Technical Guides

Secure Your Web, Mobile Applications and APIs using the Kong Gateway

Today, Application Programming Interfaces (APIs) and microservices are the engines powering the digital economy. However, the complexity and highly distributed nature of these modern web and mobile applications introduce new challenges, new attack vectors and require a new approach to security. Without proper security, enterprises may accidentally expose sensitive data or open themselves up to cyberattacks, compliance violations and other security issues.

An API gateway decouples the upstream microservices from your applications, providing centralized traffic routing, integration and security policy for all API traffic. While this simplifies access for client applications, it also provides a centralized platform for implementing and enforcing security policies such as authentication and authorization.

Kong Gateway supports multiple mechanisms for controlling and managing access to your APIs. A best practice for authenticating API consumers is token-based authentication and authorization, where users or applications get tokens from an Identity Provider (IdP) and send tokens to the service/API. The token-based approach to authentication allows separating the issuing of tokens from their validation, thus facilitating the centralization of identity management. Like centralized identity management, validation of a token and its authentication management can be centralized or delegated to a modern API gateway like Kong. With Kong Gateway, management of keys, tokens and users happen in the IdP versus the gateway removing the need to manage a separate silo of identity.

This guide will walk through how the Kong Gateway can secure and protect access to applications and APIs in a unified way.
Introduction image for Secure Your Web, Mobile Applications and APIs using the Kong Gateway

    By submitting your Email you agree to receive future communications from Kong.