Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.2.x (latest)
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (2.1-2.5)
  • Older OSS versions (2.1-2.5)
  • Archive (pre-2.1)
    • Overview of Kong Gateway
      • Version Support Policy
      • Third Party Dependencies
      • Browser Support
    • Stability
    • Release Notes
      • Services
        • Overview
        • Configure Routes with Expressions
      • Upstreams
      • Plugins
      • Routing Traffic
      • Load Balancing
      • Health Checks and Circuit Breakers
      • Kong Performance Testing
    • Glossary
    • Get Kong
    • Services and Routes
    • Rate Limiting
    • Proxy Caching
    • Key Authentication
    • Load-Balancing
      • Overview
        • Overview
        • Deploy Kong Gateway in Hybrid mode
      • DB-less Deployment
      • Traditional
      • Overview
        • Helm
        • OpenShift with Helm
        • kubectl apply
        • Kubernetes Deployment Options
        • Using docker run
        • Build your own Docker images
        • Amazon Linux
        • Debian
        • Red Hat
        • Ubuntu
      • Running Kong as a non-root user
      • Securing the Admin API
      • Using systemd
      • Start Kong Gateway Securely
      • Programatically Creating Admins
      • Enabling RBAC
      • Overview
      • Download your License
      • Deploy Enterprise License
      • Using the License API
      • Monitor Licenses Usage
      • Default Ports
      • DNS Considerations
      • Network and Firewall
      • CP/DP Communication through a Forward Proxy
        • Configure PostgreSQL TLS
        • Troubleshooting PostgreSQL TLS
    • Kong Configuration File
    • Environment Variables
    • Serving a Website and APIs from Kong
      • Overview
      • Prometheus
      • StatsD
      • Datadog
      • Overview
      • Writing a Custom Trace Exporter
      • Tracing API Reference
    • Resource Sizing Guidelines
    • Security Update Process
    • Blue-Green Deployments
    • Canary Deployments
    • Clustering Reference
      • Log Reference
      • Dynamic log level updates
      • Customize Gateway Logs
      • Upgrade Kong Gateway 3.x.x
      • Migrate from OSS to Enterprise
    • Overview
      • Overview
      • Metrics
      • Analytics with InfluxDB
      • Analytics with Prometheus
      • Estimate Analytics Storage in PostgreSQL
      • Overview
      • Getting Started
      • Advanced Usage
        • Overview
        • Environment Variables
        • AWS Secrets Manager
        • Google Secrets Manager
        • Hashicorp Vault
        • Securing the Database with AWS Secrets Manager
      • Reference Format
      • Overview
      • Get Started with Dynamic Plugin Ordering
      • Overview
      • Enable the Dev Portal
      • Publish an OpenAPI Spec
      • Structure and File Types
      • Themes Files
      • Working with Templates
      • Using the Editor
        • Basic Auth
        • Key Auth
        • OIDC
        • Sessions
        • Adding Custom Registration Fields
        • Manage Developers
        • Developer Roles and Content Permissions
        • Authorization Provider Strategy
        • Enable Application Registration
        • Enable Key Authentication for Application Registration
          • External OAuth2 Support
          • Set up Okta and Kong for External Oauth
          • Set up Azure AD and Kong for External Authentication
        • Manage Applications
        • Theme Editing
        • Migrating Templates Between Workspaces
        • Markdown Rendering Module
        • Customizing Portal Emails
        • Adding and Using JavaScript Assets
        • Single Page App in Dev Portal
        • Alternate OpenAPI Renderer
      • SMTP
      • Workspaces
      • Helpers CLI
      • Portal API Documentation
    • Audit Logging
    • Keyring and Data Encryption
    • Workspaces
    • Consumer Groups
    • Event Hooks
    • Configure Data Plane Resilience
    • About Control Plane Outage Management
      • Overview
      • Install the FIPS Compliant Package
      • FIPS 140-2 Compliant Plugins
    • Overview
    • Enable Kong Manager
      • Services and Routes
      • Rate Limiting
      • Proxy Caching
      • Authentication with Consumers
      • Load Balancing
      • Overview
      • Create a Super Admin
      • Workspaces and Teams
      • Reset Passwords and RBAC Tokens
      • Basic Auth
        • Configure LDAP
        • LDAP Service Directory Mapping
        • Configure OIDC
        • OIDC Authenticated Group Mapping
      • Sessions
        • Overview
        • Enable RBAC
        • Add a Role and Permissions
        • Create a User
        • Create an Admin
    • Networking Configuration
    • Workspaces
    • Create Consumer Groups
    • Sending Email
    • Overview
    • File Structure
    • Implementing Custom Logic
    • Plugin Configuration
    • Accessing the Data Store
    • Storing Custom Entities
    • Caching Custom Entities
    • Extending the Admin API
    • Writing Tests
    • (un)Installing your Plugin
      • Overview
      • kong.client
      • kong.client.tls
      • kong.cluster
      • kong.ctx
      • kong.ip
      • kong.jwe
      • kong.log
      • kong.nginx
      • kong.node
      • kong.request
      • kong.response
      • kong.router
      • kong.service
      • kong.service.request
      • kong.service.response
      • kong.table
      • kong.tracing
      • kong.vault
      • kong.websocket.client
      • kong.websocket.upstream
      • Go
      • Javascript
      • Python
      • Running Plugins in Containers
      • External Plugin Performance
    • Overview
        • Overview
        • OpenID Connect with Curity
        • OpenID Connect with Azure AD
        • OpenID Connect with Google
        • OpenID Connect with Okta
        • OpenID Connect with Auth0
        • OpenID Connect with Cognito
      • Authentication Reference
      • Allow Multiple Authentication Plugins
    • Rate Limiting Plugin
      • Add a Body Value
    • GraphQL
      • gRPC Plugins
      • Configure a gRPC service
    • Overview
    • Information Routes
    • Health Routes
    • Tags
    • Debug Routes
    • Services
    • Routes
    • Consumers
    • Plugins
    • Certificates
    • CA Certificates
    • SNIs
    • Upstreams
    • Targets
    • Vaults
    • Keys
    • Licenses
    • Workspaces
    • RBAC
    • Admins
    • Developers
    • Consumer Groups
    • Event Hooks
    • Keyring and Data Encryption
    • Audit Logs
    • kong.conf
    • Injecting Nginx Directives
    • CLI
    • Key Management
    • Performance Testing Framework
    • Router Expressions Language
    • FAQ

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Quick Links
  • Introducing Kong Gateway
  • Extending the Kong Gateway
  • Packages and modes
  • Features
    • Kong Admin API
    • Kong Manager
    • Kong Dev Portal
    • Kong Vitals
    • Kubernetes
    • Kong Gateway plugins
  • Tools
    • Insomnia
    • decK
  • Get started with Kong Gateway
    • Try in Konnect
  • Support policy
Kong Gateway
3.2.x (latest)
  • Home
  • Kong Gateway
  • Overview

Kong Gateway

API gateway built for hybrid and multi-cloud, optimized for microservices and distributed architectures

Quick Links

Features
Quick Start
Install
Plugins
API Reference

Introducing Kong Gateway

Kong Gateway is a lightweight, fast, and flexible cloud-native API gateway. An API gateway is a reverse proxy that lets you manage, configure, and route requests to your APIs.

Kong Gateway runs in front of any RESTful API and can be extended through modules and plugins. It’s designed to run on decentralized architectures, including hybrid-cloud and multi-cloud deployments.

With Kong Gateway, users can:

  • Leverage workflow automation and modern GitOps practices
  • Decentralize applications/services and transition to microservices
  • Create a thriving API developer ecosystem
  • Proactively identify API-related anomalies and threats
  • Secure and govern APIs/services, and improve API visibility across the entire organization.

Looking for additional help? Free training and curated content, just for you:

Extending the Kong Gateway

Kong Gateway is a Lua application running in Nginx. Kong Gateway is distributed along with OpenResty, which is a bundle of modules that extend the lua-nginx-module.

This sets the foundations for a modular architecture, where plugins can be enabled and executed at runtime. At its core, Kong Gateway implements database abstraction, routing, and plugin management. Plugins can live in separate code bases and be injected anywhere into the request lifecycle, all with a few lines of code.

Kong provides many plugins for you to use in your Gateway deployments. You can also create your own custom plugins. For more information, see the plugin development guide, the PDK reference, and the guide on creating plugins with other languages (JavaScript, Go, and Python).

Packages and modes

Kong Gateway is available in the following modes:

Kong Gateway (OSS): an open-source package containing the basic API gateway functionality and open-source plugins. You can manage the open-source Gateway with Kong’s Admin API or with declarative configuration.

Kong Gateway (available in Free, Plus, or Enterprise modes): Kong’s API gateway with added functionality.

  • In Free mode, this package adds Kong Manager to the basic open-source functionality.
  • In Plus mode, you have access to more Kong Gateway features, but only through Kong Konnect. See the Kong Konnect documentation and the Plus-labelled plugins on the Plugin Hub for more information.
  • With an Enterprise subscription, it also includes:
    • Dev Portal
    • Vitals
    • RBAC
    • Enterprise plugins

You can manage Kong Gateway in Free or Enterprise mode with Kong’s Admin API, declarative configuration, or Kong Manager.

This package is also available as part of Kong Konnect.

Introduction to Kong Gateway

Figure 1: Diagram of Kong Gateway modules and how they relate to the foundational Gateway components.
Requests flow from an API client into the Gateway, are modified and managed by the proxy based on your Gateway configuration, and forwarded to upstream services.

Features

Open Source Open Source Get Started Kong Enterprise Kong Enterprise Contact Sales
API Infrastructure Modernization
Fast, Lightweight, Cloud-Native API Gateway
End-to-End Automation
Drive a GitOps flow of API design and execution
Kubernetes Ingress Controller
Deploy APIs to Kubernetes in a native fashion
Gateway Mocking
Mock API responses directly on the API gateway
Kong Manager: Admin GUI
Visually manage Kong cluster, plugins, APIs, and consumers
Traffic Management and Transformations
Basic Traffic Control Plugins
Manage ACME certificates, basic rate limiting, and lightweight caching
Simple Data Transformations
Add or remove headers, JSON data, or query strings
gRPC Transformations
Translate requests from gRPC-Web and REST to backend gRPC services
GraphQL
Convert GraphQL queries to REST requests. Rate limit and cache GraphQL queries.
Request Validation
Validate requests using either Kong’s own schema validator or a JSON Schema Draft 4-compliant validator
jq Transformations
Advanced JSON transformations of requests or responses with the ability to chain transformations
Advanced Caching
Cache responses and optimize for high scale by integrating distributed backends
Advanced Rate Limiting
Enterprise-grade rate limiting with sliding window controls
Security and Governance
Authentication
Common methods of API authentication - Basic Auth, HMAC, JWT Key Auth, limited OAuth 2.0, limited LDAP
Advanced Authentication
Enterprise-grade API authentication - Full OAuth 2.0, OpenID Connect, Vault, mutual TLS, JWT signing/resigning, full LDAP
Role-Based Access Control (RBAC)
Control gateway configurations based on a user's role in the organization
Basic Authorization (Bot Detection, CORS controls, ACLs)
Control access to APIs by rules of user behavior and control lists
Advanced Authorization (OPA)
Control access to APIs with complex, programmable, enterprise-wide rules
Secret Management
Encrypt sensitive keys, certificates, and passwords
FIPS 140-2 Support
Kong Gateway now provides a FIPS mode, which at its core uses the FIPS 140-2 compliant BoringCrypto for cryptographic operations.
Observability
Simple logging
Send basic API gateway logs - File logging, HTTP logging, basic StatsD, TCP/UDP logging
API Analytics
Natively analyze requests and responses flowing through the API gateway
Gateway Event Hooks
Automatically log out or send web hooks on changes to the gateway, such as administrators added or rate limits exceeded
Enterprise Support and Services
Enterprise support
24/7 x 365 technical support SLAs
Security CVE and Bug Fix Backports
Performance Tuning Guidance
Customer Success Packages - Add-on
Accelerate time to value with dedicated Technical Account Managers and Field Engineers

Kong Admin API

Kong Admin API provides a RESTful interface for administration and configuration of Services, Routes, Plugins, and Consumers. All of the tasks you can perform against the Gateway can be automated using the Kong Admin API.

Kong Manager

Note: If you are running Kong in traditional mode, increased traffic could lead to potential performance with Kong Proxy. Server-side sorting and filtering large quantities of entities will also cause increased CPU usage in both Kong CP and database.

Kong Manager is the graphical user interface (GUI) for Kong Gateway. It uses the Kong Admin API under the hood to administer and control Kong Gateway.

Here are some of the things you can do with Kong Manager:

  • Create new Routes and Services
  • Activate or deactivate plugins with a couple of clicks
  • Group your teams, services, plugins, consumer management, and everything else exactly how you want them
  • Monitor performance: visualize cluster-wide, workspace-level, or object-level health using intuitive, customizable dashboards

Kong Dev Portal

Kong Dev Portal is used to onboard new developers and to generate API documentation, create custom pages, manage API versions, and secure developer access.

Kong Vitals

Kong Vitals provides useful metrics about the health and performance of your Kong Gateway nodes, as well as metrics about the usage of your proxied APIs. You can visually monitor vital signs and pinpoint anomalies in real-time, and use visual API analytics to see exactly how your APIs and Gateway are performing and access key statistics. Kong Vitals is part of the Kong Manager UI.

Kubernetes

Kong Gateway can run natively on Kubernetes with its custom ingress controller, Helm chart, and Operator. A Kubernetes ingress controller is a proxy that exposes Kubernetes services from applications (for example, Deployments, ReplicaSets) running on a Kubernetes cluster to client applications running outside of the cluster. The intent of an ingress controller is to provide a single point of control for all incoming traffic into the Kubernetes cluster.

Kong Gateway plugins

Kong Gateway plugins provide advanced functionality to better manage your API and microservices. With turnkey capabilities to meet the most challenging use cases, Kong Gateway plugins ensure maximum control and minimizes unnecessary overhead. Enable features like authentication, rate-limiting, and transformations by enabling Kong Gateway plugins through Kong Manager or the Admin API.

Tools

Kong also provides API lifecycle management tools that you can use with Kong Gateway.

Insomnia

Insomnia enables spec-first development for all REST and GraphQL services. With Insomnia, organizations can accelerate design and test workflows using automated testing, direct Git sync, and inspection of all response types. Teams of all sizes can use Insomnia to increase development velocity, reduce deployment risk, and increase collaboration.

decK

decK helps manage Kong Gateway’s configuration in a declarative fashion. This means that a developer can define the desired state of Kong Gateway or Konnect – services, routes, plugins, and more – and let decK handle implementation without needing to execute each step manually, as you would with the Kong Admin API.

Get started with Kong Gateway

Download and install Kong Gateway. To test it out, you can choose either the open-source package, or run Kong Gateway in free mode and also try out Kong Manager.

After installation, get started with our introductory quickstart guide

Try in Konnect

Kong Konnect can manage Kong Gateway instances. With this setup, Kong hosts the control plane and you host your own data planes.

There are a few ways to test out the Gateway’s Plus or Enterprise features:

  • Sign up for a free trial of Kong Konnect Plus.
  • Check out learning labs at Kong Academy.
  • If you are interested in evaluating Enterprise features locally, request a demo and a Kong representative will reach out with details to get you started.

Support policy

Kong primarily follows a semantic versioning (SemVer) model for its products.

For the latest version support information for Kong Enterprise and Kong Mesh, see our version support policy.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023