Talk tech with tips and tutorials from builders at Kong and the Kong Community.
Key Takeaways Get started with Insomnia for free today and start testing with the tools trusted by thousands of developers worldwide. API testing is the process of validating that your application programming interfaces (APIs) work as intended, seamlessly connecting software components. Think of…
[](/en-gb/blog/engineering/api-testing-understanding-the-basics)
The OWASP Top 10 for LLM Applications 2025 represents a significant evolution in AI security guidance, reflecting the rapid maturation of enterprise AI deployments over the past year. The key updates include expanded focus on agentic AI systems with "excessive autonomy" risks, new attention to…
[](/en-gb/blog/engineering/owasp-top-10-ai-and-llm-guide)
Open source software has become an indispensable component of modern software development. With its easy accessibility, it offers numerous benefits such as cost savings, flexibility, and collaborative innovation. Since the use of open source components has become so mainstream, it poses some unique…
[](/en-gb/blog/engineering/implementing-an-open-source-vulnerability-management-strategy)
Software development has always evolved with new paradigms to meet the growing demands of modern systems. One of the most significant shifts has been the adoption of microservices. Emerging in the early 2010s, this architectural pattern moved away from monolithic applications in favor of smaller,…
[](/en-gb/blog/engineering/tracing-logging-metrics-unifying-observability-with-opentelemetry)
Application programming interfaces (APIs) are everywhere, and they play a role in running nearly everything in our digital-centric lives. Each time you launch a web page or an app on your phone, dozens of API calls are happening in the background to render an experience heavily customized to you.…
[](/en-gb/blog/engineering/api-security-best-practices)
APIs are essential to modern applications, but managing access and security policies can be complex. Traditional access control mechanisms can fall short when flexible, scalable, and fine-grained control over who can access specific resources is needed. This is where OPA (Open Policy Agent) steps…
[](/en-gb/blog/engineering/how-to-manage-your-api-policies-with-opa-open-policy-agent)
Container technologies are always evolving — and we're not talking Tupperware here. Over the past years, service mesh has emerged as a crucial component for managing complex, distributed systems. As organizations increasingly adopt Kubernetes for orchestrating their containerized applications,…
[](/en-gb/blog/engineering/using-service-mesh-in-kubernetes-enviroment)
Today, more organizations than ever before rely on web and mobile applications and partner integrations to help them automate and scale, making APIs essential to today’s software ecosystem. But because APIs are gateways to sensitive data, this also makes them an attractive target for hackers who…
[](/en-gb/blog/engineering/api-security-risks-and-how-to-mitigate-them)
As Kubernetes has become the de facto orchestration platform for deploying cloud native applications , networking and traffic management have emerged as pivotal challenges when managing access to services and infrastructure. The core Kubernetes Ingress resource addresses basic Layer 7 (L7) routing…
[](/en-gb/blog/engineering/gateway-api-vs-ingress)
As businesses expand and gain visibility, it’s natural that their API attack surfaces become more exposed — increasing the risk of dangerous data breaches. Protecting cloud communications and securing data in transit should be your organization’s top priority. API authentication mechanisms help…
[](/en-gb/blog/engineering/common-api-authentication-methods)
When it comes to digital identity, OpenID and OAuth are two peas in a pod, but they have their differences. OpenID connects you to relying parties using a single sign-on, while OAuth grants access tokens so you can give apps limited access. They both make authentication simple, seamless, and…
[](/en-gb/blog/engineering/openid-vs-oauth-what-is-the-difference)
Creating API design guidelines is a common practice for many enterprises. The goal? Ensuring that all teams involved in API development will adhere to them. However, this goal is often not achieved, as developers may not take the time to read, study, and apply these guidelines. To address this…
[](/en-gb/blog/engineering/best-practices-for-api-design-guidelines)
API gateways and load balancers are useful tools for building modern applications. While they have some functionality overlaps, they're distinct tools with different purposes and use cases. In this article, we'll discuss the differences between API gateways and load balancers, give examples of…
[](/en-gb/blog/engineering/api-gateway-vs-load-balancer)
In this article, we'll talk about the differences between an API gateway and an API proxy — as well as a reverse proxy. We'll cover use cases and when each might be the right tool for the project at hand, including the advantages of API gateways over API proxies and reverse proxies. An API…
[](/en-gb/blog/engineering/api-gateway-vs-api-proxy-understanding-the-differences)