Automating digital transformation API deployments can help speed time to market and minimize the resources required for the deployments — if developers can be assured that the automated process meets all necessary security requirements.
It's a topic that Kong Senior CustomerExperience Manager Peggy Guyott and Kong Senior Solutions Engineer Ned Harris discussed on a recent webinar as part of the Destination: Automation 2021 digital event. Guyott and Harris explained how the Kong Developer Portal, Kong's Inso (CLI) command line interface offering and other tools can give developers the ability to complete API deployments in an automated and secure manner.
"The great news is that with [APIOps](https://konghq.com/blog/what-is-apiops)APIOps, security testing and performance testing is frequent, continuous and guaranteed because you're going to publish it in each and every API across the business," observed Guyott.
Kong defines APIOps as "end-to-end automation throughout the API lifecycle."
Using this approach makes deployments more consistent and predictable, Guyott and Harris explained.
Harris walked webinar attendees through a hypothetical automated API deployment using the Kong Developer Portal. The demo used what Harris called a "spec-first" approach, but he noted that other approaches also are supported.
"That spec is going to become that source of truth for all of our configuration, including our documentation and even how the gateway is configured," he explained.
The demo also assumed the API would be deployed in two Kubernetes clusters - a development cluster and a QA (quality assurance) cluster. The idea was to deploy the configuration to a development cluster for testing to make sure it was compliant before sending it to the QA cluster.
In addition, the demo assumed there was an open API spec already set up in Insomnia, the open source GraphQL and REST client designed to make testing and debugging APIs easier.
The documentation was tied to Git Repo, a tool built on top of Git, the free and open source distributed version control system. Git Repo helps manage Git repositories, handles the uploads to revision control systems and automates part of the development workflow.
In the demo, the API didn't pass the testing in the development cluster because it did not support the required rate limiting policy or OpenID Connect (OIDC) policy.
Kong, however, offers a variety of plug-ins that can enforce policies such as OIDC and rate limiting. By declaring these plug-ins in the OpenAPI Specification, Harris was then able to do a pull request to advise collaborators about the changes, and had this been a real-world deployment rather than a demo, he could have reviewed any needed changes with the colleagues before the changes were finalized.
In the demo, Harris pushed the plug-ins needed to implement OIDC and rate limiting through to GitHub Actions, a tool designed to automate software workflows and to enable developers to build, test and deploy code directly from GitHub, the cloud native API gateway.
In the demo, the API was deployed to development but not to QA because it failed the policy test. Because it was deployed to development, it was possible to run commands and get results back, however, as Harris demonstrated.
Before the API could be deployed to QA, Harris had to finalize the addition of the rate limiting and OIDC plug-ins, which he did through a merge-to-master using continuous integration/continuous delivery (CI/CD).
He also could have used Insomnia to enable the OpenAPI Spec to generate "Kong config" for a Kubernetes deployment or, alternatively, for a "dec declarative" configuration.
"This is the magic that Inso is doing," said Harris. "It's taking that OpenAPI Spec, turning that into configuration and then taking that configuration and basically putting it into the GitHub Action so it can ultimately deploy it to those clusters."
As part of the demo, Harris installed the Insomnia CLI tool using Node Package Manager, a tool that automates software installation and dependencies, simplifying the task of incorporating existing code into a project. The package manager fetches the code from a library and includes it in the project.
Once the tool was installed, Harris was able to export the OpenAPI Spec and essentially convert it to a Kong configuration. This in turn, enabled that configuration to be deployed to the development environment and when the required tests were run, the spec was able to pass all the tests because the necessary policies had been added.
While the demo involved rate limiting and [OICD policies](https://docs.konghq.com/hub/kong-inc/openid-connect)OICD policies, Kong offers a wide range of plug-ins, including other security plugins.
As Harris put it, "Really, the sky's the limit. It's really up to what your organization needs."
Attacks estimated to surge 996% by 2030 — with the cost per breach rising to $14.5 million APIs have revolutionized every industry. They fuel digital transformation and power the web, making up more than 83% of global internet traffic. And API adop
[](https://konghq.com/blog/enterprise/apis-are-mission-critical)
If you could clone yourself, you could get your work done a lot faster, right? And that would free up time for you to pursue new projects and advance your career. It's an idea that Kong Vice President of Products Reza Shafii discussed recently as
[](https://konghq.com/blog/enterprise/clone-automation-next-job)
Free collaboration with Postman — a myth On March 1st, 2026, Postman discontinued free collaboration for small teams. Now , Git or Cloud-native collaboration requires a Team plan starting at $19 per person per month. That means even a 3-person team
[](https://konghq.com/blog/enterprise/insomnia-vs-postman-evaluating-api-testing-tools)
This is the pitch to the board and the C-suite. It must be brutally concise, focused entirely on your business outcomes, not the technology. If the first page doesn't articulate value, the strategy dies. Why? It immediately frames the initiative in
[](https://konghq.com/blog/enterprise/enterprise-api-strategy-legacy-modernization)
Application programming interfaces (APIs) are everywhere, and they play a role in running nearly everything in our digital-centric lives. Each time you launch a web page or an app on your phone, dozens of API calls are happening in the background to
[](https://konghq.com/blog/engineering/api-security-best-practices)
Today, more organizations than ever before rely on web and mobile applications and partner integrations to help them automate and scale, making APIs essential to today’s software ecosystem. But because APIs are gateways to sensitive data, this als
[](https://konghq.com/blog/engineering/api-security-risks-and-how-to-mitigate-them)
Security best practices remain a top priority for enterprises, especially as high-profile hacks and cybersecurity breaches pose increased risks. According to the 2022 Morgan Stanley CIO survey , IT spending is expected to reach 4.4%, with cloud com
[](https://konghq.com/blog/engineering/defense-in-depth-security)