Skip to content
Kong Docs are moving soon! Our docs are migrating to a new home. You'll be automatically redirected to the new site in the future. In the meantime, view this page on the new site!
|

Welcome to Kong Plugin Hub

Extend Kong Gateway and Kong Konnect with powerful plugins and easy integrations

Plugin Overview | Compatibility

Filter plugins icon
Clear search icon

AI

AI Proxy icon

AI Proxy

Call supported Large Language Model vendors and models through Kong Gateway, using mediated data formats and authentication
Support by:
AI Proxy Advanced icon

AI Proxy Advanced

Route across different LLMs and models using advanced load balancing algorithms, including semantic routing
Support by:
AI Azure Content Safety icon

AI Azure Content Safety

Use Azure Cognitive Services (Content Safety) to check and audit AI Proxy plugin messages before proxying them to an upstream LLM
Support by:
AI Prompt Decorator icon

AI Prompt Decorator

Prepend or append an array of llm/v1/chat messages to a user's chat history
Support by:
AI Prompt Guard icon

AI Prompt Guard

Check llm/v1/chat or llm/v1/completions requests against a list of allowed or denied expressions
Support by:
AI Prompt Template icon

AI Prompt Template

Provide fill-in-the-blank AI prompts to users
Support by:
AI RAG Injector icon

AI RAG Injector

Integrate RAG (retrieval-augmented generation) capabilities into your LLM application requests
Support by:
AI Rate Limiting Advanced icon

AI Rate Limiting Advanced

Provide rate limiting for AI providers defined in the AI plugins
Support by:
AI Request Transformer icon

AI Request Transformer

Use an LLM service to inspect and transform the client's request body prior to proxying the request to the upstream server
Support by:
AI Response Transformer icon

AI Response Transformer

Use an LLM service to examine the upstream HTTP(S) prior to forwarding it to the client
Support by:
AI Sanitizer icon

AI Sanitizer

Sanitize the PII information in requests before being proxied by the AI Gateway
Support by:
AI Semantic Cache icon

AI Semantic Cache

Enhance performance for AI providers by caching LLM responses semantically
Support by:
AI Semantic Prompt Guard icon

AI Semantic Prompt Guard

Semantically and intelligently create allow and deny lists of topics that can be requested across every LLM.
Support by:

Authentication

Basic Authentication icon

Basic Authentication

Add Basic Authentication to your services
Support by:
HMAC Auth icon

HMAC Auth

Add HMAC Authentication to your services
Support by:
Header Cert Authentication icon

Header Cert Authentication

Authenticate clients with mTLS certificates passed in headers by a WAF or load balancer
Support by:
JWE Decrypt icon

JWE Decrypt

Decrypt a JWE token in a request
Support by:
JWT icon

JWT

Verify and authenticate JSON Web Tokens
Support by:
Key Auth icon

Key Auth

Add key authentication to your Services
Support by:
Key Authentication - Encrypted icon

Key Authentication - Encrypted

Add key authentication to your services
Support by:
Kong JWT Signer icon

Kong JWT Signer

Verify and sign one or two tokens in a request
Support by:
LDAP Authentication icon

LDAP Authentication

Integrate Kong with an LDAP server
Support by:
LDAP Authentication Advanced icon

LDAP Authentication Advanced

Secure Kong with username and password protection, use LDAP search and service directory mapping
Support by:
Mutual TLS Authentication icon

Mutual TLS Authentication

Secure routes and services with client certificate and mutual TLS authentication
Support by:
OAuth 2.0 Authentication icon

OAuth 2.0 Authentication

Add OAuth 2.0 authentication to your service
Support by:
OAuth 2.0 Introspection icon

OAuth 2.0 Introspection

Integrate Kong with a third-party OAuth 2.0 Authorization Server
Support by:
OpenID Connect icon

OpenID Connect

Integrate Kong with a third-party OpenID Connect provider
Support by:
Portal Application Registration icon

Portal Application Registration

Allow portal developers to register applications against services
Support by:
SAML icon

SAML

Provides SAML v2.0 authentication and authorization between a service provider (Kong) and an identity provider (IdP)
Support by:
Session icon

Session

Support sessions for Kong authentication plugins.
Support by:
Upstream OAuth icon

Upstream OAuth

Configure Kong Gateway to obtain an OAuth2 token to consume an upstream API
Support by:
Vault Authentication icon

Vault Authentication

Add Vault authentication to your services
Support by:
Okta icon

Okta

Integrate Okta's API Access Management (OAuth as a Service) with Kong API Gateway
Support by:
Okta

Security

ACME icon

ACME

Let's Encrypt and ACMEv2 integration with Kong Gateway
Support by:
Bot Detection icon

Bot Detection

Detect and block bots or custom clients
Support by:
CORS icon

CORS

Allow developers to make requests from the browser
Support by:
IP Restriction icon

IP Restriction

Allow or deny IPs that can make requests to your services
Support by:
Injection Protection icon

Injection Protection

Detect and block injection attacks using regular expressions
Support by:
JSON Threat Protection icon

JSON Threat Protection

Apply size checks on JSON payload and minimize risk of content-level attacks
Support by:
OPA icon

OPA

Authorize requests against Open Policy Agent
Support by:
TLS Handshake Modifier icon

TLS Handshake Modifier

Requests a client to present its client certificate
Support by:
TLS Metadata Headers icon

TLS Metadata Headers

Proxies TLS client certificate metadata to upstream services via HTTP headers
Support by:
Imperva API Security icon

Imperva API Security

Integrate Kong Gateway with Imperva API Security to discover, monitor, and protect APIs
Support by:
Imperva
Traceable.ai icon

Traceable.ai

API security with inline request blocking and data capture
Support by:
Traceable.ai

Traffic Control

ACL icon

ACL

Control which consumers can access services
Support by:
Canary Release icon

Canary Release

Slowly roll out software changes to a subset of users
Support by:
Confluent Consume icon

Confluent Consume

Consume messages from Confluent Cloud Kafka topics and make them available through HTTP endpoints
Support by:
Forward Proxy Advanced icon

Forward Proxy Advanced

Allows Kong to connect to intermediary transparent HTTP proxies
Support by:
GraphQL Proxy Caching Advanced icon

GraphQL Proxy Caching Advanced

Cache and serve commonly requested responses in Kong
Support by:
GraphQL Rate Limiting Advanced icon

GraphQL Rate Limiting Advanced

Provide rate limiting for GraphQL queries
Support by:
Kafka Consume icon

Kafka Consume

Consume messages from Apache Kafka topics and make them available through HTTP endpoints
Support by:
Mocking icon

Mocking

Provide mock endpoints to test your APIs against your services
Support by:
OAS Validation icon

OAS Validation

Validate HTTP requests and responses based on an OpenAPI 3.0 or Swagger API Specification
Support by:
Proxy Cache icon

Proxy Cache

Cache and serve commonly requested responses in Kong
Support by:
Proxy Caching Advanced icon

Proxy Caching Advanced

Cache and serve commonly requested responses in Kong
Support by:
Rate Limiting icon

Rate Limiting

Rate limit how many HTTP requests can be made in a period of time
Support by:
Rate Limiting Advanced icon

Rate Limiting Advanced

Upgrades Kong Rate Limiting with more flexibility and higher performance
Support by:
Redirect icon

Redirect

Redirect incoming requests to a new URL
Support by:
Request Size Limiting icon

Request Size Limiting

Block requests with bodies greater than a specified size
Support by:
Request Termination icon

Request Termination

Terminates all requests with a specific response
Support by:
Request Validator icon

Request Validator

Validates requests before they reach the upstream service
Support by:
Response Rate Limiting icon

Response Rate Limiting

Rate limit based on a custom response header value
Support by:
Route By Header icon

Route By Header

Route request based on request headers
Support by:
Service Protection icon

Service Protection

Prevent abuse and protect services with absolute limits on the number of requests reaching the service
Support by:
Standard Webhooks icon

Standard Webhooks

Validate that incoming webhooks adhere to the Standard Webhooks specification, which Kong contributes to
Support by:
Upstream Timeout icon

Upstream Timeout

Set timeouts on routes and override service-level timeouts
Support by:
WebSocket Size Limit icon

WebSocket Size Limit

Block incoming WebSocket messages greater than a specified size
Support by:
WebSocket Validator icon

WebSocket Validator

Validate WebSocket messages before they are proxied
Support by:
XML Threat Protection icon

XML Threat Protection

Apply structural and size checks on XML payloads
Support by:

Serverless

AWS Lambda icon

AWS Lambda

Invoke and manage AWS Lambda functions from Kong
Support by:
Apache OpenWhisk icon

Apache OpenWhisk

Invoke and manage OpenWhisk actions from Kong
Support by:
Azure Functions icon

Azure Functions

Invoke and manage Azure functions from Kong
Support by:
Kong Functions (Post-Plugin) icon

Kong Functions (Post-Plugin)

Add and manage custom Lua functions to run after other plugins
Support by:
Kong Functions (Pre-Plugins) icon

Kong Functions (Pre-Plugins)

Add and manage custom Lua functions to run before other plugins
Support by:

Analytics & Monitoring

Dynatrace icon

Dynatrace

Set up Dynatrace with the OpenTelemetry plugin to send traces, metrics, and logs to Dynatrace
Support by:
AppDynamics icon

AppDynamics

Integrate Kong with the AppDynamics APM Platform
Support by:
Datadog icon

Datadog

Visualize metrics on Datadog
Support by:
OpenTelemetry icon

OpenTelemetry

Propagate spans and report space to a backend server through OTLP protocol.
Support by:
Prometheus icon

Prometheus

Expose metrics related to Kong and proxied upstream services in Prometheus exposition format
Support by:
StatsD icon

StatsD

Send metrics to StatsD
Support by:
StatsD Advanced icon

StatsD Advanced

(Deprecated) Send metrics to StatsD with more flexible options
Support by:
Zipkin icon

Zipkin

Propagate Zipkin spans and report space to a Zipkin server
Support by:

Transformations

Confluent icon

Confluent

Transform requests into Kafka messages in a Confluent topic.
Support by:
Correlation ID icon

Correlation ID

Correlate requests and responses using a unique ID
Support by:
DeGraphQL icon

DeGraphQL

Transform a GraphQL upstream into a REST API
Support by:
Exit Transformer icon

Exit Transformer

Customize Kong exit responses sent downstream
Support by:
Kafka Upstream icon

Kafka Upstream

Transform requests into Kafka messages in a Kafka topic.
Support by:
Request Callout icon

Request Callout

Call out to third-party APIs as part of request processing
Support by:
Request Transformer icon

Request Transformer

Use regular expressions, variables, and templates to transform requests
Support by:
Request Transformer Advanced icon

Request Transformer Advanced

Use powerful regular expressions, variables, and templates to transform API requests
Support by:
Response Transformer icon

Response Transformer

Modify the upstream response before returning it to the client
Support by:
Response Transformer Advanced icon

Response Transformer Advanced

Modify the upstream response before returning it to the client, with greater customization capabilities
Support by:
Route Transformer Advanced icon

Route Transformer Advanced

Transform routing by changing the upstream server, port, or path
Support by:
gRPC-Web icon

gRPC-Web

Allow browser clients to call gRPC services
Support by:
gRPC-gateway icon

gRPC-gateway

Access gRPC services through HTTP REST
Support by:
jq icon

jq

Transform JSON objects included in API requests or responses using jq programs.
Support by:

Logging

File Log icon

File Log

Append request and response data to a log file
Support by:
HTTP Log icon

HTTP Log

Send request and response logs to an HTTP server
Support by:
Kafka Log icon

Kafka Log

Publish logs to a Kafka topic
Support by:
Loggly icon

Loggly

Send request and response logs to Loggly
Support by:
Syslog icon

Syslog

Send request and response logs to Syslog
Support by:
TCP Log icon

TCP Log

Send request and response logs to a TCP server
Support by:
UDP Log icon

UDP Log

Send request and response logs to a UDP server
Support by:

Contact 3rd party for support

AWS Request Signing icon

AWS Request Signing

Sign requests with AWS SIGV4 and temp credentials for secure use of AWS Lambdas in Kong.
Support by:
The LEGO Group
Amberflo.io API Metering icon

Amberflo.io API Metering

API usage metering and usage-based billing.
Support by:
Amberflo.io Inc.
AppSentinels icon

AppSentinels

AppSentinels plugin for API security
Support by:
Appsentinels
Kong DataDome Plugin icon

Kong DataDome Plugin

DataDome's bot and online fraud protection detects and mitigates attacks on mobile apps, websites, and APIs with unparalleled accuracy and zero compromise.
Support by:
DataDome
Impart Security icon

Impart Security

Integrate Impart Security's WAF and API security protection platform with Kong.
Support by:
Impart Security
Imperva API Security icon

Imperva API Security

Integrate Kong Gateway with Imperva API Security to discover, monitor, and protect APIs
Support by:
Imperva
Inigo GraphQL icon

Inigo GraphQL

Integrate Kong API Gateway with Inigo GraphQL Observability and Security
Support by:
Inigo
Moesif API Monetization and Analytics icon

Moesif API Monetization and Analytics

Powerful API analytics and usage-based billing to monetize APIs
Support by:
Moesif
Noname Security Kong Traffic Source icon

Noname Security Kong Traffic Source

Noname Security machine learning & prevention blocking for Kong API Gateway discovery
Support by:
Noname Security
Okta icon

Okta

Integrate Okta's API Access Management (OAuth as a Service) with Kong API Gateway
Support by:
Okta
Kong Response Size Limiting icon

Kong Response Size Limiting

Block responses with bodies greater than a specified size
Support by:
Optum
Kong Service Virtualization icon

Kong Service Virtualization

Mock virtual API request and response pairs through Kong Gateway
Support by:
Optum
Kong Spec Expose icon

Kong Spec Expose

Expose OAS/Swagger/etc. specifications of auth protected APIs proxied by Kong
Support by:
Optum
Kong Splunk Log icon

Kong Splunk Log

Log API transactions to Splunk using the Splunk HTTP collector
Support by:
Optum
Kong Upstream JWT icon

Kong Upstream JWT

Add a signed JWT into the header of proxied requests
Support by:
Optum
Salt Security icon

Salt Security

Integrate Kong API Gateway with Salt Security Discovery & Prevention for API-based apps
Support by:
Salt Security
Wallarm icon

Wallarm

Wallarm is AI-Powered Security Platform for protecting microservices and APIs
Support by:
Wallarm