We're excited to announce the release of **Kong Gateway 3.8**, a significant update that marks a major milestone in the evolution of our API management platform. This release is packed with enhancements designed to boost performance, fortify security, and provide greater flexibility and ease of use for our customers.
Kong Gateway 3.8 delivers dramatically faster configuration processing, offering a more efficient way to manage your APIs. This version also introduces a greater choice of access controls to secure connections to and from the gateway, granular visibility into API performance through enhanced observability tools, and a single source of configuration and cache information that reduces the cost of ownership.
Additionally, the [AI Gateway](https://konghq.com/blog/product-releases/ai-gateway-3-8)AI Gateway has received major new updates, including the introduction of new semantic intelligence to accelerate GenAI performance, lower computational overhead, and improve LLM security.
Prior to Kong Gateway 3.8, when customers sent configuration updates from their control planes to the data planes, they would transmit the entire configuration payload — regardless of the size or scope of the change. For example, if a customer had 10,000 routes, 3,000 services, and 50,000 consumers, a change to a single route would trigger the control plane to resend all routes, services, and consumers to the data plane.
This process forced the data plane to reload the entire configuration into memory and process it, consuming memory and CPU resources. The result was slower configuration processing, higher resource contention, and a suboptimal experience for API users.
**Incremental Config Sync** is our answer to efficient configuration updates. This feature is coming soon as a tech preview which will be available to everyone in a separate image for testing while we continue to work on making it generally available. Now, when a customer makes a change — such as updating a single route — only the relevant change is sent from the control plane to the data plane. This results in significantly less data being transmitted, reduced memory and CPU usage, and much faster propagation of configuration changes. The overall impact is a more responsive and efficient API management experience. Stay tuned for more updates on the availability of the tech preview image.
*Figure 1: Reduced latency driven by Incremental Configuration Update in Kong Gateway 3.8*
APIs are part of the critical IT infrastructure for any company as they form the central nervous system of how organizations operate. APIs are also one of the most vulnerable endpoints for attackers to target. Security is a critical focus of Kong Gateway 3.8, and this release offers even more robust protection for your APIs.
We're very excited to announce the availability of our **JSON Threat Protection** plugin that enables administrators to enforce strict content inspection policies. This plugin allows you to define limits for various JSON elements, such as arrays, objects, and strings, ensuring that incoming payloads conform to your security policies. Users can easily configure policies around what the general "shape" of a JSON object is allowed to be. For instance, a common attack vector is to send an extremely large array of objects encoded in JSON. With the new plugin, we make it trivial to stop traffic that exceeds a particular length in the gateway. Non-conforming requests are automatically rejected, protecting your APIs from potential threats.
*Figure 2: JSON Threat Protection plugin*
With the **upstream-oauth** plugin, Kong Gateway 3.8 provides the ability to safely consume an external API. The plugin supports OAuth flow between Kong and an external service allowing Kong to authenticate and consume an OAuth-protected API.
To support various deployment patterns and continue limiting access to APIs with strong certificate-based consumer authentication, Kong Gateway 3.8 offers the **header-cert-auth** plugin. This plugin offers mutual certificate-based authentication (MTLS) when TLS is terminated at a web application firewall (WAF) or load balancer (LB). It verifies the MTLS certificate passed in the header by WAF or LB and authenticates the API consumer. The plugin supports a couple of common encodings (base64-encoded, url-encoded) for header-based certificates and can be limited to accept certificates from trusted sources only.
Observability plays a critical role in issue detection and resolution. Three key datasets are typically used to aid in tracking how well systems and APIs are performing: logging, tracing (spans) and metrics.
These datasets are integral for organizations to keep track of how their APIs are running. However, observability platforms such as Datadog, AppDynamics, Dynatrace, or Grafana each offer their own ways of ingesting data and their own agents to collect this data.
Kong Gateway 3.8 brings full support for **OpenTelemetry**, the industry standard for observability. With this update, you can now collect and export comprehensive telemetry data, including logs, metrics, and traces. This enhanced observability allows developers and DevOps teams to gain deeper insights into API performance, enabling more effective monitoring, troubleshooting, and optimization.
In Kong Gateway 3.8, we offer a completely rewritten plugin that delivers higher performance and includes support for logging and metrics. The new OpenTelemetry plugin has been tested against major platforms such as Datadog, Honeycomb, and Appdynamics. Configuring and enabling is just one single click from either your control plane or Konnect.
In addition to the above-mentioned enhancements to the Kong Gateway, we're also delivering new functionality on the Kong Konnect front. These include:
We're excited to announce a significant enhancement to Kong Konnect with Konnect Consumers, now in tech preview and available as a separate Gateway image. This new feature improves how you manage service consumers by allowing you to configure them once and apply the configuration across multiple control planes in Konnect. No more duplicative efforts or configuration conflicts — Consumers streamlines your workflow, enhancing productivity, centralizing security, and making consumer management easier and more efficient.
Consumers marks a significant shift in how consumer entities are handled within the Konnect platform. Traditionally, service consumers were tied to individual control planes, requiring developers to replicate configurations across different environments. This inadvertently led to inefficiencies and potential conflicts. With Consumers, we’ve reimagined this approach by elevating the consumer entity to a top-level status, making it accessible across all control planes within its defined regions in Konnect. This is achieved by storing consumer data centrally in an external database, ensuring that it adheres to strict data residency requirements.
Technically, this means that your dataplanes can retrieve consumer information in real-time, and then cache it locally for optimal performance. This reduces the overhead associated with managing consumer configurations *and* ensures that your Kong gateways are always up-to-date with the latest consumer data. Moreover, with built-in security measures such as mTLS authentication and data protection both in motion and at rest, Consumers offers a secure and compliant solution for managing your API consumers at scale in Konnect.
*If you're interested in trying out this feature, please reach out to us at *[konnect-feedback@konghq.com](mailto:konnect-feedback@konghq.com)konnect-feedback@konghq.com*. *
Managing sensitive information for API configuration across multiple data planes can be complex and costly. Kong Konnect simplifies this with the **Konnect Config Store**, a cloud-based repository that enables secret management with Konnect. Config Store is a single source of truth that reduces the need for external secret managers like Hashicorp, lowers the cost of ownership, and streamlines vendor management. Konnect Config Store will be generally available in October.
*Figure 3: Konnect Config Store*
In [Kong Gateway 3.7](https://konghq.com/blog/product-releases/kong-gateway-3-7)Kong Gateway 3.7, we promoted the AI Gateway to general availability, enabling organizations to accelerate the development of multi-LLM applications while securing and observing AI traffic at scale.
In 3.8, we're introducing semantic intelligence to the AI Gateway via Semantic Prompt Guard, Semantic Caching, and Semantic Routing to dramatically improve GenAI performance, reduce computational overhead, and enhance LLM security. Additionally, this release introduces a new class of intelligent semantic plugins, several new advanced load-balancing capabilities for LLMs, and official support for AWS Bedrock and GCP Vertex. See the [AI Gateway 3.8 blog](https://konghq.com/blog/product-releases/ai-gateway-3-8)AI Gateway 3.8 blog for more information.
Kong Gateway 3.8 represents a major leap forward in API management. By upgrading to Kong Gateway 3.8, you'll optimize the operational efficiency of APIs by reducing latency, conserving resources, and ensuring robust observability across diverse infrastructures. The latest release introduces critical enhancements including incremental configuration, updates, and enhanced OpenTelemetry support. The new Config Store functionality will further streamline the secure management of API configurations, making it easier for teams to run their services reliably at scale.
Want to learn more? It's not too late to [register for API Summit](https://konghq.com/events/conferences/api-summit/register-now)register for API Summit where we’ll discuss all things APIs and AI. Or, dig into our documentation for more technical details.
If you have any questions about Kong Gateway 3.8 or API Summit, reach out to us on LinkedIn or X!
As API ecosystems grow more complex, maintaining visibility and security shouldn't be a hurdle. Kong Gateway 3.13 simplifies these challenges with expanded OpenTelemetry support and more flexible orchestration. These new capabilities not only make y
[](https://konghq.com/blog/product-releases/kong-gateway-3-13)
Traditional agreement processes were slow and heavily manual. Documents were often created in office tools, shared through email, printed, signed physically, and stored across multiple systems. Tracking the status of agreements required manual follo
[](https://konghq.com/blog/engineering/automating-agreement-workflows-kong-konnect-and-docusign-for-developers)
How Kong Gateway 3.14 closes the consistency gap in IAM-based authentication across AWS, Azure and GCP — and what it means for your production deployments Starting with 3.13 (which addressed Redis support) and completed in 3.14, Kong now presents
[](https://konghq.com/blog/engineering/cloud-native-authentication)
Traditional APIs are, in a word, predictable. You know what you're getting: Compute costs that don't surprise you Traffic patterns that behave themselves Clean, well-defined request and response cycles AI APIs, especially anything that runs on LLMs
[](https://konghq.com/blog/engineering/monetize-ai-apis)
When speaking with our customers, and particularly with platform teams, we repeatedly hear about how difficult it is to discover and govern all the services and APIs that actively run on their infrastructure. In ever-expanding and changing environm
[](https://konghq.com/blog/product-releases/create-an-internal-api-and-service-inventory)
Today we're excited to announce Kong Gateway 3.9! Since unveiling Kong Gateway 3.8 at API Summit 2024 just a few months ago, we’ve been busy making important updates and improvements to Kong Gateway. This release introduces new functionality arou
[](https://konghq.com/blog/product-releases/kong-gateway-3-9)
Kong Gateway Enterprise 3.5 is packed with security features to support the use cases demanded by our enterprise customers through major improvements in Secrets Management integrations and our Open-ID Connect (OIDC) plugin. Additionally, we’ve a
[](https://konghq.com/blog/product-releases/kong-gateway-enterprise-3-5)