Overview

    Kong Enterprise offers access to 400+ out-of-box enterprise and community plugins. It offers exclusive versions of OSS plugins like the Rate Limiting Advanced plugin with added functionality such as the use of consumer groups, and database specific strategy. It also provides Enterprise-exclusive functionality, such as authentication with , which lets you standardize identity provider (IdP) integrations.

    Kong Enterprise also natively supports gRPC and REST, WebSockets, and integrates with Apollo GraphQL server and Apache Kafka services. These plugins can be leveraged to provide advanced connectivity features and solutions to Kong Gateway such as:

    Get started with plugins →

    Dev Portal

    The Dev Portal provides a single source of truth for all developers to locate, access and consume APIs, similar to a traditional API catalog. Dev Portal streamlines developer onboarding by offering a self-service developer experience to discover, register, and consume published services from Kong Gateway. This customizable experience can be used to match your own unique branding and highlights the documentation and interactive API specifications of your services. In addition, you can secure your APIs with a variety of authorization providers by enabling application registration.

    Learn more about Dev Portal →

    Monitoring and analytics

    The Vitals platform provides deep insights into services, routes, and application usage data. You can view the health of your API products with custom reports and contextual dashboards, and you can enhance the native monitoring and analytics capabilities with Kong Gateway plugins that enable streaming monitoring metrics to third-party analytics providers, such as Datadog and .

    Start monitoring with Vitals →

    Role-based access control (RBAC)

    Kong Enterprise lets you configure users, roles, and permissions with built-in role-based access control (RBAC). With RBAC, you can streamline developer onboarding, and create apply fine-grained security and traffic policies using the Admin API, or .

    Manage teams with RBAC →

    To configure secrets management, Kong Gateway consumes your key for the backend provider, authenticates with the backend provider, and uses the backend to centrally manage and store application secrets, sensitive data, passwords, keys, certifications, tokens, and other items.

    Keyring and data encryption

    Keyring and data encryption functionality provides transparent, symmetric encryption of sensitive data fields at rest. When enabled, Kong Gateway encrypts and decrypts data immediately before writing, or immediately after reading, from the database. Responses generated by the Admin API that contain sensitive fields continue to show data as plaintext, and Kong Gateway runtime elements (such as plugins) that require access to sensitive fields do so transparently, without requiring additional configuration.

    Kong Gateway allows you to store sensitive data fields, such as consumer secrets, in an encrypted format within the database. This provides encryption-at-rest security controls in a Kong Gateway cluster.

    Audit logging

    Kong Gateway provides granular logging of the Admin API. You can keep detailed track of changes made to the cluster configuration throughout its lifetime, for compliance efforts and for providing valuable data points during forensic investigations. Generated audit log trails are and RBAC-aware, providing Kong Gateway operators a deep and wide look into changes happening within the cluster.

    FIPS support

    Kong Enterprise features a self-managed FIPS 140-2 gateway package, making it ideal for highly regulated industries with strict compliance and security considerations. Compliance with this standard is typically required for working with U.S. federal government agencies and their contractors.

    Dynamic plugin ordering

    Dynamic plugin ordering allows you to override the priority for any Kong Gateway plugin using each plugin’s field. This determines plugin ordering during the access phase and lets you create dynamic dependencies between plugins.

    Event hooks

    Event hooks are outbound calls from Kong Gateway. With event hooks, the Kong Gateway can communicate with target services or resources, letting the target know that an event was triggered. When an event is triggered in the Kong Gateway, it calls a URL with information about that event. Event hooks add a layer of configuration for subscribing to worker events using the admin interface.

    In Kong Gateway, these callbacks can be defined using one of the following handlers:

    • webhook
    • webhook-custom
    • log
    • lambda

    You can configure event hooks through the Admin API.

    Consumer groups

    You can use consumer groups to manage custom rate limiting configuration for subsets of consumers. With consumer groups, you can define any number of rate limiting tiers and apply them to subsets of consumers, instead of managing each consumer individually.

    For example, you could define three consumer groups:

    • A “gold tier” with 1000 requests per minute
    • A “silver tier” with 10 requests per second

    See Plugin Compatibility for more information about Enterprise-only plugins.