Kong Enterprise 3.3 delivers enhanced security, usability, and platform reliability. Learn more

Getting Started With Kong Konnect in 10 Minutes

In this Kong Konnect tutorial, you’ll learn how to leverage the platform to manage your API ecosystem from a single easy-to-use interface. We’ll run through how to: 

1. Set Up a Runtime

Let’s create an API gateway runtime. We’ll use this to proxy traffic to our service implementation. To do this, go to the Runtime Manager, which you can find on the left-hand navigation.

Kong Konnect Runtime Manager

The Runtime Manager is where you can create and manage your API gateway runtimes. 

Each runtime corresponds to a Kong Gateway running within your infrastructure. You can deploy these gateways in nearly any environment. Whether you’re running in your own data center, the cloud, VMs, containers or Kubernetes, you can manage each runtime in Konnect.

To create a runtime, click the Configure Runtime button at the top right of the screen. Here, copy the QuickStart script and paste it into a terminal to create a new Kong Gateway instance running in Docker.

Kong Konnect Configure New Runtime Quick Setup Script

The QuickStart script uses Docker for convenience. You can also use the advanced option if you end up needing to deploy a Kong Gateway in a different type of environment.

At the Runtime Manager, we have a new Kong Konnect instance.

Kong Konnect Runtime Manager New Runtime Added

2. Expose a Service

With the API gateway deployed and running, let’s create our first service through the ServiceHub. To create a service, click the blue Add New Service button at the top right of the ServiceHub screen.

Kong Konnect Add New Service

Doing so will prompt you for the service name, version and an optional description.

Kong Konnect Create New Service

With the service created, you can then configure an implementation for the service version. An implementation is an upstream URL that will be the proxy to any Kong Gateway runtime that you have deployed. API requests go to the gateway, and then the gateway proxies those requests to the upstream implementation you defined.

Once you set the URL, you can configure a route. A route tells the gateway which requests should go to which upstream service. In this case, we should direct anything under the accounts pathed to this service. We’ve exposed the service to Kong Gateway, and it’s ready to receive API requests.

3. Protect the Service

With our service defined and exposed, let’s apply a Kong plugin to protect the service from accidental or malicious overuse. To do this, we’re going to be using the Rate Limiting plugin. Rate limiting lets you restrict how often each user can call your API. 

To create this plugin, click the New Plugin button at the bottom of the service version overview.


Kong Konnect add new plugin

From the plugin listing, you can then filter for rate limiting. And then click
Enable to configure this plugin.


Kong Konnect add new plugin to a service

In this case, I want to apply a rate limit of 10 requests per minute. And once you apply the local policy and set the configuration, click Create to activate the plugin and start rate limiting traffic. 

With the rate limit in place, I can use the vitals data to see 429 errors returning to the client. These errors prove that the rate limit is in effect and the API is safe from someone sending too many requests.

Kong Konnect traffic status code

4. Improve Service Performance

With our service protected, let’s show how we can improve our service performance with proxy cache. Kong Gateway stores cached responses from our upstream service. That way, when the same client requests the same data, the cache can serve the response directly. Caching ensures that our upstream service does not get bogged down with unnecessary repeated requests.

To enable caching for a service, click the New Plugin link at the bottom of the service version overview as you did earlier for the Rate Limiting plugin. From the plugin listing, filter for cache. And then click Enable on the Proxy Cache plugin to open the configuration. 

For this use case, we’re just using the default configuration with the Config.Strategy set to memory. With a configuration set, click Create to activate and enable this plugin.

5. Secure the Service

Let’s walk through how we can secure our service with key authentication. By adding key authentication, we’re controlling the data allowed to send from our gateways. We’ll also be able to identify unique consumers accessing the API.

To do this, we’ll enable the Key Authentication plugin for our service and then create a consumer for which we can use to authenticate. 

To enable the plugin, do the same as we did for the last two plugins by clicking the New Plugin button at the bottom of the service version overview. From the plugin listing, filter for key authentication, click Enable and then click Create to activate this plugin for this service. 

With the plugin activated, the system will reject any requests that don’t include a valid API. To show this, let’s move over to our terminal and issue the requested service with the plugin. When I issue a request to my /accounts service, I get an error saying “no API key found in this request.”

Kong Konnect no API key found

Learn more about Kong’s
API gateway authentication plugins, including OpenID Connect.

Create a Consumer

To access our API with key authentication enabled, let’s create an API consumer that we can use. You can find consumers under the shared config option at the bottom of the left-hand navigation. Then, click Consumers > New Consumer. In the “Create a Consumer” form, provide a username or custom ID to identify this consumer. And then click Create to create them.

Kong Konnect Create Consumer

Create a Key Auth Credential

With the consumer created, you can click on the consumer and then access their credentials from the credentials tab. From here, we’ll create a new key auth credential. Then click Create to have one auto-generated for us.

Kong Konnect create new key auth credential

Copy the key. With the key copied, we can add it to our request by either inserting it into the header or the API key field. We’re adding it as a query parameter. With the header set, I’ll issue the same request. With the key included in the request, we can successfully authenticate with Kong Gateway.


Kong Konnect key auth add apikey

6. Publish, Locate and Consume the Service

With our service exposed and ready to use, we can add it to the Konnect Dev Portal. A developer portal provides a single source of truth for your developers to locate, access and consume services. 

To start, let’s publish our service in the developing portal. To do this, click on the service from within the ServiceHub and then use the Publish the Portal option under the Actions dropdown at the top right.


Kong Konnect publish a service in the developer portal

Once it’s published, navigate to the Dev Portal section on the left-hand navigation. From here, you can see any services that are currently published and customize the appearance of the developer portal.

Kong Konnect developer portal published services

From the Dev Portal itself, users can see which services are available.

Kong Konnect developer portal

Users can auto-generate documentation for each service.

Kong Konnect developer portal generate documentation

Users can send requests right here from the browser.

Kong Konnect developer portal generate request

Once you’re ready, you can send out a link to the Dev Portal and start onboarding your users.

Leverage the Power of Kong Konnect

In this Kong Konnect tutorial, you’ve learned how to deploy, configure and publish your APIs from a single, easy-to-use interface. Now your developers can focus on what really matters: building the functionality that powers your business.

Start a free trial or contact us if you have any questions as you’re getting set up.

Once you’ve set up Konnect, you may find these other tutorials helpful:

Share Post

Subscribe to Our Newsletter!