Kong Enterprise is the scalable, secure, and flexible API management solution that extends Kong Gateway, the fastest, most adopted API gateway. It adds enterprise plugins, a developer portal, analytics, advanced security features, GUI’s, and 24/7 support. It is the only solution that helps you accelerate your cloud journey by managing, securing, and monitoring connections between applications across hybrid and multi-cloud architectures, to help you scale faster and boost developer productivity.
Kong Enterprise offers access to 400+ out-of-box enterprise and community plugins. It offers exclusive versions of OSS plugins like the Rate Limiting Advanced plugin with added functionality such as the use of consumer groups, and database specific strategy. It also provides Enterprise-exclusive functionality, such as authentication with OpenID Connect, which lets you standardize identity provider (IdP) integrations.
Kong Enterprise also natively supports gRPC and REST, WebSockets, and integrates with Apollo GraphQL server and Apache Kafka services. These plugins can be leveraged to provide advanced connectivity features and solutions to Kong Gateway such as:
- OpenID Connect (OIDC)
- Event gateways with Kafka
- Advanced data transformation
- OPA Policy driven traffic management
- API product tiers
The Dev Portal provides a single source of truth for all developers to locate, access and consume APIs, similar to a traditional API catalog. Dev Portal streamlines developer onboarding by offering a self-service developer experience to discover, register, and consume published services from Kong Gateway. This customizable experience can be used to match your own unique branding and highlights the documentation and interactive API specifications of your services. In addition, you can secure your APIs with a variety of authorization providers by enabling application registration.
Monitoring and analytics
The Vitals platform provides deep insights into services, routes, and application usage data. You can view the health of your API products with custom reports and contextual dashboards, and you can enhance the native monitoring and analytics capabilities with Kong Gateway plugins that enable streaming monitoring metrics to third-party analytics providers, such as Datadog and Prometheus.
Start monitoring with Vitals →
Role-based access control (RBAC)
Kong Enterprise lets you configure users, roles, and permissions with built-in role-based access control (RBAC). With RBAC, you can streamline developer onboarding, and create apply fine-grained security and traffic policies using the Admin API, or Kong Manager.
Kong Enterprise offers out of the box secrets management with the following backends:
To configure secrets management, Kong Gateway consumes your key for the backend provider, authenticates with the backend provider, and uses the backend to centrally manage and store application secrets, sensitive data, passwords, keys, certifications, tokens, and other items.
Secure your application secrets →
Keyring and data encryption
Keyring and data encryption functionality provides transparent, symmetric encryption of sensitive data fields at rest. When enabled, Kong Gateway encrypts and decrypts data immediately before writing, or immediately after reading, from the database. Responses generated by the Admin API that contain sensitive fields continue to show data as plaintext, and Kong Gateway runtime elements (such as plugins) that require access to sensitive fields do so transparently, without requiring additional configuration.
Kong Gateway allows you to store sensitive data fields, such as consumer secrets, in an encrypted format within the database. This provides encryption-at-rest security controls in a Kong Gateway cluster.
Set up keyring and data encryption →
Kong Gateway provides granular logging of the Admin API. You can keep detailed track of changes made to the cluster configuration throughout its lifetime, for compliance efforts and for providing valuable data points during forensic investigations. Generated audit log trails are workspace and RBAC-aware, providing Kong Gateway operators a deep and wide look into changes happening within the cluster.
Get started with audit logging →
Kong Enterprise features a self-managed FIPS 140-2 gateway package, making it ideal for highly regulated industries with strict compliance and security considerations. Compliance with this standard is typically required for working with U.S. federal government agencies and their contractors.
Learn more about FIPS support →
Workspaces provide a way to segment or group Kong Gateway entities. Entities in a workspace are isolated from those in other workspaces. Kong Gateway (OSS) is limited to one workspace. With Kong Enterprise, you can leverage multiple workspaces to allow developers to easily transition between projects, and to separate services and routes belonging to different upstreams.
Dynamic plugin ordering
Dynamic plugin ordering allows you to override the priority for any Kong Gateway plugin using each plugin’s
This determines plugin ordering during the
and lets you create dynamic dependencies between plugins.
Get started with dynamic plugin ordering →
Event hooks are outbound calls from Kong Gateway. With event hooks, the Kong Gateway can communicate with target services or resources, letting the target know that an event was triggered. When an event is triggered in the Kong Gateway, it calls a URL with information about that event. Event hooks add a layer of configuration for subscribing to worker events using the admin interface.
In Kong Gateway, these callbacks can be defined using one of the following handlers:
You can configure event hooks through the Admin API.
Learn more about event hooks →
You can use consumer groups to manage custom rate limiting configuration for subsets of consumers. With consumer groups, you can define any number of rate limiting tiers and apply them to subsets of consumers, instead of managing each consumer individually.
For example, you could define three consumer groups:
- A “gold tier” with 1000 requests per minute
- A “silver tier” with 10 requests per second
- A “bronze tier” with 6 requests per second
Provisioning new data planes in the event of a control plane outage
Starting in version 3.2, Kong Gateway can be configured to support configuring new data planes in the event of a control plane outage. For more information, read the How to Manage New Data Planes during Control Plane Outages documentation, or the Control Plane Outage Management FAQ.
See Plugin Compatibility for more information about Enterprise-only plugins.