Secure your APIs with confidence. Explore methods, protocols, and best practices for implementing robust authentication—from OAuth and JWT to zero-trust architectures—across modern API ecosystem
A common use case that is frequently requested is how to dynamically route requests based on authentication attributes. An example of this technique is routing requests to relevant upstream services based on claims contained in a JWT token. Admins would like all their clients to go to the same URI…
[](/blog/engineering/dynamic-routing-jwt-tokens-claim-with-kong-konnect)
Our latest release of Kong Konnect augments the security and compliance of the offering through enhanced authentication capabilities. Through the rest of this post, we’ll walk you through each of these features and explore what’s new in this Kong Konnect release. Figure 1: Kong Konnect Personal…
[](/blog/product-releases/kong-konnect-supports-federated-authentication-with-oidc-and-personal-access-tokens)
What is an API Gateway? In essence, it authenticates that a particular consumer has permission to access the API, using a predefined set of credentials. There are special cases — for example, the option to allow anonymous authentication — but generally speaking, the aim of API authentication is to…
[](/blog/learning-center/api-gateway-authentication)Authentication is the process of determining who a user is by, for example, asking them to provide a username and password or using multi-factor authentication. Once you know who the user is, you can check their account details to determine what they are authorized to access. Creating a session for…
[](/blog/learning-center/microservices-security-and-session-management)
In this episode of Kongcast , Jeff Taylor , senior product manager at Okta, tells and shows us how to speed up microservices security and take the burden off developers by managing auth with an API gateway . Still using monolithic architectures? Check out our Guide to Microservices Adoption Check…
[](/blog/enterprise/microservices-security)
In February 2021, we announced the GA of Kong Konnect , the first cloud native service connectivity platform that gives organizations the flexibility of protecting their API and service traffic while simultaneously taking advantage of 10x ops improvements via the cloud control plane. Since our Kong…
[](/blog/product-releases/kong-konnect-support-okta-more-portal-customization)
Earlier this year, we hosted our inaugural Kong Summit Hackathon . This virtual competition engaged our open source community and offered recognition and prizes for hacks in various categories. The community delivered with ingenious plugins, hacks and documentation. In this blog post, we highlight…
[](/blog/engineering/insomnia-dynamic-signatures)
As organizations look to accelerate their digital transformation initiatives, a couple of key trends are prevalent. First, there is a movement from monolithic to smaller cloud native microservices. Second, there is more pressure to innovate, resulting in an explosion of APIs and connections to…
[](/blog/news/kong-okta-identity-api-management)
As APIs and microservices evolve, the architecture used to secure these resources must also mature. Utilizing a token-based architecture to protect APIs is a robust, secure and scalable approach, and it is also much safer than API keys or basic authentication. However, token-based architecture…
[](/blog/engineering/token-based-access-control)
As more and more companies move to a multi-cloud strategy and increase usage of a cloud native infrastructure , API providers are under a lot of pressure to deliver APIs at scale in multi-cloud environments. At the same time, APIs should follow each company's security requirements and best…
[](/blog/engineering/api-authorization)
In our last Kong and Okta tutorial, we will implement a basic access control policy based on Okta’s groups and planes. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect ( OIDC ) plugin. Parts 1, 2 and 3…
[](/blog/engineering/access-control-policies)
In our third Kong and Okta tutorial, we'll go through the introspection flow implementation. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect ( OIDC ) plugin. Parts 1, 2 and 4 cover: [iframe loading="lazy"…
[](/blog/engineering/introspection-flow-konnect-okta)
This tutorial will walk through a common use case for the Kong Gateway Key Authentication plugin : using API key authentication to protect a route to an API server endpoint. It’s a simple use case, but it will give you the foundation to deploy and configure the plugin for your own unique project…
[](/blog/engineering/kong-gateway-key-authentication)
Using Kong's OpenID Connect (OIDC) plugin, Kong and Okta work together to solve three significant application development challenges: The OIDC plugin enables Kong, as the API gateway , to communicate with Okta via the OAuth/OIDC flows. That way, your app teams don't have to configure and diagnose…
[](/blog/engineering/kong-and-okta-client-credentials)
Many companies are leveraging DevOps, microservices , automation, self-service, cloud and CI/CD pipelines. These megatrends are changing how companies are building and running software. One thing that often slips through the cracks is security. With microservices, there's an increase in the number…
[](/blog/engineering/authorize-api-opa-kuma)Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.