The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
Application Programming Interfaces (APIs) and microservices are the foundational pillars of digital transformation initiatives. They simplify the development process for our technology teams, enabling them to innovate faster, increase customer engagement and boost business agility. However, while…
In our last Kong and Okta tutorial, we will implement a basic access control policy based on Okta’s groups and planes. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect ( OIDC ) plugin. Parts 1, 2 and 3…
In our third Kong and Okta tutorial, we'll go through the introspection flow implementation. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect ( OIDC ) plugin. Parts 1, 2 and 4 cover: [iframe loading="lazy"…
The demand for digital transformation has accelerated, with 62% of technology leaders sharing that they fear they are at risk of being displaced by competitors who innovate more quickly. Enterprises are increasingly transitioning from monolithic to microservices architecture, with the goal to…
President Biden issued an " Executive Order on Improving the Nation's Cybersecurity " (Executive Order 14028) as of May 12, 2021. The order includes numerous actions and mandates to confront the dangers of cyber attacks that are increasing in frequency and sophistication. Cybersecurity has real and…
This tutorial will walk through a common use case for the Kong Gateway Key Authentication plugin : using API key authentication to protect a route to an API server endpoint. It’s a simple use case, but it will give you the foundation to deploy and configure the plugin for your own unique project…
Fastly's next-gen WAF (formerly Signal Sciences ) integrates with Kong Konnect to block malicious requests to your services. Kong Gateway provides a robust and secure enterprise API management platform to front web traffic. In partnership, Fastly focuses on Layer 7 application security for that…
The concept of zero-trust security is relatively simple. In essence, no entity or system should have trust by default. You should assume that any system you are talking to is not trustworthy until you establish otherwise. Within Kong Konnect , one mechanism to apply zero-trust is the OpenID Connect…
Imagine you're going through immigration at the airport. The immigration officer says, "I don't need your passport because I trust that you are who you claim to be." Wait, what? That would never happen, right? That's because trust is exploitable. Sooner or later, somebody will try to lie about who…
Transitioning to microservices has many advantages for teams building large applications that must accelerate the pace of innovation, deployments and time to market. It also provides them the opportunity to secure their applications and services better than they did with monolithic codebases.…
When testing APIs, software engineers often repeat identical values across multiple requests, but who wants to waste time typing the same values every time? Insomnia 's environment variables solve this problem by allowing you to define a value once as an environment variable and reference that…
A DMZ – Demilitarized Zone – is a military term, roughly summarized, as an area between two adversaries established as a buffer in order to reduce, or eliminate, the possibility of further conflict. In networking, the term usually refers to an area that acts as a buffer between two segregated…
Kong Enterprise provides many out-of-the-box plugins to support various access control solutions like basic authentication , key authentication , JWT, LDAP, OAuth 2.0, OpenID Connect, among others. Most of the time, you should be able to find a plugin to suit your needs to protect your private or…
A modern API gateway like Kong enables organizations to achieve some use cases much more easily than traditional gateways. The reason is older, traditional gateways try to provide as many features as possible into a heavyweight monolith, while modern solutions use a best-in-breed approach. These…
At Kong, we leverage many tools to protect our services and customers. Terraform from HashiCorp allows us to automate the process with Infrastructure as Code (IaC). Another important tool is Amazon Web Services (AWS) GuardDuty , a continuous monitoring service for security threat detection in your…
Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.