February 16, 2022
4 min read

Kong vs. Apigee: Fast, Pain-Free Compliance 

Nishikant Singh

We live in an API-driven economy, where Application Programming Interfaces (APIs) are increasingly being used to open new revenue channels, accelerate time to market and democratize data. Enterprises are constantly striving to build faster, more reliable and easier to use APIs.

They understand that every time an API is down, unresponsive or slow enterprises run the risk of losing customers, damaging company reputation and losing revenue. At the same time, API security breaches are at an all-time high. Regulations around APIs are also growing in many industries, and great care must be taken to ensure GDPR, CCPA, PSD2, FHIR and local data residency requirements are met.

Having a fast, flexible modern API lifecycle management solution such as Kong Enterprise can help your organization quickly and simply meet evolving API security and compliance requirements at scale. And if you're using a traditional API management solution, such as Apigee, API compliance is doable, but it is a major pain and at the cost of significant performance degradation.

In this post, we'll highlight three areas where Kong beats Apigee when it comes to API compliance and speed, so your organization can deliver fast, developer-friendly compliance anywhere.

Check out the entire Kong vs Apigee Report for a complete overview of all features and capabilities

Slow Compliance is No Compliance

A head-to-head benchmark test conducted by GigaOm, an independent consulting firm, found that Kong Enterprise delivers up to 446x lower latency and up to 31x higher throughput than Apigee X. In the time it took you to read that sentence, Kong can securely process 54,250 API transactions. With Apigee, you're looking at 1,750 transactions per second.

API speed matters. API speed delights. But speed needs to be secure. Kong Enterprise wins against Apigee in this category as well, thanks to its lightweight gateway and simple plugin-based architecture. According to the same benchmark report, at 1,000 requests per second with authentication enabled, Kong Enterprise delivered up to 480 times lower latency than Apigee X.

Does your API management solution provide you with sub-millisecond latency without sacrificing compliance needs at scale?

Diagram 1: Latency at 1,000 Requests per Second - OAuth On

Kong for Compliance Anywhere

In organizations, especially in regulated industries such as BFSI and healthcare, it is important to have a comprehensive cloud exit and migration strategy to avoid vendor lock-in and ensure compliance. Enterprises need the flexibility to deploy services in hybrid or multi-cloud environments closer to the physical business locations for performance, cost, privacy and regulatory compliance reasons. Are you locked into a single cloud vendor?

Deploying Kong Enterprise across hybrid and multi-cloud infrastructure is a very common approach to solve this issue. Unlike Apigee, Kong Enterprise provides the flexibility to deploy not only the data planes but also the control plane in a self-managed fashion, hosted within the enterprise-approved boundaries.

This can be in any or many clouds, or on-premise, and you can host Kong Gateway instances on bare-metal, virtual machines, natively in Kubernetes or serverless environments with minimal configuration. Additionally, migration can be a much simpler process by having very few dependencies (some managed or self-hosted Postgres and an optional Redis cluster).

Lastly, deploying applications in a hybrid cloud environment can be a concern because of the locality of personally identifiable information. If your API management solution pushes these to a cloud analytics platform, it is likely that this data might get replicated across many locations. Kong allows you to keep all of your data within your network and optionally sends this to your centralized analytics tooling, where you can control the data locality. Where is your customer data going?

Kong for Compliance with Ease

An enterprise may have requirements for keeping their API gateway runtime traffic within a country or region. With traditional API management solutions like Apigee, this may mean sacrificing modern technologies in order to run a solution on-premise if a cloud region is not available. This is not the case for Kong, with the ability to run in Kubernetes as a deployment or as an Ingress controller.

You also have modern plugins such as true OIDC support, Kafka logging integration, Open API-based mocking for sandboxes and a simple, local developer portal without relying on a CMS. Quickly spinning up a developer portal and supporting a sandbox that calls OpenAPI based mocks is likely to be a requirement. How long do your consumers take to get onboarded?

Kong vs. Apigee : Conclusion

When choosing Kong Enterprise, you're choosing a faster, compliant, secure, flexible and intuitive API management solution over Apigee! Kong Enterprise provides an industry-leading API gateway and a plugin-based architecture that boosts performance, increases simplicity, avoids bloating and meets regulatory compliance across hybrid and multi-cloud environments.

Ready to put Kong to the test? Ask us for a personalized demo today!

Developer agility meets compliance and security. Discover how Kong can help you become an API-first company.