The widespread adoption of Kafka and event streaming platforms is evident across several enterprises, where they serve as the backbone of critical operations, ranging from financial transactions to AI inference pipelines. However, in the domains of security and identity, most teams continue to face…
In the latest Kong Gateway 3.12 release , announced October 2025, specific MCP capabilities have been released: The Kong AI Gateway sits in between the AI applications we build and the MCP Servers and GenAI models we consume. In fact, the Kong MCP Gateway sits side-by-side with the Kong LLM…
Consider the typical enterprise architecture in a relatively mature organization, an API management layer defines and deploys services to an API gateway, an Identity Provider (IDP) manages human user identities, and separate systems or at least separate control planes in the IDP handle…
Together, these three technologies enable healthcare organizations to connect systems with confidence, manage identities responsibly, and share data securely. Healthcare data is highly sensitive and strictly governed by regulations like HIPAA. The combination of Kong and Okta provides a robust,…
In the modern IT stack, API gateways act as the first line of defense against attacks on backend services by enforcing authentication/authorization policies and validating and transforming requests. When backend services are protected with a token-based approach, client applications must obtain an…
As businesses expand and gain visibility, it’s natural that their API attack surfaces become more exposed — increasing the risk of dangerous data breaches. Protecting cloud communications and securing data in transit should be your organization’s top priority. API authentication mechanisms help…
When it comes to digital identity, OpenID and OAuth are two peas in a pod, but they have their differences. OpenID connects you to relying parties using a single sign-on, while OAuth grants access tokens so you can give apps limited access. They both make authentication simple, seamless, and…
In our second Kong and Okta tutorial, we'll go through the authorization code flow applied to user authentication processes. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect ( OIDC ) plugin. Parts 1, 3 and 4…
Using Kong's OpenID Connect (OIDC) plugin, Kong and Okta work together to solve three significant application development challenges: The OIDC plugin enables Kong, as the API gateway , to communicate with Okta via the OAuth/OIDC flows. That way, your app teams don't have to configure and diagnose…
In this tutorial, I'm going to walk through adding OAuth2 authorization and authentication to your service with the Kong API Gateway OAuth2 plugin . First, I'll cover the fundamentals. If you're already familiar with how Kong Gateway and OAuth2 work, skip ahead to the tutorial . Interconnected.…