Kong – A must have API management solution

Integration of APIs during development is not a new venture. APIs augments innovation and unlocks new business opportunities. Tech giants, for example, eBay, Netflix, Expedia, mobile.de, etc., have jumped on API bandwagon to ensure the continuity of development models.  

Now, a number of vendors, for example, IBM, Oracle, or MuleSoft, offer API management solutions while allying them with their existing ecosystem of enterprise products.  

This post comprehensively covers and introduces you to Kong- a robust API management solution.  

What is Kong?

Kong is a versatile, service mesh for Microservices, or open source API Platform, or API Middleware. Originally, Kong is a product of Kong Inc., earlier called Mashape. The API gateway manages, secures, and extends over 15,000 Microservices for its API Marketplace. Kong is an open source, cloud-native API platform that fits gracefully into the Kubernetes ecosystem. It is built on an established, low latency, open source proxy and can be deployed as a gateway to manage ingress traffic, a service mesh to connect microservices or both. Kong itself can be configured entirely using Kubernetes Custom Resources with the Kubernetes Ingress controller.

How does it work?

Kong is composed of two different parts that can be easily set up.

  • The Kong Server processes API requests and is based on a modified version of the NGINX server.
  • Apache Cassandra is an advanced Datastore for storing any type of operational data. Some of the major companies that use it are Netflix, Comcast and Facebook.

Both of these components should be operational to begin with Kong. Look at the picture below and understand the installation of Kong.  

Kong Server

The Kong Server is based on NGINX that processes the API requests and presents the configured plugins to embed more functionalities in the underlying APIs prior to proxying the request to the destination. 

The two ports that the Proxy Server listens on are: 

  • Port 8000 actually processes the API requests.
  • Admin API port or Port 8001 provides developers with the Kong’s RESTful Admin API to operate Kong.

The admin port plays a major role in the configuration of Kong, and moreover, you can create new users while installing or removing plugins.  

Your developers can easily set up Kong no matter whether they have a strong technical background or not. Softobiz has years of experience in building API gateways. In case you have any query, feel free to reach us out.  

How Kong steps you up from the redundant way of development.  

Kong, an API gateway, is a solution that helps a DevOps team to achieve their end goals of software development. The first stable version of Kong is a cornerstone of a ‘service control platform.’ It has become one such tool for developers, DevOps engineers, and architects that allow comprehensive infrastructure management.  Its integrated approach enables you to control APIs, manage security permissions, and make the most of artificial intelligence for analytics and automation.  

 Though Kong has been downloaded by more than 45 million times, 1.0 is still being the first and latest version, since this open source service platform is feature-loaded, which involves support for Kubernetes Ingress controller, service mesh patterns, and API compatibility to future releases. Being a microservices API gateway, it can deal with sub-millisecond response times that is certainly not possible to achieve using any legacy API management platform, based on a local data center or cloud.   

The deployment of Kong is way easy as you can deploy it on-premises or in public clouds depending on virtual machines, Kubernetes or bare-metal servers. This allows development teams to manage or provide services anytime, anywhere no matter how you have deployed Kong. The most interesting aspect of Kong is a Kong Brain function that accounts for machine learning algorithms to regulate the flow of data traffic between services.

A directory of Kong Plugins

Softobiz has built a ton of applications using Kong API management gateway. We are well aware of the plugin infrastructure that this open source solution encompasses. We continuously explore different approaches to API management solutions, and when it comes to Kong, we have found 313plugins broken down into 4 categories. 

Let’s discuss each step by step.

Logging 

  • TCP – You can request and response logs to a TCP server
  • UDP – You can send request and response logs to a UDP server
  • File – Response data to a log file on disk
  • StatsD – You can send request and response logs to StatsD
  • Syslog – You can send request and response logs to Syslog
  • Loggly – You can send request and response logs to Loggly

Authentication 

  • Basic Authentication – APIs contain a basic authentication feature.
  • Key Authentication – You can add a key authentication to your APIs.
  • OpenID Connect 1.0 RP – The integration of Kong with a third-party OpenID Connect 1.0 Provider.
  • OAuth 2.0 Authentication – You can integrate OAuth 2.0 authentication to your APIs.
  • OAuth 2.0 Introspection – the integration of Kong with a third-party OAuth 2.0 Authorization Server
  • HMAC Authentication – You can add HMAC Authentication to your APIs
  • JWT – Authenticate and verify JSON Web Tokens
  • LDAP Authentication – Integrate Kong with a LDAP server
  • Security – Protect your services with additional security layer
  • ACL – Manage and authenticate access to APIs
  • CORS – Developers can make request from the browser
  • Dynamic SSL – Integrate an SSL certificate for the service
  • IP Restriction – Whitelist or blacklist IPs that can make requests
  • Bot Detection – You can detect bots.

Traffic Control 

  • Canary Release – Easily implement software changes
  • Forward Proxy – Kong can easily connect to HTTP proxies
  • Proxy Caching – Cache and serve can request responses in Kong
  • Request Size Limiting – Block requests greater than the standard size
  • Rate Limiting – Limit the number of HTTP requests a developer can make
  • Response Rate Limiting – A custom response header value accounts for Response Rate Limiting
  • Request Termination – Prevents all requests with a specific response.

Transformations 

  • Request Transformer:- Modify the request before hitting the upstream server.
  • Request Transformer:- Transform your API requests using regular expressions, variables, and templates.
  • Response Transformer:- Modify the upstream response before returning it to the client.
  • Correlation ID:- Correlate requests and responses using a unique ID

Kong is all about customized plugins

Yes, Kong allows you to create your own plugins in it. Since I have already covered what Kong is, and how it integrated with Nginx, it’s time to talk about Lua, a programming language.  

Kong is built on an extension of Nginx, OpenResty. Lua scripts extend Nginx with the help of the ngx_lua module. Rather than integrating Nginx with this module, Kong is distributed along with OpenResty encompassed with lua-nginx-module. OpenResty is not a division of Nginx, but a bunch of modules. 

To put it simply, Kong is an application based on Lua and, therefore, Kong is capable of executing Lua modules or plugins.  

Kong loads and executes your plugin that consists of Lua modules and, moreover, your plug in receives benefits from two APIs.  

  • lua-nginx-module API: The API object mentions an API that Kong exposes. Whenever a user calls an API from the proxy part, Kong should know about it and be able retrieve the API. Each API represent specific related to hosts, uris, and methods.
  • Kong’s plugin environment::- As the name specifies, the Consumer object specifies a consumer or a user of an API. You can even use Kong as your primary database, or you can sync the consumer list with your database to avoid any inconsistency between Kong and your existing primary datastore.

Developers can write codes in the luanginx-module contexts. The handler.lua file contains each function to be implemented. Execution occurs when the context is reached for a request: 

Custom authentication plugin using JWT token

JWTs helps in data transfer securely between two parties. It plays a major role in authentication. After authentication using a username and password, the user can return a JWT, created by the party dealing with the request, which it must provide you with during future requests. Identity of a user can be unveiled by decoding the JWT after receiving the application on the receiving end of future requests. Tampering with the JWT results in the rejection of requests.

Softobiz leverages Kong API Gateway that works the same due to its association with official Kong JWT authentication plugin. After issuing and verifying JWTs, it adds an X-Consumer-Custom-ID or X-Consumer-Username variable to the upstream service. 

How Kong helps you in the deployment of your APIs.  

Kong provides you with enterprise level support during the deployment of APIs.  

  • API Routing:- The API object mentions an API that Kong exposes. Whenever a user calls an API from the proxy part, Kong should know about it and be able retrieve the API. Each API represent specific related to hosts, uris, and methods.
  • Consumers:- As the name specifies, the Consumer object specifies a consumer or a user of an API. You can even use Kong as your primary database, or you can sync the consumer list with your database to avoid any inconsistency between Kong and your existing primary datastore.
  • Certificates:- A private key pair for an SSL certificate is what a certificate object defines.
  • Upstream Object:- The upstream object describes the proxy of incoming requests that are represented by a virtual hostname.
  • Target Object:– The target object describes the implantation of services that are particularly identified by a hostname and a port. You can easily add or disable targets of every upstream.
  • Plugin Object:– The plugin object accounts for pluggable features to embed latest functionalities in the application during the development period. Developers can take advantage of plugins for API authentication and rate limiting features.
  • Admin API:– RESTful API endpoints used to manage Kong configurations, endpoints, consumers, plugins, and so on.

Features of Kong  

  • The API Gateway :-  A DevOps Team can easily develop API-centric applications by taking advantage of the latest microservice and container design patterns.   
  • Radically Extensible:- It includes on the go plugins that add robust functionality to your APIs and applications.  
  • Inexorable:- For all your virtual requests, Kong grants you sub-millisecond latency.   
  • Open Source:- Being an open source platform, thousands of developers have embraced Kong microservice API gateway.   
  • Platform Agnostic :– From a single instance to global clusters, and from cloud to other platforms, Kong supports everything.   
  • Cloud Native :– Highly flexible with microservices, containers, and orchestration.  
  • Robust Interface:– Built on NGINX, Kong operates through a simple API. Tons of API management solutions are available out there, though Kong is a leader.  In case you have any questions related to Kong, contact us. Softobiz has experts onboard who can offer you API oriented solutions