In this Kong Konnect tutorial, you’ll learn how to leverage the platform to manage your API ecosystem from a single easy-to-use interface. We’ll run through how to:
- Use Konnect Runtime Manager to set up your own Kong Gateway instance in Docker.
- Expose, secure and manage your first service using the Konnect ServiceHub.
- Publish an API to your Dev Portal to share documentation with your users and developers.
1. Set Up a Runtime
Let’s create an API gateway runtime. We’ll use this to proxy traffic to our service implementation. To do this, go to the Runtime Manager, which you can find on the left-hand navigation.
The Runtime Manager is where you can create and manage your API gateway runtimes.
Each runtime corresponds to a Kong Gateway running within your infrastructure. You can deploy these gateways in nearly any environment. Whether you’re running in your own data center, the cloud, VMs, containers or Kubernetes, you can manage each runtime in Konnect.
To create a runtime, click the Configure Runtime button at the top right of the screen. Here, copy the QuickStart script and paste it into a terminal to create a new Kong Gateway instance running in Docker.
The QuickStart script uses Docker for convenience. You can also use the advanced option if you end up needing to deploy a Kong Gateway in a different type of environment.
At the Runtime Manager, we have a new Kong Konnect instance.
2. Expose a Service
With the API gateway deployed and running, let’s create our first service through the ServiceHub. To create a service, click the blue Add New Service button at the top right of the ServiceHub screen.
Doing so will prompt you for the service name, version and an optional description.
With the service created, you can then configure an implementation for the service version. An implementation is an upstream URL that will be the proxy to any Kong Gateway runtime that you have deployed. API requests go to the gateway, and then the gateway proxies those requests to the upstream implementation you defined.
Once you set the URL, you can configure a route. A route tells the gateway which requests should go to which upstream service. In this case, we should direct anything under the accounts pathed to this service. We’ve exposed the service to Kong Gateway, and it’s ready to receive API requests.
3. Protect the Service
With our service defined and exposed, let’s apply a Kong plugin to protect the service from accidental or malicious overuse. To do this, we’re going to be using the Rate Limiting plugin. Rate limiting lets you restrict how often each user can call your API.
To create this plugin, click the New Plugin button at the bottom of the service version overview.
From the plugin listing, you can then filter for rate limiting. And then click Enable to configure this plugin.
In this case, I want to apply a rate limit of 10 requests per minute. And once you apply the local policy and set the configuration, click Create to activate the plugin and start rate limiting traffic.
With the rate limit in place, I can use the vitals data to see 429 errors returning to the client. These errors prove that the rate limit is in effect and the API is safe from someone sending too many requests.
4. Improve Service Performance
With our service protected, let’s show how we can improve our service performance with proxy cache. Kong Gateway stores cached responses from our upstream service. That way, when the same client requests the same data, the cache can serve the response directly. Caching ensures that our upstream service does not get bogged down with unnecessary repeated requests.
To enable caching for a service, click the New Plugin link at the bottom of the service version overview as you did earlier for the Rate Limiting plugin. From the plugin listing, filter for cache. And then click Enable on the Proxy Cache plugin to open the configuration.
For this use case, we’re just using the default configuration with the Config.Strategy set to memory. With a configuration set, click Create to activate and enable this plugin.
5. Secure the Service
Let’s walk through how we can secure our service with key authentication. By adding key authentication, we’re controlling the data allowed to send from our gateways. We’ll also be able to identify unique consumers accessing the API.
To do this, we’ll enable the Key Authentication plugin for our service and then create a consumer for which we can use to authenticate.
To enable the plugin, do the same as we did for the last two plugins by clicking the New Plugin button at the bottom of the service version overview. From the plugin listing, filter for key authentication, click Enable and then click Create to activate this plugin for this service.
With the plugin activated, the system will reject any requests that don’t include a valid API. To show this, let’s move over to our terminal and issue the requested service with the plugin. When I issue a request to my /accounts service, I get an error saying “no API key found in this request.”
Create a Consumer
To access our API with key authentication enabled, let’s create an API consumer that we can use. You can find consumers under the shared config option at the bottom of the left-hand navigation. Then, click Consumers > New Consumer. In the “Create a Consumer” form, provide a username or custom ID to identify this consumer. And then click Create to create them.
Create a Key Auth Credential
With the consumer created, you can click on the consumer and then access their credentials from the credentials tab. From here, we’ll create a new key auth credential. Then click Create to have one auto-generated for us.
Copy the key. With the key copied, we can add it to our request by either inserting it into the header or the API key field. We’re adding it as a query parameter. With the header set, I’ll issue the same request. With the key included in the request, we can successfully authenticate with Kong Gateway.
6. Publish, Locate and Consume the Service
With our service exposed and ready to use, we can add it to the Konnect Dev Portal. A developer portal provides a single source of truth for your developers to locate, access and consume services.
To start, let’s publish our service in the developing portal. To do this, click on the service from within the ServiceHub and then use the Publish the Portal option under the Actions dropdown at the top right.
Once it’s published, navigate to the Dev Portal section on the left-hand navigation. From here, you can see any services that are currently published and customize the appearance of the developer portal.
From the Dev Portal itself, users can see which services are available.
Users can auto-generate documentation for each service.
Users can send requests right here from the browser.
Once you’re ready, you can send out a link to the Dev Portal and start onboarding your users.
Leverage the Power of Kong Konnect
In this Kong Konnect tutorial, you’ve learned how to deploy, configure and publish your APIs from a single, easy-to-use interface. Now your developers can focus on what really matters: building the functionality that powers your business.
Once you’ve set up Konnect, you may find these other tutorials helpful: