Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.2.x (latest)
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (2.1-2.5)
  • Older OSS versions (2.1-2.5)
  • Archive (pre-2.1)
    • Overview of Kong Gateway
      • Version Support Policy
      • Third Party Dependencies
      • Browser Support
    • Stability
    • Release Notes
      • Services
        • Overview
        • Configure Routes with Expressions
      • Upstreams
      • Plugins
      • Routing Traffic
      • Load Balancing
      • Health Checks and Circuit Breakers
      • Kong Performance Testing
    • Glossary
    • Get Kong
    • Services and Routes
    • Rate Limiting
    • Proxy Caching
    • Key Authentication
    • Load-Balancing
      • Overview
        • Overview
        • Deploy Kong Gateway in Hybrid mode
      • DB-less Deployment
      • Traditional
      • Overview
        • Helm
        • OpenShift with Helm
        • kubectl apply
        • Kubernetes Deployment Options
        • Using docker run
        • Build your own Docker images
        • Amazon Linux
        • Debian
        • Red Hat
        • Ubuntu
      • Running Kong as a non-root user
      • Securing the Admin API
      • Using systemd
      • Start Kong Gateway Securely
      • Programatically Creating Admins
      • Enabling RBAC
      • Overview
      • Download your License
      • Deploy Enterprise License
      • Using the License API
      • Monitor Licenses Usage
      • Default Ports
      • DNS Considerations
      • Network and Firewall
      • CP/DP Communication through a Forward Proxy
        • Configure PostgreSQL TLS
        • Troubleshooting PostgreSQL TLS
    • Kong Configuration File
    • Environment Variables
    • Serving a Website and APIs from Kong
      • Overview
      • Prometheus
      • StatsD
      • Datadog
      • Overview
      • Writing a Custom Trace Exporter
      • Tracing API Reference
    • Resource Sizing Guidelines
    • Security Update Process
    • Blue-Green Deployments
    • Canary Deployments
    • Clustering Reference
      • Log Reference
      • Dynamic log level updates
      • Customize Gateway Logs
      • Upgrade Kong Gateway 3.x.x
      • Migrate from OSS to Enterprise
    • Overview
      • Overview
      • Metrics
      • Analytics with InfluxDB
      • Analytics with Prometheus
      • Estimate Analytics Storage in PostgreSQL
      • Overview
      • Getting Started
      • Advanced Usage
        • Overview
        • Environment Variables
        • AWS Secrets Manager
        • Google Secrets Manager
        • Hashicorp Vault
        • Securing the Database with AWS Secrets Manager
      • Reference Format
      • Overview
      • Get Started with Dynamic Plugin Ordering
      • Overview
      • Enable the Dev Portal
      • Publish an OpenAPI Spec
      • Structure and File Types
      • Themes Files
      • Working with Templates
      • Using the Editor
        • Basic Auth
        • Key Auth
        • OIDC
        • Sessions
        • Adding Custom Registration Fields
        • Manage Developers
        • Developer Roles and Content Permissions
        • Authorization Provider Strategy
        • Enable Application Registration
        • Enable Key Authentication for Application Registration
          • External OAuth2 Support
          • Set up Okta and Kong for External Oauth
          • Set up Azure AD and Kong for External Authentication
        • Manage Applications
        • Theme Editing
        • Migrating Templates Between Workspaces
        • Markdown Rendering Module
        • Customizing Portal Emails
        • Adding and Using JavaScript Assets
        • Single Page App in Dev Portal
        • Alternate OpenAPI Renderer
      • SMTP
      • Workspaces
      • Helpers CLI
      • Portal API Documentation
    • Audit Logging
    • Keyring and Data Encryption
    • Workspaces
    • Consumer Groups
    • Event Hooks
    • Configure Data Plane Resilience
    • About Control Plane Outage Management
      • Overview
      • Install the FIPS Compliant Package
      • FIPS 140-2 Compliant Plugins
    • Overview
    • Enable Kong Manager
      • Services and Routes
      • Rate Limiting
      • Proxy Caching
      • Authentication with Consumers
      • Load Balancing
      • Overview
      • Create a Super Admin
      • Workspaces and Teams
      • Reset Passwords and RBAC Tokens
      • Basic Auth
        • Configure LDAP
        • LDAP Service Directory Mapping
        • Configure OIDC
        • OIDC Authenticated Group Mapping
      • Sessions
        • Overview
        • Enable RBAC
        • Add a Role and Permissions
        • Create a User
        • Create an Admin
    • Networking Configuration
    • Workspaces
    • Create Consumer Groups
    • Sending Email
    • Overview
    • File Structure
    • Implementing Custom Logic
    • Plugin Configuration
    • Accessing the Data Store
    • Storing Custom Entities
    • Caching Custom Entities
    • Extending the Admin API
    • Writing Tests
    • (un)Installing your Plugin
      • Overview
      • kong.client
      • kong.client.tls
      • kong.cluster
      • kong.ctx
      • kong.ip
      • kong.jwe
      • kong.log
      • kong.nginx
      • kong.node
      • kong.request
      • kong.response
      • kong.router
      • kong.service
      • kong.service.request
      • kong.service.response
      • kong.table
      • kong.tracing
      • kong.vault
      • kong.websocket.client
      • kong.websocket.upstream
      • Go
      • Javascript
      • Python
      • Running Plugins in Containers
      • External Plugin Performance
    • Overview
        • Overview
        • OpenID Connect with Curity
        • OpenID Connect with Azure AD
        • OpenID Connect with Google
        • OpenID Connect with Okta
        • OpenID Connect with Auth0
        • OpenID Connect with Cognito
      • Authentication Reference
      • Allow Multiple Authentication Plugins
    • Rate Limiting Plugin
      • Add a Body Value
    • GraphQL
      • gRPC Plugins
      • Configure a gRPC service
    • Overview
    • Information Routes
    • Health Routes
    • Tags
    • Debug Routes
    • Services
    • Routes
    • Consumers
    • Plugins
    • Certificates
    • CA Certificates
    • SNIs
    • Upstreams
    • Targets
    • Vaults
    • Keys
    • Licenses
    • Workspaces
    • RBAC
    • Admins
    • Developers
    • Consumer Groups
    • Event Hooks
    • Keyring and Data Encryption
    • Audit Logs
    • kong.conf
    • Injecting Nginx Directives
    • CLI
    • Key Management
    • Performance Testing Framework
    • Router Expressions Language
    • FAQ

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Enterprise Plugins
  • Dev Portal
  • Monitoring and analytics
  • Role-based access control (RBAC)
  • Secrets management
  • Keyring and data encryption
  • Audit logging
  • FIPS support
  • Workspaces
  • Dynamic plugin ordering
  • Event hooks
  • Consumer groups
  • Provisioning new data planes in the event of a control plane outage
  • More information
Kong Gateway
3.2.x (latest)
  • Home
  • Kong Gateway
  • Kong Enterprise
  • Overview

Overview

Kong Enterprise is the scalable, secure, and flexible API management solution that extends Kong Gateway, the fastest, most adopted API gateway. It adds enterprise plugins, a developer portal, analytics, advanced security features, GUI’s, and 24/7 support. It is the only solution that helps you accelerate your cloud journey by managing, securing, and monitoring connections between applications across hybrid and multi-cloud architectures, to help you scale faster and boost developer productivity.

Enterprise Plugins

Kong Enterprise offers access to 400+ out-of-box enterprise and community plugins. It offers exclusive versions of OSS plugins like the Rate Limiting Advanced plugin with added functionality such as the use of consumer groups, and database specific strategy. It also provides Enterprise-exclusive functionality, such as authentication with OpenID Connect, which lets you standardize identity provider (IdP) integrations.

Kong Enterprise also natively supports gRPC and REST, WebSockets, and integrates with Apollo GraphQL server and Apache Kafka services. These plugins can be leveraged to provide advanced connectivity features and solutions to Kong Gateway such as:

  • OpenID Connect (OIDC)
  • Event gateways with Kafka
  • GraphQL
  • Mocking
  • Advanced data transformation
  • OPA Policy driven traffic management
  • API product tiers

Get started with plugins →

Dev Portal

The Dev Portal provides a single source of truth for all developers to locate, access and consume APIs, similar to a traditional API catalog. Dev Portal streamlines developer onboarding by offering a self-service developer experience to discover, register, and consume published services from Kong Gateway. This customizable experience can be used to match your own unique branding and highlights the documentation and interactive API specifications of your services. In addition, you can secure your APIs with a variety of authorization providers by enabling application registration.

Learn more about Dev Portal →

Monitoring and analytics

The Vitals platform provides deep insights into services, routes, and application usage data. You can view the health of your API products with custom reports and contextual dashboards, and you can enhance the native monitoring and analytics capabilities with Kong Gateway plugins that enable streaming monitoring metrics to third-party analytics providers, such as Datadog and Prometheus.

Start monitoring with Vitals →

Role-based access control (RBAC)

Kong Enterprise lets you configure users, roles, and permissions with built-in role-based access control (RBAC). With RBAC, you can streamline developer onboarding, and create apply fine-grained security and traffic policies using the Admin API, or Kong Manager.

Manage teams with RBAC →

Secrets management

Kong Enterprise offers out of the box secrets management with the following backends:

  • Amazon Web Services
  • Google Cloud Platform
  • Hashicorp Vault

To configure secrets management, Kong Gateway consumes your key for the backend provider, authenticates with the backend provider, and uses the backend to centrally manage and store application secrets, sensitive data, passwords, keys, certifications, tokens, and other items.

Secure your application secrets →

Keyring and data encryption

Keyring and data encryption functionality provides transparent, symmetric encryption of sensitive data fields at rest. When enabled, Kong Gateway encrypts and decrypts data immediately before writing, or immediately after reading, from the database. Responses generated by the Admin API that contain sensitive fields continue to show data as plaintext, and Kong Gateway runtime elements (such as plugins) that require access to sensitive fields do so transparently, without requiring additional configuration.

Kong Gateway allows you to store sensitive data fields, such as consumer secrets, in an encrypted format within the database. This provides encryption-at-rest security controls in a Kong Gateway cluster.

Set up keyring and data encryption →

Audit logging

Kong Gateway provides granular logging of the Admin API. You can keep detailed track of changes made to the cluster configuration throughout its lifetime, for compliance efforts and for providing valuable data points during forensic investigations. Generated audit log trails are workspace and RBAC-aware, providing Kong Gateway operators a deep and wide look into changes happening within the cluster.

Get started with audit logging →

FIPS support

Kong Enterprise features a self-managed FIPS 140-2 gateway package, making it ideal for highly regulated industries with strict compliance and security considerations. Compliance with this standard is typically required for working with U.S. federal government agencies and their contractors.

Learn more about FIPS support →

Workspaces

Workspaces provide a way to segment or group Kong Gateway entities. Entities in a workspace are isolated from those in other workspaces. Kong Gateway (OSS) is limited to one workspace. With Kong Enterprise, you can leverage multiple workspaces to allow developers to easily transition between projects, and to separate services and routes belonging to different upstreams.

Learn more about workspaces →

Dynamic plugin ordering

Dynamic plugin ordering allows you to override the priority for any Kong Gateway plugin using each plugin’s ordering field. This determines plugin ordering during the access phase and lets you create dynamic dependencies between plugins.

Get started with dynamic plugin ordering →

Event hooks

Event hooks are outbound calls from Kong Gateway. With event hooks, the Kong Gateway can communicate with target services or resources, letting the target know that an event was triggered. When an event is triggered in the Kong Gateway, it calls a URL with information about that event. Event hooks add a layer of configuration for subscribing to worker events using the admin interface.

In Kong Gateway, these callbacks can be defined using one of the following handlers:

  • webhook
  • webhook-custom
  • log
  • lambda

You can configure event hooks through the Admin API.

Learn more about event hooks →

Consumer groups

You can use consumer groups to manage custom rate limiting configuration for subsets of consumers. With consumer groups, you can define any number of rate limiting tiers and apply them to subsets of consumers, instead of managing each consumer individually.

For example, you could define three consumer groups:

  • A “gold tier” with 1000 requests per minute
  • A “silver tier” with 10 requests per second
  • A “bronze tier” with 6 requests per second

Set up consumer groups →

Provisioning new data planes in the event of a control plane outage

Starting in version 3.2, Kong Gateway can be configured to support configuring new data planes in the event of a control plane outage. For more information, read the How to Manage New Data Planes during Control Plane Outages documentation, or the Control Plane Outage Management FAQ.

More information

See Plugin Compatibility for more information about Enterprise-only plugins.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023