The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
Traditional APIs are, in a word, predictable. You know what you're getting: AI APIs, especially anything that runs on LLMs under the hood, are a completely different story. These things are highly unpredictable by their very nature. You're dealing with token-based costs that swing wildly depending…
Free collaboration with Postman — a myth On March 1st, 2026, Postman discontinued free collaboration for small teams. Now , Git or Cloud-native collaboration requires a Team plan starting at $19 per person per month. That means even a 3-person team is now paying $57 per month just to keep their API…
The widespread adoption of Kafka and event streaming platforms is evident across several enterprises, where they serve as the backbone of critical operations, ranging from financial transactions to AI inference pipelines. However, in the domains of security and identity, most teams continue to face…
Running Kong in front of your Solace Broker adds real benefits: Imagine an order service that accepts REST requests and publishes them as events. 1. API Consumer calls Kong with a standard POST request: 2. Kong Gateway applies authentication, validates the payload, adds a correlation ID, rate…
API endpoints are like the doors to a web service. Through these endpoints, we can enter and talk to a web service and be shown where and how we can gain access to whatever it is the server has. This process allows separate pieces of software to swap information in a controlled way. Understanding…
As API ecosystems grow more complex, maintaining visibility and security shouldn't be a hurdle. Kong Gateway 3.13 simplifies these challenges with expanded OpenTelemetry support and more flexible orchestration. These new capabilities not only make your APIs more observable but also make it easier…
Kong Cloud Gateways are fully managed, high-performance data planes running on customer-dedicated infrastructure, orchestrated and operated by Kong through Kong Konnect . Customers can choose between: Together, these models give organizations the flexibility to run Kong where it makes the most…
Consider the typical enterprise architecture in a relatively mature organization, an API management layer defines and deploys services to an API gateway, an Identity Provider (IDP) manages human user identities, and separate systems or at least separate control planes in the IDP handle…
While building a GenAI-powered agent for one of our company websites, I integrated components like LLM APIs, embedding models, and a RAG (Retrieval-Augmented Generation) pipeline. The application was deployed using a Flask API backend and secured with API keys. However, post-deployment, several…
Feed Agents (and humans, too) with *all* of your APIs While multi-gateway vendor deployments have been found to be lacking as a long-term strategy, the reality is that every large organization is — at some point — going to struggle with trying to wrangle APIs across multiple API gateway solutions.…
Why are Microservices Security Risks? Traditional security was simple. One perimeter. Few entry points. Clear boundaries. Microservices shattered this model. Now organizations manage hundreds of independent services. The average number of API calls to an enterprise site has risen to an…
The Challenge: Securing Distributed Systems Netflix operates over 1,000 microservices handling two billion daily requests (Microservices architecture: from Netflix to APIs). One security gap can trigger cascading breaches. Traditional perimeter security fails in microservices. Services multiply…
Control Plane Groups in Kong Konnect provide a structured way to manage multiple control planes within a single organization. Think of it as a federated approach: different teams can deploy and manage their own APIs while still adhering to overarching policies set by a central governance team.…
The myth of the silver bullet The conventional wisdom that API security can be solved with a single tool or approach isn't just misguided — it's dangerous. This mindset has led many organizations down a path of false security, believing that deploying a WAF or implementing authentication provides…
Imagine you've built a sophisticated smart house, controlling everything from lights to the espresso machine with just a smartphone tap. Now picture a hacker hijacking your system, turning your morning latte into a high-tech security breach. This collision of connectivity and vulnerability…
Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.