The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
An API gateway provides routing, traffic control and security capabilities which would otherwise be the responsibility of API consumers and upstream APIs. Additionally, the Gateway becomes a rich source of operational metrics useful for analytics, usage statistics and alerting. However, by…
Monitoring the health of your production system involves keeping track of various data points in real time in order to derive insights from them. Day to day, monitoring can provide early indications of problems, giving the team time to investigate and fix before a system fails completely. If youre…
The shift towards microservices is closely related to both the rise in popularity of agile software development practices and DevOps cultures. These three trends share a common goal: building products that are responsive to user needs while maintaining high quality and high availability. A system…
It's not uncommon for organizations to have to deploy solutions across (or among) multiple security domains. Here, we use the term "security domain" to refer to a segregated network environment, like a restricted internal network or a DMZ. This post will explore some design considerations when…
We live in an API-driven economy , where Application Programming Interfaces (APIs) are increasingly being used to open new revenue channels, accelerate time to market and democratize data. Enterprises are constantly striving to build faster, more reliable and easier to use APIs. They understand…
API security starts with authentication and authorization, then data security and availability. In this post, I will review security considerations for an API gateway and how the capabilities of the Kong Gateway address them. First, let's review different aspects of API security in detail. A…
In this episode of Kongcast , Jeff Taylor , senior product manager at Okta, tells and shows us how to speed up microservices security and take the burden off developers by managing auth with an API gateway . Still using monolithic architectures? Check out our Guide to Microservices Adoption Check…
Like many developers and operations professionals, you may have had complicated experiences with security and certificates (encryption of the connection and authentication). Maybe so much so that you try to avoid working on them whenever possible. If you're looking for a simpler way, Kong may be…
Before exposing your company's APIs, your highest priority should be to assure the API security , governance and reliability of that architecture. To do so, you'll need to use an API gateway as a single secure entry point for API consumers rather than allowing direct access to APIs. Kong Gateway…
If you've been online at all this week, chances are that you've heard about the Log4Shell zero-day ( CVE-2021-44228 ) in Log4J, a popular Java logging library. The vulnerability enables Remote Code Execution (RCE), which allows attackers to run arbitrary code on the target's machines. I know the…
This blog and video were co-created by David La Motta (Kong), Ross McDonald (Kong) and Alex Dworjan (Red Hat). Murphy's Law “Anything that can go wrong will go wrong.” To us mortals, that means we should try to prepare for the worst and hope for the best. Disaster Recovery (DR) is crucial to every…
As APIs and microservices evolve, the architecture used to secure these resources must also mature. Utilizing a token-based architecture to protect APIs is a robust, secure and scalable approach, and it is also much safer than API keys or basic authentication. However, token-based architecture…
Automating digital transformation API deployments can help speed time to market and minimize the resources required for the deployments — if developers can be assured that the automated process meets all necessary security requirements. It's a topic that Kong Senior CustomerExperience Manager Peggy…
As more and more companies move to a multi-cloud strategy and increase usage of a cloud native infrastructure , API providers are under a lot of pressure to deliver APIs at scale in multi-cloud environments. At the same time, APIs should follow each company's security requirements and best…
For the DevOps-averse developer, lambdas are heaven. They can focus on writing self-contained and modularized pieces of code, deploying these functions for on-demand execution without being concerned about resource management or infrastructure. Lambda execution , however, can be tricky. Serverless…
Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.