The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
As cybersecurity takes the main stage, organizations face a significant challenge: how do you strike a balance between maintaining a high level of security and ensuring employees have enough data access to perform their jobs properly? Role-based access control (RBAC) is a solution that can support…
We’re excited to announce the general availability of Kong Insomnia 11! This release introduces third-party vault integrations for enhanced security, an all-new Git sync experience for more seamless collaboration, and support for multi-tabs to improve efficiency within the Insomnia application.…
Cloud native application development relies heavily on APIs. APIs have proven themselves as a scalable and efficient way to capture, deploy, and scale functionality. Consequently, APIs became a target for malicious actors to misuse. Therefore, building quality APIs with adequate security controls…
Ensuring secure access to applications and APIs is critical. As organizations increasingly adopt microservices architectures and cloud native solutions, the need for robust, fine-grained access control mechanisms becomes paramount. This is where the combination of Open Policy Agent (OPA) and Kong…
Today we're excited to announce Kong Gateway 3.9! Since unveiling Kong Gateway 3.8 at API Summit 2024 just a few months ago, we’ve been busy making important updates and improvements to Kong Gateway. This release introduces new functionality around LLM support for AI governance and security and…
APIs facilitate effortless communication and data exchange between applications and services. However, their inherent design, which codifies service capabilities within the API definition, makes them easily exploitable by malicious actors. API attacks in the US alone are projected to cost $506…
More than 80% of developers and business leaders say AI investments have already created the opportunity for new products or services, according to Kong’s 2024 API Impact Report . Clearly, AI has proven its value and place in the enterprise, but with new innovations come new potential…
In today's interconnected web ecosystem, modern applications frequently need to communicate across different domains, making Cross-Origin Resource Sharing (CORS) a fundamental concept for web developers to master. This comprehensive guide explores CORS from its basic principles to advanced…
Application programming interfaces (APIs) are everywhere, and they play a role in running nearly everything in our digital-centric lives. Each time you launch a web page or an app on your phone, dozens of API calls are happening in the background to render an experience heavily customized to you.…
We're excited to announce the release of Kong Gateway 3.8 , a significant update that marks a major milestone in the evolution of our API management platform. This release is packed with enhancements designed to boost performance, fortify security, and provide greater flexibility and ease of use…
The service catalog is an essential tool that all organizations invested in effective IT management should own and maintain. Without an up-to-date system of record of all services and APIs, organizations run the risk of having what we call “Shadow APIs” — or APIs that are undiscovered, unmanaged,…
Today, more organizations than ever before rely on web and mobile applications and partner integrations to help them automate and scale, making APIs essential to today’s software ecosystem. But because APIs are gateways to sensitive data, this also makes them an attractive target for hackers who…
From smart homes to wearable devices to connected cars, the Internet of Things (IoT) is bringing about a new era of hyper-connectivity. Experts expect investments in the IoT ecosystem to rise above $1 trillion in 2026 — with no signs of slowing down. Application programming interfaces (APIs) are…
In a previous blog post , we discussed the prevalence of bearer tokens (or access tokens) to restrict access to protected resources, the challenges the sheer nature of bearer tokens present, and available mitigations. To recap, presenting a bearer token is proof enough of an authorization grant to…
OAuth 2.0 is the current gold standard for secure delegated authorization. The reason is simple: OAuth puts control back in the hands of the users. It enables users to securely grant access to their resources without having to share passwords with third-party applications. Hence, it's one of the…
Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.