In a previous blog post, we discussed the prevalence of bearer tokens (or access tokens) to restrict access to protected resources, the challenges the sheer nature of bearer tokens present, and available mitigations. To recap, presenting a bearer token is proof enough of an authorization grant to avail the service and access resources protected by the token. This poses many security risks such as using stolen or leaked tokens to gain unauthorized access.

In this article, we'll talk about our experience implementing a design system at Kong. We'll go over the reasons why we decided we needed one in the first place, where we started, and how we got to where we are today. We'll also cover the technology we used and how it has transformed software development at Kong. Whether you have plenty of experience with design systems or are looking to get started with one, we hope you will find this article helpful and informative.

Today, we're pleased to announce another packed release for Kong Insomnia with many new features and improvements.

Developer operational efficiency is crucial for streamlining API management processes and empowering development teams to work more effectively. In this blog post, we'll explore three key tips to unlock developer operational efficiency — leveraging API documentation and self-service credential management, automating API lifecycle management, and optimizing resources and performance — using Kong Konnect and Kong Kubernetes Ingress Controller (KIC).

OAuth 2.0 is the current gold standard for secure delegated authorization. The reason is simple: OAuth puts control back in the hands of the users. It enables users to securely grant access to their resources without having to share passwords with third-party applications. Hence, it's one of the most widely adopted standards in the industry.

Kong Ingress Controller (KIC) 3.2 is here, and it’s an incredible release. It contains features related to graph theory, features that mean you’ll never need a database again, and a whole host of quality-of-life fixes.

The JSON Web Token (JWT) is an open standard that allows information to be transferred securely between different parties. The token is digitally signed by using a private key (HMAC) or a public/private key (RSA) by building a JSON Web Signature (JWS). It guarantees that the JWT hasn’t been modified since its creation.

Two of the main tenets of Zero Trust are encryption between services and managing the connections each service is allowed to use. Achieving this generally falls to running a service mesh in a Kubernetes cluster. Refactoring applications to run properly in Kubernetes takes time and considerable investment. For many organizations, running their applications on virtual machines will be a necessity for years to come. However, this doesn't mean security should fall behind.

As organizations build more APIs, manual processes and frequent handoffs in the API development workflow can lead to a slower time to market, higher development costs, and poor-quality APIs. They can also result in APIs being poorly documented, causing poor API adoption and lower revenues. APIOps aims to address these issues by automating the entire API lifecycle, leveraging DevOps and GitOps principles. But what is DevOps, and what is GitOps?

The concept of insurance predates the printing press and the steam engine. So it's likely no surprise that the industry — as obviously adaptable as it is — often faces challenges related to the modernization of legacy systems. In the age of AI and APIs (application programming interfaces), streamlining operations and modernizing are paramount to success.