Articles related to
API Gateway

Part 1: Brief Product Introduction

Kong Gateway is a lightweight, fast, and flexible API Gateway. It acts as an intermediary between API providers and consumers, enabling them to communicate based on policies. It also provides observability features, allowing to track API usage and performance. Overall it is a convincing and outstanding product which is briefly introduced in the following blog.

15.05.2023

Alexander Suchier

Part 2: Log Chunking

In the last blog, I briefly introduced Kong as a sophisticated API gateway product. This time, I will discuss a problem related to logging message size limitation and offer a solution. This problem significantly limits root cause analysis and ultimately solution development.

25.10.2023

Alexander Suchier

Part 6: Token Validation

This time we discuss token validation in the context of the Kong Gateway, covering topics such as OpenID Connect, OAuth 2.0, and Zero-Trust Architecture. The article explains the different types of tokens, the benefits of offline validation, and the various Kong plugins that support token validation. The article notes that architectural trade-offs may be required regarding revocation and fine-grained authorization validation, and concludes that Kong Gateway offers ample options for token validation, including the ability to write custom plugins.

06.06.2024

Alexander Suchier

Part 7: Token Cloning

Building on the previous post, we discuss an architectural pattern for token handling called ’therapeutic token cloning’, which is particularly effective in environments that use multiple identity and access management products. The pattern involves duplicating, correcting, and then re-signing access tokens to make them functional and more secure. This article details the steps involved in the token cloning process, as well as the pros and cons of this approach.

03.07.2024

Alexander Suchier