Systems | Development | Analytics | API | Testing

The router component in the Kong Gateway is a crucial element for traffic handling, allowing the definition of specific matching rules to identify and process client requests. As a core component of the gateway, the router plays a vital role in ensuring the functionality, flexibility, security as well as performance of the gateway.

Efficiently managing your developer portal is critical in productizing your APIs quickly and reliably. A streamlined developer portal ensures that your APIs are easily accessible, well-documented, and secure — driving higher adoption and easier integration. With the increasing demand for APIs across business units, brands, partners, and more, a single developer portal often falls short for both the API owner and the consumers by introducing complexity and slowing productization efforts.

In a previous blog post, we discussed the prevalence of bearer tokens (or access tokens) to restrict access to protected resources, the challenges the sheer nature of bearer tokens present, and available mitigations. To recap, presenting a bearer token is proof enough of an authorization grant to avail the service and access resources protected by the token. This poses many security risks such as using stolen or leaked tokens to gain unauthorized access.

In this article, we'll talk about our experience implementing a design system at Kong. We'll go over the reasons why we decided we needed one in the first place, where we started, and how we got to where we are today. We'll also cover the technology we used and how it has transformed software development at Kong. Whether you have plenty of experience with design systems or are looking to get started with one, we hope you will find this article helpful and informative.

Today, we're pleased to announce another packed release for Kong Insomnia with many new features and improvements.

Developer operational efficiency is crucial for streamlining API management processes and empowering development teams to work more effectively. In this blog post, we'll explore three key tips to unlock developer operational efficiency — leveraging API documentation and self-service credential management, automating API lifecycle management, and optimizing resources and performance — using Kong Konnect and Kong Kubernetes Ingress Controller (KIC).

OAuth 2.0 is the current gold standard for secure delegated authorization. The reason is simple: OAuth puts control back in the hands of the users. It enables users to securely grant access to their resources without having to share passwords with third-party applications. Hence, it's one of the most widely adopted standards in the industry.

Kong Ingress Controller (KIC) 3.2 is here, and it’s an incredible release. It contains features related to graph theory, features that mean you’ll never need a database again, and a whole host of quality-of-life fixes.

The JSON Web Token (JWT) is an open standard that allows information to be transferred securely between different parties. The token is digitally signed by using a private key (HMAC) or a public/private key (RSA) by building a JSON Web Signature (JWS). It guarantees that the JWT hasn’t been modified since its creation.

Two of the main tenets of Zero Trust are encryption between services and managing the connections each service is allowed to use. Achieving this generally falls to running a service mesh in a Kubernetes cluster. Refactoring applications to run properly in Kubernetes takes time and considerable investment. For many organizations, running their applications on virtual machines will be a necessity for years to come. However, this doesn't mean security should fall behind.