Modern software design relies heavily on distributed systems architecture, requiring all APIs to be robust and secure. GraphQL is no exception and is commonly served over HTTP, subjecting it to the same management concerns as any REST-based API. In fact, GraphQL’s dynamic client querying capabilities may lead to more complex and potent attack surfaces than traditional REST-based APIs.

Everyone’s talking AI — or artificial intelligence. But much of that talk falls into one of two extremes: AI will fix everything or AI will ruin everything.

With Kong Insomnia 8.3 (available today) we’ve brought back 100% local storage with no cloud synchronization for your projects, while at the same time keeping the same workflow for users who want to collaborate in the cloud. To start using Local Vault, get started for free with Insomnia.

For the fourth year in a row year, we’re thrilled to announce that Kong has been recognized as a Leader in the Gartner Magic Quadrant for API Management. We believe this recognition reinforces our commitment to our customers, who rely on Kong’s unified cloud API platform to deliver fast, reliable, and secure digital experiences.

As businesses expand and gain visibility, it’s natural that their API attack surfaces become more exposed — increasing the risk of dangerous data breaches. Protecting cloud communications and securing data in transit should be your organization’s top priority. API authentication mechanisms help ensure that only valid users can access your application's features and services, and these mechanisms should be tailored to fit your specific needs.

In today’s modern digital environment, more organizations are relying on remote work than ever before. While this shift has given companies unprecedented flexibility when it comes to deploying their workforce, it has also presented challenges in keeping their devices, operations, and personnel protected, especially in regard to API security. Without proper oversight, attackers can access your organization’s server by exploiting such security vulnerabilities.

When it comes to digital identity, OpenID and OAuth are two peas in a pod, but they have their differences. OpenID connects you to relying parties using a single sign-on, while OAuth grants access tokens so you can give apps limited access. They both make authentication simple, seamless, and secure. However, don't be fooled: behind the scenes, they're as different as night and day. OpenID is about logging you in, while OAuth is all about letting apps in.

The Kong Gateway CI was failing intermittently (about once every 100 runs) on the ARM64 platform with a strange error: “attempt to perform arithmetic on local 'i' (a function value)”. The variable i in the context is an integer but at runtime, it was sometimes a function value. This is caused by an error in the LuaJIT ARM64 JIT compiler. We’ve investigated and found the issue and the fix is merged in the LuaJIT upstream. This document describes how we fixed the error.

API Summit 2023 has just concluded, with awesome announcements including the launch of Kong Mesh in Konnect, and Dedicated Cloud Gateways. In addition to launching new capabilities, we also ensured that our existing products continue to grow and deliver value. With that in mind, I’m pleased to announce the immediate availability of Kong Ingress Controller 2.12.

Picture this: You're building the next generation of microservices architecture in your organization. The orchestration is in place, containers are humming, and you've chosen Kong Gateway (naturally) to manage the APIs, ensuring smooth communication. But then, you hit a snag. You need a custom filter not part of the standard library of plugins, or you envision a unique way to manipulate, observe, or control the traffic.