You've decided to install Kong Gateway. Congrats! You're almost ready to accelerate your microservices journey with the world's most popular open source API gateway. This article and video will guide you through the short version of our tutorial. If you prefer, here are some more detailed instructions.
If you haven't already, make sure you've installed Kong before getting started. It should only take a few minutes.
To check that you've started Kong, make a quick request to port 8001 (the default for the Kong admin API). A response status code of 200 means that Kong is up and running.
Now, let's get started.
Watch the video guide below, or keep reading for the full written guide with screenshots.
Kong exposes a RESTful Admin API on port 8001 that allows you to change Kong configurations, such as adding Services and Routes via the command line. Begin by making a post request to the Admin API/Service Route.
Then, create a new example Service that points to the Mockbin API. Press enter, and the system will generate the response status code of 201. You'll see the name example Service within the response JSON as well as some other information.
Next, create a new Route for the Service. Start by making a post request to the admin API. Hit the example Service you created earlier and then hit the Route’s endpoint for that example Service. Specify the host headers of example.com.
Now that you have a Route and a Service, you're ready to proxy your request through Kong Gateway. Go ahead and issue a curl command, but this time use port 8000.
If you receive a successful response, Kong will now forward requests made to localhost port 8000 to the URL you configured back in step one, the Mockbin API.
If you make the same request again and this time strip out the header, you’ll see a code of 200, which means a successful request. It’s a proxy via Kong 1.3, so you can see the version, and you can also see how much latency the Kong proxy is adding to the request. As you make more and more requests, the number should get lower because Kong can cache the response and request that you make.
Now that you have your Route and Service set up, you'll need to add a plug-in to secure your Service. To configure the key-auth plugin for the Service you configured in Kong Gateway, issue the following curl request. Once again, you'll be utilizing the admin API to create a plugin.
Start by hitting the example Service you started in earlier steps to add a plugin called key-auth. After making the request, the key-auth plugin will have some information in the response JSON.
Then, make the same request to port 8000. You'll immediately get a 401 saying that it’s unauthorized. The request is still proxied through Kong; Kong is just looking for the key authentication. So, now that you’ve configured the key-auth plugin, you see how quickly you can secure any Services. Additionally, you can specify plugins to services, routes or consumers. Key authentication allows you to choose who can access your services, giving you more control over your microservices.
Next, configure the key-auth plugin and add a Consumer to your Service. Create a Consumer through the restful API. Once again, utilize the admin API to hit the Consumer’s endpoint and adding a Consumer named Jason.
Afterward, you'll see a 201 created as well as an ID for Jason.
To provision key credentials for your Consumer, use the admin API once again as a post-request through the Consumers/Jason/key-auth endpoint. Where it says key=ENTER_KEY_HERE, enter the ID that you see in Jason’s response JSON.
After successful creation, Jason now has the credentials necessary to make the request. If you go back and make the request to port 8000, you still keep the host header, example.com, but now you have to add a field called apikey. Take the key for Jason, and plug it in. Now you see the request starts to work again. Strip the body and just look at the header, and you'll get a response of 200.
That's it! You've successfully added a Service, created a Route for that Service, and secured that Service using a key-auth plugin with a Consumer named Jason. For more information, visit our documentation page.
Have questions or want to stay in touch with the Kong community? Join us wherever you hang out:
Meet Emily. She’s an API product manager at ACME, Inc., an ecommerce company that runs on dozens of APIs. One morning, her team lead asks a simple question: “Who’s our top API consumer, and which of your APIs are causing the most issues right now?”
It’s been almost a year since we released our Konnect Terraform provider . In that time we’ve seen over 300,000 installs, have 1.7 times as many resources available, and have expanded the provider to include data sources to enable federated managem
In the last two parts of this series, we discussed How to Strengthen a ReAct AI Agent with Kong AI Gateway and How to Build a Single-LLM AI Agent with Kong AI Gateway and LangGraph . In this third and final part, we're going to evolve the AI Agen
In my previous post, we discussed how we can implement a basic AI Agent with Kong AI Gateway. In part two of this series, we're going to review LangGraph fundamentals, rewrite the AI Agent and explore how Kong AI Gateway can be used to protect an LLM
This is part one of a series exploring how Kong AI Gateway can be used in an AI Agent development with LangGraph. The series comprises three parts: Basic ReAct AI Agent with Kong AI Gateway Single LLM ReAct AI Agent with Kong AI Gateway and LangGr
What Is RAG, and Why Should You Use It? RAG (Retrieval-Augmented Generation) is not a new concept in AI, and unsurprisingly, when talking to companies, everyone seems to have their own interpretation of how to implement it. So, let’s start with a r
In February 2024, Kong became the first API platform to launch a dedicated AI gateway, designed to bring production-grade performance, observability, and policy enforcement to GenAI workloads. At its core, Kong’s AI Gateway provides a universal API