🎂 Make a wish and blow out the candles…we’re celebrating Kong’s sixth anniversary! 👏👏👏 In 2015, Mashape open sourced Kong Gateway, launching the next generation of API management. In our last anniversary post, I took a look back at our history. For this 6th anniversary post, I’ll focus on how this year went and look forward to what’s coming up next.

President Joe Biden issued an “Executive Order on Improving the Nation’s Cybersecurity” as of May 12, 2021. The order includes numerous actions and mandates to confront the dangers of cyber attacks that are increasing in frequency and sophistication. Cybersecurity has real and significant implications, both in economical and national security terms. At the time of this writing, the Colonial Pipeline cyber attack caused quite a stir on the USA’s east coast.

If you’ve not heard of decK (our declarative configuration and drift detection tool for Kong Gateway) before, now’s a great time to get hands-on with it as we’ve just shipped decK v1.7.0 with a whole host of new goodies. Oh, and it’s all open source as usual.

In our second Kong and Okta tutorial, we’ll go through the authorization code flow applied to user authentication processes. This series will show you how to implement service authentication and authorization for Kong Konnect and Okta using the OpenID Connect (OIDC) plugin.

As we've discussed in our previous Service Discovery post, decoupled services in a microservice architecture communicate via APIs. But what about the communication between clients outside of your system and the services within your application? How does that communication work? An API gateway is a powerful component in a microservice architecture. Pairing its functionality with a serverless platform like Koyeb saves engineering teams time and maximizes computing resources efficiency.

We recently sat down to discuss the language for the next Kong Gateway Plugin Development Kit (PDK). Given the number of JavaScript developers in the world and the variety of libraries and debugging tools available, there was only one logical choice. I’m excited to share that with the Kong Gateway (OSS) 2.4 release, that functionality is now available to you all!

In HeathTech apps, it’s often the case that you’re dealing with private or health-related data. This requires compliance with regulations, such as HIPAA in the United States. These regulations force you to handle sensitive data in a well-defined manner, so only specific people can read it, and if they do, it should be logged for later auditing.

Here at Ably, we deal with hard engineering problems all the time and pushing at the edges often results in us running up against all sorts of interesting gotchas. We recently made some AWS NLBs fall over, and had a hazardous encounter with Cassandra counter columns. In our day-to-day, we use gRPC for fast and efficient data exchange with mutual client/server state synchronization.

This tutorial will walk through a common use case for the Kong Gateway Key Authentication plugin: using API key authentication to protect a route to an API server endpoint. It’s a simple use case, but it will give you the foundation to deploy and configure the plugin for your own unique project needs. Before we walk through our mini-project, let’s cover a few core concepts.

One of the most powerful capabilities provided by Kong Konnect Enterprise is the support for Hybrid deployments. In other words, it implements distributed API Gateway Clusters with multiple instances running on several environments at the same time. Moreover, Kong Enterprise provides a new topology option, named Hybrid Mode, with a total separation of the Control Plane (CP) and Data Plane (DP).

We looked at service design considerations in the first part of this blog series. In this next part, I’d like to share some best practices for API versioning – a topic that comes up quite often with every customer as it is one of the key concerns when implementing API gateways. There are two ways to version RESTful APIs: URI and header-based, as summarized in this REST API tutorial.

At SmartBear we have a vision for improving the lives of developers, and adding quality into the software development supply chain – no matter where in DevOps maturity an organization sits. We’ve seen a lot of success in this effort, and no small part of it involves the way we manage our acquisitions and invest in their development teams. This is true for software solutions like Zephyr, TestComplete, and ReadyAPI, as well as our innovators behind OSS projects, like Cucumber.

APIs are the backbone of digital transformation. Via APIs, you can securely share data and functionality with developers both inside and outside of your organizational boundaries, letting you build applications faster, seamlessly connect and interact with partners, and drive new business revenue. Because APIs encompass business-critical information, any downtime or performance degradation can lead to significant loss in revenue, customers, and brand value.

Containerization and orchestration are becoming increasingly popular. According to a recent survey conducted by Market Watch, the global container market will exceed $5 billion by 2026. In 2019, that number was under 1 billion. These statistics show that the world is moving more towards containers and orchestration faster and faster each day. One example of this is moving from VM to Kubernetes.

The Kong Gateway Rate Limiting plugin is one of our most popular traffic control add-ons. You can configure the plugin with a policy for what constitutes “similar requests” (requests coming from the same IP address, for example), and you can set your limits (limit to 10 requests per minute, for example). This tutorial will walk through how simple it is to enable rate limiting in your Kong Gateway.

Note to readers before we get started: you’ll see us referring to the “Kong Gateway” in this post. This is the product previously referred to as Kong Gateway Enterprise. In version 2.3, we released a free operating mode of Kong Gateway Enterprise, and given it no longer needs a paid “Enterprise” license, we now refer to this gateway as the Kong Gateway and disambiguate from the OSS-only Gateway as Kong Gateway (OSS).

APIs play a critical role in helping software connect and communicate, as well as making the lives of developers a little easier. Over the years we’ve published a number of posts to help developers design APIs to get the most from them. Below is a list of our most popular API design posts you can read now or bookmark for later.

As their name reflects, DueDil provides due diligence services ranging from customer-specific risk evaluations and selections to customer onboarding and real-time risk monitoring for leading financial services, high-growth tech and insurance companies. Founded in 2009, the company helps more than 3,000 enterprise users from over 400 clients to not only understand with whom they’re doing business, but to do so with increased efficiency and in compliance with regulatory requirements.

In this Kong Konnect tutorial, you’ll learn how to leverage the platform to manage your API ecosystem from a single easy-to-use interface.

Using Kong’s OpenID Connect (OIDC) plugin, Kong and Okta work together to solve three significant application development challenges: The OIDC plugin enables Kong, as the API gateway, to communicate with Okta via the OAuth/OIDC flows. That way, your app teams don’t have to configure and diagnose authentication and authorization for each service individually. With these challenges solved, app teams have more time to build and innovate.

Software teams have found themselves in the center of the business’ strategy. Their strategic decisions on technologies to invest in has resulted in greater agility and the ability to build products that differentiate their companies in the market. As a result, optimizing the ability for software teams to deliver by investing in stronger tooling has become a core priority.

Today, we are thrilled to announce that we have expanded open access to Kong Konnect, the world’s only cloud native, full lifecycle service connectivity platform, for everybody anywhere in the world, thanks to a new plan called Konnect Plus! Available today with a free 30-day trial.

In 2006, SoapUI was developed with a singular goal: create a simple, open-source SOAP API testing tool. Since then, developers have contributed code and provided valuable feedback to help SmartBear transform SoapUI into ReadyAPI, the most powerful API testing platform on the market.

As organizations adopt a microservices architecture, API gateway usage has increased. Kong Gateway is one of the promising API gateways in the market. It has both OSS and enterprise support, releases multiple features and is easy to use. Kong Admin API helps administrators configure the system easily, but it’s still error-prone. That’s because the user has to hit many curl calls for creating all the configs. When numerous folks are managing the system, this becomes difficult.

At Speedscale, we’re always trying to find ways to iterate faster and reduce developer toil. In line with that mission, we slant our engineering decisions towards using cutting edge tech because we usually move faster and it also allows us to help our customers later on when they upgrade their own tech stack. Recently, we had the opportunity to upgrade the communication channel between our api-gateway and react front end. This journey provided some unexpected benefits.

Today, connecting various heterogeneous systems (or protocols) is key when developing complex integration solutions. Also, due to the wide range of deployment environments (i.e., on-premises, cloud, and container-based), this process becomes even more difficult.