*Earlier this year, we hosted our inaugural *[*Kong Summit Hackathon*](https://konghq.com/summit-hackathon)*Kong Summit Hackathon**. This virtual competition engaged our open source community and offered recognition and prizes for hacks in various categories. The community delivered with ingenious plugins, hacks and documentation.*
*In this blog post, we highlight our Insomnia plugin winner, Scott Harwell. Scott works with many hyperscalar cloud infrastructure vendors. He enjoys contributing to open source projects, especially where there is an opportunity to automate challenging IT or business tasks. See Scott's plugin on *[*GitHub*](https://github.com/scottharwell/insomnia-plugin-oci-auth)*GitHub**, and look into his thought process for creating this plugin below. *
My [Insomnia plugin](https://insomnia.rest/plugins)Insomnia plugin journey began with two needs:
[Insomnia](https://insomnia.rest)Insomnia was the obvious choice for the first requirement. It's open source and has all the features I needed to build complex testing workflows with dynamic variables, request/response inspection and extraction, and device syncing.
Out-of-the-box support for API client authentication methods can vary depending on the integrated public cloud. Insomnia makes it easy to add more authentication methods.
In my case, I was experimenting with Oracle Cloud Infrastructure (OCI). Like other clouds, the OCI REST API requests use a calculated signature for authentication unique to that service. A plugin to generate the OCI-specific signature in Insomnia did not exist. That led me to create one so that I could use Insomnia to integrate with OCI REST APIs.
Going into the development of the plugin, I set a few more requirements for myself. First, I wanted the user (me!) to enter as little data as possible when using the plugin, and I wanted to enter data once to set it and forget it.
I also wanted to take advantage of Insomnia's features to make the plugin as powerful and flexible as possible, such as using dynamic variables so that environments would allow me to switch between OCI compartments or tenancies with a setting or toggle.
Lastly, I wanted the plugin to be open source so that the Insomnia community could take what I built and grow it beyond any use case specific to me.
I began by looking through the plugin documentation to understand the types of plugins that Insomnia supported and which would best fit the use case that I wanted to solve. Others already published several open source plugins to GitHub, so my next exercise was to review some existing code to see how Kong's developers write plugins for Insomnia. I referenced the [UUID plugin](https://insomnia.rest/plugins/insomnia-plugin-uuid)UUID plugin for generating template tags, the [base64 plugin](https://insomnia.rest/plugins/insomnia-plugin-base64)base64 plugin for changing values and the [request plugin](https://insomnia.rest/plugins/insomnia-plugin-request)request plugin to understand dynamically changing requests before sending them to the remote endpoint. Once I felt comfortable with the reference material and resources available to me, I started writing!
I found the development experience to be very familiar. Anyone with experience writing JavaScript or TypeScript in a browser will feel at home writing and debugging a plugin for Insomnia since it's based on Electron.
I achieved my first objective by creating a configuration screen that allows users to input the various requirements for the API signature; enter your OCI tenancy data and the path to the private key on your computer, and the plugin is set to run. After the first time configuring the plugin entry, you can copy and paste it from request to request—it copies the variables too. That way, it requires very little configuration after the first use of the plugin.
I found that Insomnia's publishing mechanism through NPM made it extremely easy to distribute the plugin. I can publish any update to GitHub, and my CI/CD pipeline tests, packages and deploys the new version for any Insomnia user to leverage.
The development process for this plugin was frictionless and fast, and I went from idea to solution in my spare time over a few days. Now, any user that wants to use Insomnia with OCI REST APIs can authenticate their requests with minimal effort! Enjoy the plugin, and please feel free to provide any feedback or pull requests through [GitHub](https://github.com/scottharwell/insomnia-plugin-oci-auth)GitHub.
Ensuring secure access to applications and APIs is critical. As organizations increasingly adopt microservices architectures and cloud native solutions, the need for robust, fine-grained access control mechanisms becomes paramount. This is where the
[](https://konghq.com/blog/engineering/secure-access-control-with-opa-and-kong)
In the modern IT stack, API gateways act as the first line of defense against attacks on backend services by enforcing authentication/authorization policies and validating and transforming requests. When backend services are protected with a token-b
[](https://konghq.com/blog/engineering/zero-trust-oauth-2-0-mtls-client-authentication)
With digital transformation shifting networks into the cloud — from remote workforces to online banking — cyberattacks are growing more prevalent and sophisticated. Legacy security models like VPNs and perimeter-based firewalls are proving inadequat
[](https://konghq.com/blog/engineering/microsegmentation-and-zero-trust-security)
With its flexible querying capabilities, GraphQL makes it easy to combine data from multiple sources into a single endpoint. GraphQL and API management go hand in hand to build next-generation API platforms. However, GraphQL's features can als
[](https://konghq.com/blog/engineering/graphql-security-vulnerabilities)
In this blog we are going to learn about the technical challenges behind solving GraphQL authorization and how many organizations resolve it today. Then discuss how a Kong / OPA integration can help drive security standards in this space and bring so
[](https://konghq.com/blog/engineering/graphql-authorization-at-the-api-gateway-with-kong-konnect-and-opa)
As APIs and microservices evolve, the architecture used to secure these resources must also mature. Utilizing a token-based architecture to protect APIs is a robust, secure and scalable approach, and it is also much safer than API keys or basic au
[](https://konghq.com/blog/engineering/token-based-access-control)
As more and more companies move to a multi-cloud strategy and increase usage of a cloud native infrastructure , API providers are under a lot of pressure to deliver APIs at scale in multi-cloud environments. At the same time, APIs should follow eac
[](https://konghq.com/blog/engineering/api-authorization)