The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
Consider the typical enterprise architecture in a relatively mature organization, an API management layer defines and deploys services to an API gateway, an Identity Provider (IDP) manages human user identities, and separate systems or at least separate control planes in the IDP handle…
While building a GenAI-powered agent for one of our company websites, I integrated components like LLM APIs, embedding models, and a RAG (Retrieval-Augmented Generation) pipeline. The application was deployed using a Flask API backend and secured with API keys. However, post-deployment, several…
Feed Agents (and humans, too) with *all* of your APIs While multi-gateway vendor deployments have been found to be lacking as a long-term strategy, the reality is that every large organization is — at some point — going to struggle with trying to wrangle APIs across multiple API gateway solutions.…
Why are Microservices Security Risks? Traditional security was simple. One perimeter. Few entry points. Clear boundaries. Microservices shattered this model. Now organizations manage hundreds of independent services. The average number of API calls to an enterprise site has risen to an…
The Challenge: Securing Distributed Systems Netflix operates over 1,000 microservices handling two billion daily requests (Microservices architecture: from Netflix to APIs). One security gap can trigger cascading breaches. Traditional perimeter security fails in microservices. Services multiply…
Control Plane Groups in Kong Konnect provide a structured way to manage multiple control planes within a single organization. Think of it as a federated approach: different teams can deploy and manage their own APIs while still adhering to overarching policies set by a central governance team.…
The myth of the silver bullet The conventional wisdom that API security can be solved with a single tool or approach isn't just misguided — it's dangerous. This mindset has led many organizations down a path of false security, believing that deploying a WAF or implementing authentication provides…
Imagine you've built a sophisticated smart house, controlling everything from lights to the espresso machine with just a smartphone tap. Now picture a hacker hijacking your system, turning your morning latte into a high-tech security breach. This collision of connectivity and vulnerability…
When speaking with our customers, and particularly with platform teams, we repeatedly hear about how difficult it is to discover and govern all the services and APIs that actively run on their infrastructure. In ever-expanding and changing environments, platform teams often grapple with the…
Kong customers include some of the most forward-thinking, tech-savvy organizations in the world. And while we’re proud to help them innovate through traditional APIs, the reality is that their ambitions don’t stop there. Increasingly, our customers are investing heavily in real-time data and event…
Open source software has become an indispensable component of modern software development. With its easy accessibility, it offers numerous benefits such as cost savings, flexibility, and collaborative innovation. Since the use of open source components has become so mainstream, it poses some unique…
In the SaaS world, providers must offer tenant isolations for their customers and their data. This is a key requirement when offering services at scale. At Kong, we've invested a lot of time to provide a scalable and seamless approach for developers to avoid introducing breaches in our systems. In…
As cybersecurity takes the main stage, organizations face a significant challenge: how do you strike a balance between maintaining a high level of security and ensuring employees have enough data access to perform their jobs properly? Role-based access control (RBAC) is a solution that can support…
We’re excited to announce the general availability of Kong Insomnia 11! This release introduces third-party vault integrations for enhanced security, an all-new Git sync experience for more seamless collaboration, and support for multi-tabs to improve efficiency within the Insomnia application.…
Cloud native application development relies heavily on APIs. APIs have proven themselves as a scalable and efficient way to capture, deploy, and scale functionality. Consequently, APIs became a target for malicious actors to misuse. Therefore, building quality APIs with adequate security controls…
Ensuring secure access to applications and APIs is critical. As organizations increasingly adopt microservices architectures and cloud native solutions, the need for robust, fine-grained access control mechanisms becomes paramount. This is where the combination of Open Policy Agent (OPA) and Kong…
Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.