In a previous blog post , we discussed the prevalence of bearer tokens (or access tokens) to restrict access to protected resources, the challenges the sheer nature of bearer tokens present, and available mitigations. To recap, presenting a bearer token is proof enough of an authorization grant to…
[](/blog/engineering/demonstrating-proof-of-possession-dpop-preventing-illegal-access-of-apis)
In this article, we'll talk about our experience implementing a design system at Kong. We'll go over the reasons why we decided we needed one in the first place, where we started, and how we got to where we are today. We'll also cover the technology we used and how it has transformed software…
[](/blog/engineering/lessons-learned-implementing-a-design-system)
Today, we're pleased to announce another packed release for Kong Insomnia with many new features and improvements. We recommend every user update to this latest version, available for download today at https://insomnia.rest/download . We've released after-response scripting, which in combination…
[](/blog/product-releases/insomnia-9-3-ga)
Developer operational efficiency is crucial for streamlining API management processes and empowering development teams to work more effectively. In this blog post, we'll explore three key tips to unlock developer operational efficiency — leveraging API documentation and self-service credential…
[](/blog/enterprise/3-strategies-to-supercharge-developer-operational-efficiency)
OAuth 2.0 is the current gold standard for secure delegated authorization. The reason is simple: OAuth puts control back in the hands of the users. It enables users to securely grant access to their resources without having to share passwords with third-party applications. Hence, it's one of the…
[](/blog/engineering/3-extensions-to-improve-security)
If you've ever gotten sticker shock after receiving a surprisingly large cloud bill, you're not alone. Many organizations have faced this challenge, especially as they scale their Kubernetes deployments . While the cloud makes flexible scaling possible, it has also introduced many new services one…
[](/blog/enterprise/kubernetes-cloud-cost-optimization-tactics)
Kong Ingress Controller (KIC) 3.2 is here, and it’s an incredible release. It contains features related to graph theory, features that mean you’ll never need a database again, and a whole host of quality-of-life fixes. If you’ve been using KIC for a long time, you might remember that it was…
[](/blog/product-releases/kic-3-2)
The JSON Web Token (JWT) is an open standard that allows information to be transferred securely between different parties. The token is digitally signed by using a private key (HMAC) or a public/private key (RSA) by building a JSON Web Signature (JWS). It guarantees that the JWT hasn’t been…
[](/blog/engineering/craft-and-sign-custom-jwt)
In today's rapidly evolving technological landscape, software teams have found themselves at the heart of business strategy. Their decisions on which technologies to invest in have become crucial, directly impacting a company's agility and ability to differentiate itself in the market. As a result,…
[](/blog/enterprise/why-your-engineers-want-to-migrate-to-kubernetes)
Two of the main tenets of Zero Trust are encryption between services and managing the connections each service is allowed to use. Achieving this generally falls to running a service mesh in a Kubernetes cluster. Refactoring applications to run properly in Kubernetes takes time and considerable…
[](/blog/engineering/zero-trust-on-vms-with-universal-mesh)
As organizations build more APIs, manual processes and frequent handoffs in the API development workflow can lead to a slower time to market, higher development costs, and poor-quality APIs. They can also result in APIs being poorly documented, causing poor API adoption and lower revenues. APIOps…
[](/blog/engineering/automating-api-delivery-with-apiops-and-kong)
The concept of insurance predates the printing press and the steam engine. So it's likely no surprise that the industry — as obviously adaptable as it is — often faces challenges related to the modernization of legacy systems. In the age of AI and APIs (application programming interfaces) ,…
[](/blog/enterprise/api-management-insurance)
In the age of surgical robots, smart refrigerators, self-driving vehicles, and unmanned aerial vehicles, connectivity undoubtedly is a foundational block for our modern world. As we move further into the 2020s, this connectivity has expanded to encompass emerging technologies like 5G networks ,…
[](/blog/enterprise/5-architectural-patterns-for-securing-connectivity-at-scale)
The cloud native paradigm for application development has evolved significantly since its inception. Today, it encompasses microservices architecture, containerized services, automation, orchestration, distributed management, and emerging technologies like serverless computing and edge computing.…
[](/blog/engineering/6-strategy-elements-for-building-cloud-native-applications)
We're introducing several new Kong AI Gateway capabilities in Kong Gateway 3.7 and Kong Gateway Enterprise 3.7, including enterprise-only and OSS improvements. Read on for a full rundown of the new AI-focused features. With the new Kong Gateway 3.7 release , we're promoting Kong AI Gateway to GA…
[](/blog/product-releases/ai-gateway-goes-ga)