The service catalog is an essential tool that all organizations invested in effective IT management should own and maintain. Without an up-to-date system of record of all services and APIs, organizations run the risk of having what we call “Shadow APIs” — or APIs that are undiscovered, unmanaged, and pose significant security risks to the entire company.
So, why is gaining visibility into these services and APIs such a big deal?
Among the tens of thousands of API endpoints that might be running in an organization’s infrastructure, every single one can be thought of as a unique attack vector, especially if left unprotected without authentication, authorization, and rate limiting.
According to Security Magazine, over 50% of organizations experienced at least one API-related breach in the last year, a reflection of how difficult it is to ensure API security at scale. And it looks as if the trend will only increase. Kong [forecasts](https://konghq.com/resources/reports/ai-and-api-adoption-challenges)forecasts the number of annual API attacks will grow 548% by 2030.
In addition, API deployments have noticeably increased in complexity over the last several years. As organizations continue to break down their monolith, they’ve struggled to deal with a variety of API implementations — REST, GraphQL, gRPG, to name a few — across both hybrid and multi-cloud environments.
Finally, APIs can be expensive liabilities when left unmanaged. ITIC found that a staggering 81% of organizations reported that experiencing just one hour of unplanned API downtime often costs them upwards of $300,000.
We know [APIs are mission critical](https://konghq.com/blog/enterprise/apis-are-mission-critical)APIs are mission critical. So, what exactly can organizations like yours do to protect themselves? It may be worth your time to invest in a service catalog.
An effective service catalog serves as an all-encompassing repository for an organization’s services and APIs. Managing and maintaining this asset can have tremendous benefits across different teams.
For example, the service catalog not only provides Platform Teams with the ability to retroactively secure existing APIs, but also enables them to proactively enforce rules and regulations, so that moving forward, newly-created APIs are properly governed as well.
The service catalog also has the potential to boost developer productivity across Application Teams. This tool is meant to aggregate dispersed information about an organization’s services: their code repositories, CI/CD pipelines, dependency trees, API specs, documentation files, lists of recent incidents, and so on. The ability to search across the entire catalog and view a quick 360 summary on any given entry can improve Application Teams’ productivity across a variety of use cases — identifying upstream/downstream dependencies when triaging incidents, and leveraging existing code to save development time, just to name a couple.
Our team at Kong has been working diligently to deliver a product that thoughtfully addresses all the points described above, and more.
Today, we're excited to announce that the Konnect Service Catalog (or simply, “Service Catalog”) is now available in Public Beta!
Out of the box, Service Catalog comes with pre-built integrations designed to identify live services and APIs running in an organization's infrastructure. Service Catalog’s discovery engine ingests these services and APIs from sources such as Kong Gateway and Kong Mesh — with more to come soon, such as Kubernetes, Apigee, and AWS Lambda.
We’re also thrilled to announce that we’ve joined forces with our [Premium Technology Partner,](https://konghq.com/blog/news/premium-technology-partner)Premium Technology Partner, Traceable AI — an API security and observability platform that empowers Platform Teams to discover "Shadow APIs" at the kernel level through its formidable array of discovery mechanisms, including bleeding-edge [eBPF technology](https://www.traceable.ai/blog-post/ebpf-and-api-security-with-traceable)eBPF technology. By integrating Traceable and Service Catalog, we're able to transport previously undiscovered services into the Kong Konnect ecosystem.
Once these services are ingested into Konnect, users can begin protecting their related APIs by configuring Kong Gateway to serve as a reverse proxy. From here, authentication, authorization, and rate limiting can easily be enforced via [Kong Plugins](https://konghq.com/products/kong-plugins)Kong Plugins. The end result is that joint customers of both Kong and Traceable have a slick end-to-end experience whereby they can easily identify and subsequently mitigate risky APIs that exist in their infrastructure.
*This combined solution ensures you can confidently secure your entire API and service ecosystem, reducing the risk of data breaches and other security incidents. *
Service Catalog aggregates critical information from systems like PagerDuty and Datadog — with upcoming support for Jira, Slack, Snyk, and SonarQube — into a single, comprehensive view. Its integrations with various observability, incident management, and issue tracking systems mean that Application Teams can have a unified interface whereby they can easily search for all services in the organization across different dimensions: by team owner, engineering department, Jira board, and Slack channel. Without leaving the Service Catalog UI, they're able to view more details about a given service: upstream/downstream dependencies, API specs, and documentation files.
Having this information accessible at their fingertips allows Application Teams to be more productive in their day-to-day activities, including when identifying the root cause of a recent service failure or when searching for the API of an existing service that they might want to integrate with.
Ensuring that all teams across an organization adhere to the company’s maturity standards and industry-defined best practices can be challenging initiatives to drive for Platform Teams, especially those who work at large enterprises. These initiatives typically involve kicking off huge cross-functional processes spanning multiple teams, each with its own cultures, timelines, and priorities. Given both its breadth and depth of understanding of an organization’s service ecosystem, Service Catalog is well-positioned to solve this problem for Platform Teams.
By codifying these guidelines, represented in the form of a Scorecard, Platform Teams are able to identify which services fail to adhere to their custom-defined standards and industry best practices. They're then able to view a list of service owners whom they should follow up with to implement change. Ultimately, Service Catalog’s Scorecards feature imparts Platform Teams with confidence when quantitatively tracking improvement in company-wide compliance.
Here are some examples of criteria that a Platform Team can embed into their Scorecards:
And much more!
Take control of your API infrastructure with Service Catalog today! Check it out, either by logging into [Kong Konnect](https://cloud.konghq.com/login)Kong Konnect or by registering to get started in [Kong Konnect Plus](https://konghq.com/products/kong-konnect/register)Kong Konnect Plus.
Want to learn more? It's not too late to [register for API Summit](https://konghq.com/events/conferences/api-summit/register-now)register for API Summit where we’ll discuss all things Service Catalog with Traceable. Or, dig into [Service Catalog’s documentation](https://docs.konghq.com/konnect/service-catalog/)Service Catalog’s documentation for more technical details.
If you have any questions about Service Catalog or API Summit, reach out to us at [konnect-feedback@konghq.com](mailto:konnect-feedback@konghq.com)konnect-feedback@konghq.com.
As you explore Service Catalog, don’t forget to vote for which Integrations you’re most looking forward to!
The widespread adoption of Kafka and event streaming platforms is evident across several enterprises, where they serve as the backbone of critical operations, ranging from financial transactions to AI inference pipelines. However, in the domains of
[](https://konghq.com/blog/product-releases/kong-event-gateway-1-1)
As API ecosystems grow more complex, maintaining visibility and security shouldn't be a hurdle. Kong Gateway 3.13 simplifies these challenges with expanded OpenTelemetry support and more flexible orchestration. These new capabilities not only make y
[](https://konghq.com/blog/product-releases/kong-gateway-3-13)
A quick refresher: Kong Cloud Gateways Kong Cloud Gateways are fully managed, high-performance data planes running on customer-dedicated infrastructure, orchestrated and operated by Kong through Kong Konnect . Customers can choose between: Serverle
[](https://konghq.com/blog/product-releases/kong-cloud-gateways-2025-news-recap)
Traditional APIs are, in a word, predictable. You know what you're getting: Compute costs that don't surprise you Traffic patterns that behave themselves Clean, well-defined request and response cycles AI APIs, especially anything that runs on LLMs
[](https://konghq.com/blog/engineering/monetize-ai-apis)
Free collaboration with Postman — a myth On March 1st, 2026, Postman discontinued free collaboration for small teams. Now , Git or Cloud-native collaboration requires a Team plan starting at $19 per person per month. That means even a 3-person team
[](https://konghq.com/blog/enterprise/insomnia-vs-postman-evaluating-api-testing-tools)
Running Kong in front of your Solace Broker adds real benefits: Authentication & Access Control – protect your broker from unauthorized publishers. Validation & Transformation – enforce schemas, sanitize data, and map REST calls into event topics.
[](https://konghq.com/blog/engineering/smarter-event-driven-apis-kong-solace)
When speaking with our customers, and particularly with platform teams, we repeatedly hear about how difficult it is to discover and govern all the services and APIs that actively run on their infrastructure. In ever-expanding and changing environm
[](https://konghq.com/blog/product-releases/create-an-internal-api-and-service-inventory)