API gateway built for hybrid and multi-cloud, optimized for microservices and distributed architectures
Introducing Kong Gateway
Kong Gateway is a lightweight, fast, and flexible cloud-native API gateway. An API gateway is a reverse proxy that lets you manage, configure, and route requests to your APIs.
Kong Gateway runs in front of any RESTful API and can be extended through modules and plugins. It’s designed to run on decentralized architectures, including hybrid-cloud and multi-cloud deployments.
With Kong Gateway, users can:
- Leverage workflow automation and modern GitOps practices
- Decentralize applications/services and transition to microservices
- Create a thriving API developer ecosystem
- Proactively identify API-related anomalies and threats
- Secure and govern APIs/services, and improve API visibility across the entire organization.
Looking for additional help? Free training and curated content, just for you:
Extending the Kong Gateway
Kong Gateway is a Lua application running in Nginx. Kong Gateway is distributed along with OpenResty, which is a bundle of modules that extend the lua-nginx-module.
This sets the foundations for a modular architecture, where plugins can be enabled and executed at runtime. At its core, Kong Gateway implements database abstraction, routing, and plugin management. Plugins can live in separate code bases and be injected anywhere into the request lifecycle, all with a few lines of code.
Packages and modes
Kong Gateway is available in the following modes:
Kong Gateway (OSS): an open-source package containing the basic API gateway functionality and open-source plugins. You can manage the open-source Gateway with Kong’s Admin API or with declarative configuration.
Kong Gateway (available in Free, Plus, or Enterprise modes): Kong’s API gateway with added functionality.
- In Free mode, this package adds Kong Manager to the basic open-source functionality.
- In Plus mode, you have access to more Kong Gateway features, but only through Kong Konnect. See the Kong Konnect documentation and the Plus-labelled plugins on the Plugin Hub for more information.
- With an Enterprise subscription, it also includes:
You can manage Kong Gateway in Free or Enterprise mode with Kong’s Admin API, declarative configuration, or Kong Manager.
This package is also available as part of Kong Konnect.
Figure 1: Diagram of Kong Gateway modules and how they relate to the foundational Gateway components.
Requests flow from an API client into the Gateway, are modified and managed by the proxy based on your Gateway configuration, and forwarded to upstream services.
|Open Source Open Source Get Started||Kong Enterprise Kong Enterprise Contact Sales|
|API Infrastructure Modernization|
|Fast, Lightweight, Cloud-Native API Gateway|
Drive a GitOps flow of API design and execution
Kubernetes Ingress Controller
Deploy APIs to Kubernetes in a native fashion
Mock API responses directly on the API gateway
Kong Manager: Admin GUI
Visually manage Kong cluster, plugins, APIs, and consumers
|Traffic Management and Transformations|
Basic Traffic Control Plugins
Manage ACME certificates, basic rate limiting, and lightweight caching
Simple Data Transformations
Add or remove headers, JSON data, or query strings
Translate requests from gRPC-Web and REST to backend gRPC services
Convert GraphQL queries to REST requests. Rate limit and cache GraphQL queries.
Validate requests using either Kong’s own schema validator or a JSON Schema Draft 4-compliant validator
Advanced JSON transformations of requests or responses with the ability to chain transformations
Cache responses and optimize for high scale by integrating distributed backends
Advanced Rate Limiting
Enterprise-grade rate limiting with sliding window controls
|Security and Governance|
Common methods of API authentication - Basic Auth, HMAC, JWT Key Auth, limited OAuth 2.0, limited LDAP
Enterprise-grade API authentication - Full OAuth 2.0, OpenID Connect, Vault, mutual TLS, JWT signing/resigning, full LDAP
Role-Based Access Control (RBAC)
Control gateway configurations based on a user's role in the organization
Basic Authorization (Bot Detection, CORS controls, ACLs)
Control access to APIs by rules of user behavior and control lists
Advanced Authorization (OPA)
Control access to APIs with complex, programmable, enterprise-wide rules
Encrypt sensitive keys, certificates, and passwords
FIPS 140-2 Support
Kong Gateway now provides a FIPS mode, which at its core uses the FIPS 140-2 compliant BoringCrypto for cryptographic operations.
Send basic API gateway logs - File logging, HTTP logging, basic StatsD, TCP/UDP logging
Natively analyze requests and responses flowing through the API gateway
Gateway Event Hooks
Automatically log out or send web hooks on changes to the gateway, such as administrators added or rate limits exceeded
|Enterprise Support and Services|
24/7 x 365 technical support SLAs
|Security CVE and Bug Fix Backports|
|Performance Tuning Guidance|
Customer Success Packages - Add-on
Accelerate time to value with dedicated Technical Account Managers and Field Engineers
Kong Admin API
Kong Admin API provides a RESTful interface for administration and configuration of Services, Routes, Plugins, and Consumers. All of the tasks you can perform against the Gateway can be automated using the Kong Admin API.
Note: If you are running Kong in traditional mode, increased traffic could lead to potential performance with Kong Proxy. Server-side sorting and filtering large quantities of entities will also cause increased CPU usage in both Kong CP and database.
Kong Manager is the graphical user interface (GUI) for Kong Gateway. It uses the Kong Admin API under the hood to administer and control Kong Gateway.
Here are some of the things you can do with Kong Manager:
- Create new Routes and Services
- Activate or deactivate plugins with a couple of clicks
- Group your teams, services, plugins, consumer management, and everything else exactly how you want them
- Monitor performance: visualize cluster-wide, workspace-level, or object-level health using intuitive, customizable dashboards
Kong Dev Portal
Kong Dev Portal is used to onboard new developers and to generate API documentation, create custom pages, manage API versions, and secure developer access.
Kong Vitals provides useful metrics about the health and performance of your Kong Gateway nodes, as well as metrics about the usage of your proxied APIs. You can visually monitor vital signs and pinpoint anomalies in real-time, and use visual API analytics to see exactly how your APIs and Gateway are performing and access key statistics. Kong Vitals is part of the Kong Manager UI.
Kong Gateway can run natively on Kubernetes with its custom ingress controller, Helm chart, and Operator. A Kubernetes ingress controller is a proxy that exposes Kubernetes services from applications (for example, Deployments, ReplicaSets) running on a Kubernetes cluster to client applications running outside of the cluster. The intent of an ingress controller is to provide a single point of control for all incoming traffic into the Kubernetes cluster.
Kong Gateway plugins
Kong Gateway plugins provide advanced functionality to better manage your API and microservices. With turnkey capabilities to meet the most challenging use cases, Kong Gateway plugins ensure maximum control and minimizes unnecessary overhead. Enable features like authentication, rate-limiting, and transformations by enabling Kong Gateway plugins through Kong Manager or the Admin API.
Kong also provides API lifecycle management tools that you can use with Kong Gateway.
Insomnia enables spec-first development for all REST and GraphQL services. With Insomnia, organizations can accelerate design and test workflows using automated testing, direct Git sync, and inspection of all response types. Teams of all sizes can use Insomnia to increase development velocity, reduce deployment risk, and increase collaboration.
decK helps manage Kong Gateway’s configuration in a declarative fashion. This means that a developer can define the desired state of Kong Gateway or Konnect – services, routes, plugins, and more – and let decK handle implementation without needing to execute each step manually, as you would with the Kong Admin API.
Get started with Kong Gateway
Download and install Kong Gateway. To test it out, you can choose either the open-source package, or run Kong Gateway in free mode and also try out Kong Manager.
After installation, get started with our introductory quickstart guide
Try in Konnect
Kong Konnect can manage Kong Gateway instances. With this setup, Kong hosts the control plane and you host your own data planes.
There are a few ways to test out the Gateway’s Plus or Enterprise features:
- Sign up for a free trial of Kong Konnect Plus.
- Check out learning labs at Kong Academy.
- If you are interested in evaluating Enterprise features locally, request a demo and a Kong representative will reach out with details to get you started.
Kong primarily follows a semantic versioning (SemVer) model for its products.
For the latest version support information for Kong Enterprise and Kong Mesh, see our version support policy.