Next-Generation API platform for Modern Architecture
Kong is one of the world's fastest growing open source enterprise software companies. Kong provides the world’s largest companies, institutions, and government bodies with a next-generation API platform to secure, manage, and orchestrate microservice APIs. Kong accelerates innovation by enabling customers to better and more quickly develop, improve, deploy, and maintain applications and services for their customers.
Kong has been downloaded over 15 million times and has over 10 thousand active open source community members.
KONG offers some or all of seven major areas of functionality
Authentication and authorization.
Most of the gateways can leverage security credentials in an incoming message to perform authentication and authorization using client id tokens (aka API keys), digital signatures, two-way SSL, HTTP basic, OAuth2, and more — although some are quite limited in the authentication mechanisms they support.
To perform authentication and authorization, a gateway may use its own policy and identity stores or it may have pre built integration allowing it to delegate authentication or author ization to enterprise identity stores (e.g., LDAP, Active Directory), access management servers (e.g., single sign-on, entitlements servers). Applicable standards for this type of security federation include SAML, OAuth2, and OpenID Connect. Most gateways provide at least minimal support for security integration, but only in the API, messaging, and file gateways segment do all products upport broad features for security integration.
Message-level encryption and digital signatures serve needs of privacy, message integrity, and sometimes non-repudiation. All products in the API, message, and file gateway segment support cryptography (e.g., digital signatures, message-/field-level encryption); in other segments, one must examine each product individually.
Quotas and rate limits.
Quotas limit how many requests an API user is allowed over a typically extended time period (e.g., per month). Rate limiting governs message arrival rates over shorter durations of time (e.g., per second, per minute) regardless of what an API user’s remaining quota may be. The fewer API and message types a gateway supports, the less likely it will support both quotas and rate limits. On their own, gateways do not do billing, but some of their associated API management solutions do. In either case, a gateway can export detailed API call records to feed billing systems.
Using techniques such as XML and JSON schema validation, regular expressions, and XSLT, ensuring that an incoming message is well-formed helps to protect an API from various types of content-based attacks (e.g., blind XPath injection, SQL injection). In the special purpose and REST API gateway segments, some products support content validation; in the other segments, all do
Mediation and transformation.
Upon receiving an incoming request or prior to sending an outgoing response, gateways may manipulate messages in three major ways: 1) mediate between message protocols (e.g., HTTP to JMS), 2) mediate between message formats (e.g., JSON to XML), or 3) map and transform data (e.g., change “female” to “F” or map data between input and output fields). REST API gateways tend to support only data mapping and transformation, general purpose API gateways are mixed in their support, and API, messaging, and file gateways support all three types of manipulation.
Rate limits and schema validation provide coarse-grained attack protection, but gateways may also implement specific functions to guard against denial of service attacks, injection attacks, viruses embedded in attachments, and other threats. Because they typically have the deepest processing capabilities, API, messaging, and file gateways tend to have the most attack protection capabilities, followed by the API and messaging gateway segment. A small number of gateways extend their attack protection capabilities with web application firewall features.
As your organization’s software architecture evolves, you need a better method of brokering the exchange of information by your services. Increasingly distributed systems and adopting microservices create new challenges managing communications across your architecture. Kong Enterprise provides a simple, fast, scalable, and flexible service control platform for complex modern architectures. Kong Enterprise secures, manages and monitors all your services to accelerate innovation across all use cases. Use Kong Enterprise to connect your development teams, partners and customers with a unified platform. Reduce latency to less than 1ms. Remove bloating with a plugin-based architecture and lightweight integrations.
Scale clusters effortlessly, regardless of environment, vendor, configuration or deployment pattern. Kong Enterprise provides one platform for bare metal to
cloud-native, monolith to microservices, mesh and beyond.
Accelerate your applications. Achieve sub-millisecond latency for virtually all requests. Scale horizontally to demand.
Stop wasting time with redundant coding tasks, and start using plugins. Easily test deployments to reduce risk.
Take ownership of your infrastructure. Proactively find and address issues in real-time. Increase compliance with internal and industry standards.
FUTURE-PROOF YOUR INFRASTRUCTURE
Eliminate lock-in and build with innovation in mind with Kong’s vendor-, deployment-, and technology-agnostic platform. Take advantage of a thriving open-source community.
Running Mission-critical Microservices &
APIs On Kong Enterprise
Easily add nodes to your cluster regardless of your deployment type. Achieve flexibility at scale with microservices, serverless, mesh, and more.
Dramatically reduce latency with Kong’s sophisticated routing and request collapsing. Employ rate limiting to increase flexibility and accuracy.
Deploy Kong in the cloud, on-premises or in hybrid environments, including single or global datacenter setups.
Extend Kong functional- ity with plugins that are installed and configured through a RESTful Admin API.