Svenska Spel’s API Modernization with Kong Konnect

How Svenska Spel standardized 700+ APIs, secured partner integrations, and prepared for cloud with Kong Konnect, Kong Gateway Operator, OIDC, and SPIFFE/SVID.

Svenska Spel shares how they modernized their API platform at scale using Kong Konnect, Kubernetes, and modern auth. Learn how the team standardized 700+ APIs, secured partner integrations, and prepared for cloud migration with a developer-first approach.

Key topics:
- SaaS control plane with Kong Konnect for hybrid/on-prem → cloud consistency
- Isolated partner API integration gateways for security and blast-radius control
- OIDC auth code + session (split-token) with no access token in the browser
- SPIFFE/SVID workload identity integrated via sidecar and OIDC plugin
- Microservice gateways (Envoy) with zero-trust network policies
- Kubernetes-native Gateway API with Kong Gateway Operator (v2.1)
- Developer Portal for partners and internal teams
- Migration timelines: partner integrations by 2026; full modernization by 2028