DISCOVER & TEST KONNECT APIS IN REAL TIME WITH INSOMNIA 13 MIGRATE 50% FASTER WITH KONG MIGRATION SERVICES DON'T MISS OUT ON API + AI SUMMIT 2026 | PRICES INCREASE AUGUST 16
  • [Why Kong ](/company/why-kong)Why Kong
  • _API & AI CONNECTIVITY TECHNOLOGIES_
    The Unified API and AI Platform
    []
    API ManagementAI ManagementEvent ManagementMonetization
    Migration Services
    API Advisory Services + Forward Deployed EngineersNEW
    • RUNTIMES
    • [API Gateway ](/products/kong-gateway)API Gateway
    • [AI Gateway HOT](/products/kong-ai-gateway)AI Gateway HOT
    • [Event Gateway ](/products/event-gateway)Event Gateway
    • [Service Mesh ](/products/kong-mesh)Service Mesh
    • [Context Mesh ](/products/kong-konnect/features/context-mesh)Context Mesh
    • [Ingress Controller ](/products/kong-ingress-controller)Ingress Controller
    • [Kong Operator ](/products/kong-operator)Kong Operator
    • CORE SERVICES
    • [MCP Registry NEW](/products/mcp-registry)MCP Registry NEW
    • [API Service Catalog ](/products/kong-konnect/features/api-service-catalog)API Service Catalog
    • [Runtime Management ](/products/kong-konnect/features/runtime-management)Runtime Management
    • [APIOps & Automation ](/products/apiops-automation)APIOps & Automation
    • APPS & AI AGENTS
    • [Developer Portal ](/products/kong-konnect/features/developer-portal)Developer Portal
    • [Usage Billing & Metering ](/products/kong-konnect/features/usage-based-metering-and-billing)Usage Billing & Metering
    • [Observability ](/products/kong-konnect/features/api-observability)Observability
    • [KAi Agent ](/products/kong-konnect/features/kai-ai-agent)KAi Agent
    DEVELOPER TOOLS
    [Insomnia ](https://insomnia.rest/)Insomnia [Plugins ](https://developer.konghq.com/plugins/)Plugins [Volcano ](https://volcano.dev/)Volcano [Kong MCP ](https://developer.konghq.com/konnect-platform/konnect-mcp/)Kong MCP [Documentation ](https://docs.konghq.com/)Documentation [Open Source ](/community)Open Source
      • FOR PLATFORM TEAMS
      • [Developer Platform ](/solutions/building-developer-platform)Developer Platform
      • [Kubernetes and Microservices ](/solutions/build-on-kubernetes)Kubernetes and Microservices
      • [Observability ](/solutions/observability)Observability
      • [Service Mesh Connectivity ](/solutions/service-mesh-connectivity)Service Mesh Connectivity
      • [Kafka Event Streaming ](/solutions/kafka-stream-api-management)Kafka Event Streaming
      • FOR EXECUTIVES
      • [AI Connectivity ](/ai-connectivity)AI Connectivity
      • [Open Banking ](/solutions/open-banking)Open Banking
      • [Legacy Migration ](/solutions/legacy-api-management-migration)Legacy Migration
      • [Platform Cost Reduction ](/solutions/api-platform-consolidation)Platform Cost Reduction
      • [Kafka Cost Optimization ](/solutions/reduce-kafka-cost)Kafka Cost Optimization
      • [API Monetization ](/solutions/api-monetization)API Monetization
      • [AI Monetization ](/solutions/ai-monetization)AI Monetization
      • [AI FinOps ](/solutions/ai-cost-governance-finops)AI FinOps
      • FOR AI TEAMS
      • [Agent Gateway ](/agent-gateway)Agent Gateway
      • [AI Governance ](/solutions/ai-governance)AI Governance
      • [AI Security ](/solutions/ai-security)AI Security
      • [Token Cost Management ](/solutions/ai-cost-optimization-management)Token Cost Management
      • [Agentic Infrastructure ](/solutions/agentic-ai-workflows)Agentic Infrastructure
      • [MCP Production ](/solutions/mcp-production-and-consumption)MCP Production
      • [MCP Traffic Gateway ](/solutions/mcp-governance)MCP Traffic Gateway
      • FOR DEVELOPERS
      • [Mobile App API Development ](/solutions/mobile-application-api-development)Mobile App API Development
      • [GenAI App Development ](/solutions/power-openai-applications)GenAI App Development
      • [API Gateway for Istio ](/solutions/istio-gateway)API Gateway for Istio
      • [Decentralized Load Balancing ](/solutions/decentralized-load-balancing)Decentralized Load Balancing
      • BY INDUSTRY
      • [Financial Services ](/solutions/financial-services-industry)Financial Services
      • [Healthcare ](/solutions/healthcare)Healthcare
      • [Higher Education ](/solutions/api-platform-for-education-services)Higher Education
      • [Insurance ](/solutions/insurance)Insurance
      • [Manufacturing ](/solutions/manufacturing)Manufacturing
      • [Retail ](/solutions/retail)Retail
      • [Software & Technology ](/solutions/software-and-technology)Software & Technology
      • [Transportation ](/solutions/transportation-and-logistics)Transportation
    NEW
    Kong for Startups
    Apply for $100k credits & 50% off AI Gateway
  • [Pricing ](/pricing)Pricing
      • DOCUMENTATION
      • [Kong Konnect ](https://developer.konghq.com/konnect/)Kong Konnect
      • [Kong Gateway ](https://developer.konghq.com/gateway/)Kong Gateway
      • [Kong Mesh ](https://developer.konghq.com/mesh/)Kong Mesh
      • [Kong AI Gateway ](https://developer.konghq.com/ai-gateway/)Kong AI Gateway
      • [Kong Event Gateway ](https://developer.konghq.com/event-gateway/)Kong Event Gateway
      • [Kong Insomnia ](https://developer.konghq.com/insomnia/)Kong Insomnia
      • [Plugin Hub ](https://developer.konghq.com/plugins/)Plugin Hub
      • EXPLORE
      • [Blog ](/blog)Blog
      • [Learning Center ](/blog/learning-center)Learning Center
      • [eBooks ](/resources/e-book)eBooks
      • [Reports ](/resources/reports)Reports
      • [Demos ](/resources/demos)Demos
      • [Customer Stories ](/customer-stories)Customer Stories
      • [Videos ](/resources/videos)Videos
      • EVENTS
      • [API + AI Summit ](/events/conferences/api-ai-summit)API + AI Summit
      • [Webinars ](/events/webinars)Webinars
      • [User Calls ](/events/user-calls)User Calls
      • [Workshops ](/events/workshops)Workshops
      • [Meetups ](/events/meetups)Meetups
      • [See All Events ](/events)See All Events
      • FOR DEVELOPERS
      • [Get Started ](https://developer.konghq.com/)Get Started
      • [Community ](/community)Community
      • [Certification ](/academy/certification)Certification
      • [Training ](https://education.konghq.com)Training
      • COMPANY
      • [About Us ](/company/about-us)About Us
      • [We're Hiring! ](/company/careers)We're Hiring!
      • [Press Room ](/company/press-room)Press Room
      • [Contact Us ](/company/contact-us)Contact Us
      • [Kong Partner Program ](/partners)Kong Partner Program
      • [Enterprise Support Portal ](https://support.konghq.com/s/)Enterprise Support Portal
      • [Documentation ](https://developer.konghq.com/?_gl=1*tphanb*_gcl_au*MTcxNTQ5NjQ0MC4xNzY5Nzg4MDY0LjIwMTI3NzEwOTEuMTc3MzMxODI2MS4xNzczMzE4MjYw*_ga*NDIwMDU4MTU3LjE3Njk3ODgwNjQ.*_ga_4JK9146J1H*czE3NzQwMjg1MjkkbzE4OSRnMCR0MTc3NDAyODUyOSRqNjAkbDAkaDA)Documentation
  • [](/search)
  • [Login](https://cloud.konghq.com/login)Login
  • [Book Demo](/contact-sales)Book Demo
  • [Get Started](/products/kong-konnect/register)Get Started
[Blog](/blog)Blog
  • [AI Gateway ](/blog/tag/ai-gateway)AI Gateway
  • [AI Security ](/blog/tag/ai-security)AI Security
  • [AIOps ](/blog/tag/aiops)AIOps
  • [API Security ](/blog/tag/api-security)API Security
  • [API Gateway ](/blog/tag/api-gateway)API Gateway
|
    • [API Management ](/blog/tag/api-management)API Management
    • [API Development ](/blog/tag/api-development)API Development
    • [API Design ](/blog/tag/api-design)API Design
    • [Automation ](/blog/tag/automation)Automation
    • [Service Mesh ](/blog/tag/service-mesh)Service Mesh
    • [Insomnia ](/blog/tag/insomnia)Insomnia
    • [Event Gateway ](/blog/tag/event-gateway)Event Gateway
    • [View All Blogs ](/blog/page/1)View All Blogs
We're Entering the Age of AI Connectivity [Read more](/blog/news/the-age-of-ai-connectivity)Read moreProducts & Agents:
    • [Kong AI Gateway](/products/kong-ai-gateway)Kong AI Gateway
    • [Kong API Gateway](/products/kong-gateway)Kong API Gateway
    • [Kong Event Gateway](/products/event-gateway)Kong Event Gateway
    • [Kong Metering & Billing](/products/kong-konnect/features/usage-based-metering-and-billing)Kong Metering & Billing
    • [Kong Insomnia](/products/kong-insomnia)Kong Insomnia
    • [Kong Konnect](/products/kong-konnect)Kong Konnect
  • [Documentation](https://developer.konghq.com)Documentation
  • [Book Demo](/contact-sales)Book Demo
  1. Home
  2. Blog
  3. API Security

## API Security

The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.

[‹Prev](/blog/tag/api-security/page/3)‹Prev[1](/blog/tag/api-security)1…[3](/blog/tag/api-security/page/3)34[5](/blog/tag/api-security/page/5)5…[7](/blog/tag/api-security/page/7)7[Next›](/blog/tag/api-security/page/5)Next›

# Tightening Bearer Token Authentication with Proof-of-Possession Tokens

[API Authentication](/blog/tag/api-authentication)API AuthenticationNovember 15, 2023

In token-based architecture, tokens represent the client’s entitlement to access protected resources. Access tokens (or bearer tokens as they're commonly known) are issued by authorization servers after successful user authentication. The tokens are passed as credentials in the request to the…

Veena Rajarathna

# Your Secrets and Tokens are Secure with Kong Gateway Enterprise 3.5

[API Security](/blog/tag/api-security)API SecurityNovember 13, 2023

Kong Gateway Enterprise 3.5 is packed with security features to support the use cases demanded by our enterprise customers through major improvements in Secrets Management integrations and our Open-ID Connect (OIDC) plugin. Additionally, we’ve added key security updates for a few of our AWS…

Tom Brightbill

# Kong Releases Product Updates to Address Novel HTTP/2 'Rapid Reset' DDoS Vulnerability

[API Security](/blog/tag/api-security)API SecurityOctober 12, 2023

At Kong, the security and reliability of our products have always been paramount. In light of the recent discovery of the Novel HTTP/2 ‘Rapid Reset’ DDoS attack ( CVE-2023-44487 ), we have taken steps to proactively address potential issues. Today we’re providing guidance on how our users can best…

Tom Brightbill

# Zero Trust Network Access (ZTNA) vs VPNs

[Zero-Trust](/blog/tag/zero-trust)Zero-TrustOctober 11, 2023

In today’s modern digital environment, more organizations are relying on remote work than ever before. While this shift has given companies unprecedented flexibility when it comes to deploying their workforce, it has also presented challenges in keeping their devices, operations, and personnel…

Kong

# OpenID vs OAuth: Understanding API Security Protocols

[API Security](/blog/tag/api-security)API SecurityOctober 10, 2023

When it comes to digital identity, OpenID and OAuth are two peas in a pod, but they have their differences. OpenID connects you to relying parties using a single sign-on, while OAuth grants access tokens so you can give apps limited access. They both make authentication simple, seamless, and…

Axandria Shepard

# Unlocking Success with Kong Mesh 2.4 with Security, Resilience, and Flexibility

Kong Logo
[Service Mesh](/blog/tag/service-mesh)Service MeshSeptember 11, 2023

In the ever-evolving landscape of digital business operations, staying ahead of the curve requires constant adaptation and innovation. Kong Mesh 2.4 contains several enhancements to help your organization's infrastructure be more efficient. In this blog post, we’ll explore the key benefits of Kong…

John Harris

# Reduce API Security Risks with Standardized Governance

[API Security](/blog/tag/api-security)API SecurityAugust 18, 2023

APIs serve as the foundation for how software systems and services communicate and exchange data. But unmanaged and unsecured APIs can open up massive vulnerabilities that lead to disastrous security breaches and data leaks without proper governance. With API-related attacks increasing — and set…

Kong

# OWASP API Security Top 10: Mitigating Risks with Kong

[API Security](/blog/tag/api-security)API SecurityAugust 10, 2023

The Open Web Application Security Project (OWASP for short) is a not-for-profit entity devoted to improving the security of software. Founded in 2001, OWASP is a global organization that supports thousands of volunteers globally to produce freely available articles, documentation, tutorials, and…

Kong

# How to Choose the Right API Gateway for Your Business

[API Gateway](/blog/tag/api-gateway)API GatewayAugust 8, 2023

Modern organizations rely on APIs to power their digital customer experiences. This can lead to stronger brand loyalty and higher revenues — if they play their cards right. The driving factor in delivering personalized content is connectivity to more applications, systems, and data sources. That…

Kong

# API Infrastructure is Mission Critical — and Increasingly Under Attack

[API Security](/blog/tag/api-security)API SecurityJuly 27, 2023

APIs have revolutionized every industry. They fuel digital transformation and power the web, making up more than 83% of global internet traffic. And API adoption will only grow, with AI, Web3 , and decentralization only further driving API usage and integration. But these sometimes-overlooked…

Kong

# API Security and Management: The Impact on the Fintech Industry

[API Security](/blog/tag/api-security)API SecurityJune 29, 2023

The world of financial services is driven by digital experiences. Over the last 20 years, virtually all banking activities have been taken online (an unfortunate change only for fans of pneumatic tubes and pens on beaded chains). Like other industries that have undergone digital transformation,…

Greg Peranich

# Kong Mesh 2.3 Improves Security, Flexibility, and Resiliency

[Service Mesh](/blog/tag/service-mesh)Service MeshJune 26, 2023

Kong is proud to announce the release of the latest version of Kong Mesh 2.3. In this release, Kong Mesh continues to build upon the enterprise-grade service mesh in the critical areas of, security, flexibility, and resiliency. As organizations continue to leverage APIs to deliver digital…

John Harris

# Zero Trust Security: The What, Why, and How

[Zero-Trust](/blog/tag/zero-trust)Zero-TrustJune 8, 2023

The concept of Zero Trust is based on the belief that no internal network or system can be fully trusted. Traditional network architectures, such as a perimeter-based model, rely on distinguishing between internal and external networks. However, this approach is flawed because internal networks can…

Kong

# Understand the Differences: API Authentication vs API Authorization

[API Authentication](/blog/tag/api-authentication)API AuthenticationJune 8, 2023

If you landed on this blog post, chances are that you care about keeping your API secure. It's an important topic to discuss: API exploits are on the rise, and you don't want unauthorized users accessing your data. A big part of that security is implementing API authentication and API…

Kong

# Imperva and Kong Join Forces to Integrate Leading API Management and Cybersecurity Solutions

[API Security](/blog/tag/api-security)API SecurityApril 19, 2023

Today we're pleased to announce a new strategic partnership and resale agreement with Imperva . Imperva customers will now be able to directly license Kong Enterprise, the fastest, most feature-rich, and secure API management solution. In addition, Kong customers will be able to use the Imperva API…

Kong
[‹Prev](/blog/tag/api-security/page/3)‹Prev[1](/blog/tag/api-security)1…[3](/blog/tag/api-security/page/3)34[5](/blog/tag/api-security/page/5)5…[7](/blog/tag/api-security/page/7)7[Next›](/blog/tag/api-security/page/5)Next›

## See AI Gateway in Action

Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.

[Get a Demo](/contact-sales)Get a Demo

## step-0

    • Company
    • [About Kong ](/company/about-us)About Kong
    • [Customers ](/customer-stories)Customers
    • [Careers ](/company/careers)Careers
    • [Press ](/company/press-room)Press
    • [Events ](/events)Events
    • [Contact ](/company/contact-us)Contact
    • [Pricing ](/pricing)Pricing
      •    * [Terms](/legal/terms-of-use)
      •    * [Privacy](/legal/privacy-policy)
      •    * [Trust and Compliance](https://trust.konghq.com/)
    • Platform
    • [Kong AI Gateway ](/products/kong-ai-gateway)Kong AI Gateway
    • [Kong Konnect ](/products/kong-konnect)Kong Konnect
    • [Kong Gateway ](/products/kong-gateway)Kong Gateway
    • [Kong Event Gateway ](/products/event-gateway)Kong Event Gateway
    • [Kong Insomnia ](/products/kong-insomnia)Kong Insomnia
    • [Documentation ](https://developer.konghq.com)Documentation
    • [Book Demo ](/contact-sales)Book Demo
    • Compare
    • [AI Gateway Alternatives ](/performance-comparison/ai-gateway-alternatives)AI Gateway Alternatives
    • [Kong vs Apigee ](/performance-comparison/kong-vs-apigee)Kong vs Apigee
    • [Kong vs AWS ](/performance-comparison/kong-vsaws)Kong vs AWS
    • [Kong vs IBM ](/performance-comparison/ibm-api-connect-vs-kong)Kong vs IBM
    • [Kong vs Mulesoft ](/performance-comparison/kong-vs-mulesoft)Kong vs Mulesoft
    • [Kong vs Postman ](/performance-comparison/kong-vs-postman)Kong vs Postman
    • Explore More
    • [Kong for Startups ](/solutions/startup-program)Kong for Startups
    • [Open Banking API Solutions ](/solutions/open-banking)Open Banking API Solutions
    • [API Governance Solutions ](/solutions/api-governance)API Governance Solutions
    • [Istio API Gateway Integration ](/solutions/istio-gateway)Istio API Gateway Integration
    • [Kubernetes API Management ](/solutions/build-on-kubernetes)Kubernetes API Management
    • [API Gateway: Build vs Buy ](/campaign/secure-api-scalability)API Gateway: Build vs Buy
    • Open Source
    • [Kong Gateway ](https://developer.konghq.com/gateway/install/)Kong Gateway
    • [Kuma ](https://kuma.io/)Kuma
    • [Insomnia ](https://insomnia.rest/)Insomnia
    • [Kong Community ](/community)Kong Community

Kong enables the connectivity layer for the agentic era – securely connecting, governing, and monetizing APIs and AI tokens across any model or cloud.

  • English
  • Japanese
  • Frenchcoming soon
  • Spanishcoming soon
  • Germancoming soon
[Everything is 200 OK](https://status.konghq.com/)
© Kong Inc. 2026
Interaction mode