A service mesh is a mechanism for managing communications between the various individual services that make up modern applications in a microservice-based system. When a service mesh is applied, all inter-service communication is routed through proxies, which can be used to implement networking features such as encryption and load balancing.

API rate limiting involves using a mechanism to control the number of requests an API can handle in a certain time period. It's a key process for ensuring that APIs perform to a high level, provide a quality user experience, and protect the system from overload.

As a developer working with microservices architectures, you may find yourself facing numerous challenges. Managing multiple services, each with its own potential points of failure, can be complex. Issues such as communication difficulties, security concerns, and lack of visibility are common in these environments. These challenges are not unique. As microservices architectures expand, they often introduce complexities that can be demanding for development teams to handle.

The router component in the Kong Gateway is a crucial element for traffic handling, allowing the definition of specific matching rules to identify and process client requests. As a core component of the gateway, the router plays a vital role in ensuring the functionality, flexibility, security as well as performance of the gateway.

Efficiently managing your developer portal is critical in productizing your APIs quickly and reliably. A streamlined developer portal ensures that your APIs are easily accessible, well-documented, and secure — driving higher adoption and easier integration. With the increasing demand for APIs across business units, brands, partners, and more, a single developer portal often falls short for both the API owner and the consumers by introducing complexity and slowing productization efforts.

In a previous blog post, we discussed the prevalence of bearer tokens (or access tokens) to restrict access to protected resources, the challenges the sheer nature of bearer tokens present, and available mitigations. To recap, presenting a bearer token is proof enough of an authorization grant to avail the service and access resources protected by the token. This poses many security risks such as using stolen or leaked tokens to gain unauthorized access.

In this article, we'll talk about our experience implementing a design system at Kong. We'll go over the reasons why we decided we needed one in the first place, where we started, and how we got to where we are today. We'll also cover the technology we used and how it has transformed software development at Kong. Whether you have plenty of experience with design systems or are looking to get started with one, we hope you will find this article helpful and informative.

Today, we're pleased to announce another packed release for Kong Insomnia with many new features and improvements.

Developer operational efficiency is crucial for streamlining API management processes and empowering development teams to work more effectively. In this blog post, we'll explore three key tips to unlock developer operational efficiency — leveraging API documentation and self-service credential management, automating API lifecycle management, and optimizing resources and performance — using Kong Konnect and Kong Kubernetes Ingress Controller (KIC).

OAuth 2.0 is the current gold standard for secure delegated authorization. The reason is simple: OAuth puts control back in the hands of the users. It enables users to securely grant access to their resources without having to share passwords with third-party applications. Hence, it's one of the most widely adopted standards in the industry.