK.
For a quick example of how you can tie the four steps of decK automation together, let's disable one of our [Kong plugins](https://docs.konghq.com/hub)Kong plugins in Konnect.
To capture the current state of our Konnect configuration, run the deck konnect dump command from the terminal or CLI. By default, the system will store the output in YAML format under a konnect.yaml file in your current working directory.
Open the konnect.yaml file using a text editor of your choice. Once done, we can see the state that we have persisted inside of the Konnect control plane. Using our example environment, you can see several versions and plugins for the Payment Service.
Let’s say we want to disable the [Bot Detection plugin](https://docs.konghq.com/hub/kong-inc/bot-detection)Bot Detection plugin. Under any plugin, you can find an enabled toggle, which we’ll simply set to false. Save the file.
Let’s compare those changes with what’s currently living in Konnect to ensure that the changes we're making are the right ones. For that, we can run deck konnect diff.
Here we can see that we’ve detected one change. Enabled has changed from true to false. We have one updated artifact, which is what we wanted. Now that we've verified the changes, let's update the control plane.
To synchronize our changes, we’re going to run deck konnect sync.
The change has persisted.
Now, if we refresh the screen in the Konnect interface and go down to our plugins, the Bot Detection plugin is disabled.
For a more concrete example, I have a [GitHub repository](https://github.com/rossmcdonald/apiops-starter-kit)GitHub repository configured with GitHub Actions CI/CD functionality. We can use this for pushing policy updates to Konnect.
Imagine I’m a stakeholder for the payments API service currently deployed. After speaking with our operations team, it turns out the backend service is struggling to keep up with the current request load. They’ve asked that I lower the rate limit to ensure the stability of the backend service. Easy enough.
In Visual Studio Code, we can see the state file from Konnect. The Payment Service is there.
Here’s the [Rate Limiting plugin](https://docs.konghq.com/hub/kong-inc/rate-limiting)Rate Limiting plugin.
If we expand this, we can view and edit the configuration. It’s currently set to five per second.
Let’s lower this to two per second.
Then, we'll run git diff to compare. We’ve just made a change from five to two.
As part of my repository settings, we can’t push to the deploy branch specifically, so we’ll have to create a pull request. Run git checkout -b chore/reduce-rate-limit.
Add the changes with git add –all.
Commit them with git commit -m "Reducing rate limit".
Then, push them to GitHub with git push origin chore/reduce-rate-limit.
With our changes pushed, we can open a pull request. But before we do that, let's take a quick look at the GitHub workflow that we defined. We’re using a self-hosted runner. And we're running a deck konnect sync—so a very easy and straightforward pipeline for updating the changes.
We could also include drift detection inside the pipeline to ensure that no changes occurred since we last persisted our state file (for example, another developer didn't make a similar but conflicting change). For this example, we’re going to apply the change via pull request.
Let's deploy our chore/reduce-rate-limit branch.
Let's create the pull request. In this case, we could have enforced reviewers and different checks. However, since that’s just a testing repository, go ahead and merge.
In the background, our runner is automatically running a series of steps. In this case, just applying that decK configuration.
If we jump to the Konnect interface, we can see the rate limit has now been reduced to two per second, just like we asked.
Back in our service version, we should start to see that the change has been taking effect. Clients should begin seeing 429 errors.
Kongrats! Now you're ready to get your code to market faster, reuse services more often and be more productive so you can spend more time doing the things you love. No more wasted time waiting for manual API reviews!
You're ready to leverage the decK CLI tool to declaratively capture, compare and apply updates to your Konnect configuration. Doing so could tie back into your CI/CD framework for performing end-to-end updates while keeping your configuration within a source code repository.
That way, you'll be able to leverage your existing change control processes already in place and deliver policy updates and other configuration changes, just like you deliver code. The result will be improved governance, consistency and stability without any hassle.
[Start a free trial](https://konghq.com/kong-konnect)Start a free trial or [contact us](https://support.konghq.com/support/s/?_ga=2.220853277.461335063.1619442427-852472749.1605808164)contact us if you have any questions as you're getting set up.
Once you've successfully set up APIOps with Konnect decK, you may find these other tutorials helpful:
Two of the best (in my opinion) features in Konnect are the ServiceHub and Dev Portal. However, they're also two of the most misunderstood. Aren't they the same thing? Why would you need a ServiceHub vs. Dev Portal? Well, I'm glad you asked! The r
[](https://konghq.com/blog/engineering/service-hub-developer-portal)
Architecture Overview A multicloud DCGW architecture typically contains three main layers. 1\. Konnect Control Plane The SaaS control plane manages configuration, plugins, and policies. All gateways connect securely to this layer. 2\. Dedicated C
[](https://konghq.com/blog/engineering/dedicated-cloud-gateways-managed-redis-multi-cloud)
Managed Redis cache is a turnkey "Shared State" add-on for Kong Dedicated Cloud Gateways. It is designed to combine the performance of an in-memory data store with the simplicity of a SaaS product. When you spin up a Dedicated Cloud Gateway in Kong
[](https://konghq.com/blog/product-releases/multicloud-cloud-gateways-managed-redis-cache)
The Shifting Economic Landscape: The AI token economy in 2026 is evolving, and enterprise leaders must distinguish between low-cost input tokens and high-premium output tokens to maintain profitability. Agentic AI Financial Risks: The transition t
[](https://konghq.com/blog/enterprise/ai-input-vs-output-cost-management)
The JSON Web Token (JWT) is an open standard that allows information to be transferred securely between different parties. The token is digitally signed by using a private key (HMAC) or a public/private key (RSA) by building a JSON Web Signature (JW
[](https://konghq.com/blog/engineering/craft-and-sign-custom-jwt)
As organizations build more APIs, manual processes and frequent handoffs in the API development workflow can lead to a slower time to market, higher development costs, and poor-quality APIs. They can also result in APIs being poorly documented, caus
[](https://konghq.com/blog/engineering/automating-api-delivery-with-apiops-and-kong)
Today, we’re excited to release the Kong Konnect EKS Marketplace add-on as a means to deploy your Kong Gateway dataplanes in AWS. The add-ons are a step forward in providing fully managed Kubernetes clusters. It is here to simplify the post-procurem
[](https://konghq.com/blog/engineering/kong-konnect-eks-marketplace-add-on)