The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
In the Dev Portal world, offering users the ability to use their own domain is a milestone on our way to fully customized Dev Portals. Since Konnect-hosted portals are fronted by a Kong gateway, we looked to use our own plugins to achieve this feature. The ACME plugin is an open-source Kong plugin…
[](/blog/engineering/secure-self-service-custom-domains-for-dev-portals)
We’re excited to announce new features in Kong Konnect , including the ability to take advantage of identity management APIs, streamlined certificate management, and latency metrics as part of Analytics . Read on to learn about these features and how kong helps future-proof API security . Now you…
[](/blog/product-releases/kong-konnect-security-updates)
Security best practices remain a top priority for enterprises, especially as high-profile hacks and cybersecurity breaches pose increased risks. According to the 2022 Morgan Stanley CIO survey , IT spending is expected to reach 4.4%, with cloud computing and security software as the leading…
[](/blog/engineering/defense-in-depth-security)
A microservice -based system can consist of dozens or even hundreds of individual services communicating with each other via APIs . While its possible for a client be that a web browser, application or IoT device to make requests to the relevant microservice directly, this approach has a number of…
[](/blog/learning-center/api-gateway-uses)If the connection from clients to your API gateway isn't encrypted, all messages you send and receive are out in the open for all to read. In looking for a way in, attackers will make use of all features of an API, even the undocumented ones; security by obscurity is not a realistic defense…
[](/blog/learning-center/building-a-secure-api-gateway)An API gateway provides routing, traffic control and security capabilities which would otherwise be the responsibility of API consumers and upstream APIs. Additionally, the Gateway becomes a rich source of operational metrics useful for analytics, usage statistics and alerting. However, by…
[](/blog/learning-center/secure-api-gateway)Monitoring the health of your production system involves keeping track of various data points in real time in order to derive insights from them. Day to day, monitoring can provide early indications of problems, giving the team time to investigate and fix before a system fails completely. If youre…
[](/blog/learning-center/monitoring-and-distributed-tracing-for-microservices)The shift towards microservices is closely related to both the rise in popularity of agile software development practices and DevOps cultures. These three trends share a common goal: building products that are responsive to user needs while maintaining high quality and high availability. A system…
[](/blog/learning-center/microservices-testing-guide)
It's not uncommon for organizations to have to deploy solutions across (or among) multiple security domains. Here, we use the term "security domain" to refer to a segregated network environment, like a restricted internal network or a DMZ. This post will explore some design considerations when…
[](/blog/engineering/service-mesh-multiple-security-domains)
We live in an API-driven economy , where Application Programming Interfaces (APIs) are increasingly being used to open new revenue channels, accelerate time to market and democratize data. Enterprises are constantly striving to build faster, more reliable and easier to use APIs. They understand…
[](/blog/enterprise/kong-vs-apigee-pain-free-compliance)
API security starts with authentication and authorization, then data security and availability. In this post, I will review security considerations for an API gateway and how the capabilities of the Kong Gateway address them. First, let's review different aspects of API security in detail. A…
[](/blog/enterprise/how-api-gateway-secures-apis)
In this episode of Kongcast , Jeff Taylor , senior product manager at Okta, tells and shows us how to speed up microservices security and take the burden off developers by managing auth with an API gateway . Still using monolithic architectures? Check out our Guide to Microservices Adoption Check…
[](/blog/enterprise/microservices-security)
Like many developers and operations professionals, you may have had complicated experiences with security and certificates (encryption of the connection and authentication). Maybe so much so that you try to avoid working on them whenever possible. If you're looking for a simpler way, Kong may be…
[](/blog/engineering/mutual-tls-api-gateway)
Before exposing your company's APIs, your highest priority should be to assure the API security , governance and reliability of that architecture. To do so, you'll need to use an API gateway as a single secure entry point for API consumers rather than allowing direct access to APIs. Kong Gateway…
[](/blog/engineering/api-platform-security)
If you've been online at all this week, chances are that you've heard about the Log4Shell zero-day ( CVE-2021-44228 ) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target's machines. I know the…
[](/blog/engineering/log4j-log4shell)Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.