The latest news and announcements about Kong, our products, and our ecosystem, as well as voices from across our community.
When testing APIs, software engineers often repeat identical values across multiple requests, but who wants to waste time typing the same values every time? Insomnia 's environment variables solve this problem by allowing you to define a value once as an environment variable and reference that…
[](/blog/engineering/avoiding-plain-text-passwords-insomnia)
A DMZ – Demilitarized Zone – is a military term, roughly summarized, as an area between two adversaries established as a buffer in order to reduce, or eliminate, the possibility of further conflict. In networking, the term usually refers to an area that acts as a buffer between two segregated…
[](/blog/enterprise/deploying-kong-in-a-dmz)
Kong Enterprise provides many out-of-the-box plugins to support various access control solutions like basic authentication , key authentication , JWT, LDAP, OAuth 2.0, OpenID Connect, among others. Most of the time, you should be able to find a plugin to suit your needs to protect your private or…
[](/blog/engineering/custom-authentication-and-authorization-framework-with-kong)
A modern API gateway like Kong enables organizations to achieve some use cases much more easily than traditional gateways. The reason is older, traditional gateways try to provide as many features as possible into a heavyweight monolith, while modern solutions use a best-in-breed approach. These…
[](/blog/engineering/how-to-secure-apis-and-services-using-openid-connect)
At Kong, we leverage many tools to protect our services and customers. Terraform from HashiCorp allows us to automate the process with Infrastructure as Code (IaC). Another important tool is Amazon Web Services (AWS) GuardDuty , a continuous monitoring service for security threat detection in your…
[](/blog/engineering/configuring-aws-guardduty-lambda-slack-notifications)
When a data breach occurs involving a cloud service, the impulsive reaction is to denounce using the cloud (at least for sensitive information). Since cloud security is not widely understood, it may be difficult to delineate it in the context of more general information security. Out of the box,…
[](/blog/engineering/s3-breach-prevention-best-practices-enterprise-cloud-security)
Today we’re excited to show how Kong Enterprise customers can utilize our new plugin for HashiCorp Vault for authentication and secrets management. Like the Terraform integration released last year, this new integration with Vault represents another step towards allowing Kong Enterprise customers…
[](/blog/news/announcing-kongs-integration-vault)
When we build software, it's critical that we test and roll-out the software in a controlled manner. To make sure this happens, we make use of available tools and best practices to make sure that the software works as intended. We conduct code reviews, execute all the possible unit, integration,…
[](/blog/engineering/reducing-deployment-risk-canary-releases-blue-green-deployments-kong)Secure your AI infrastructure with prompt guards, PII sanitization, and centralized governance. Control LLM costs with token-based rate limiting and semantic routing across providers.