We are spending more time thinking about the Kong API management gateway, and the plugin infrastructure that exists within the open source/enterprise solution. We are interested in the type of API plugins that are available, but also the infrastructure that supports the plugin layer of the solution. We are exploring the different approaches from each of the API management providers, and want to understand the opportunity for Streamdata.io to offer its services here, but also consider delivering APIs that we are profiling as part of our Streamdata.io API Gallery work.
To begin, we wanted to look at what types of plugins were already available in the Kong directory-we found 313plugins broken down into 4 categories:
Authentication
– Basic Authentication – Add basic Authentication to your APIs
– Key Authentication – Add a key authentication to your APIs
– OpenID Connect 1.0 RP – Integrate Kong with a third-party OpenID Connect 1.0 Provider
– OAuth 2.0 Authentication – Add an OAuth 2.0 authentication to your APIs
– OAuth 2.0 Introspection – Integrate Kong with a third-party OAuth 2.0 Authorization Server
– HMAC Authentication – Add HMAC Authentication to your APIs
– JWT – Verify and authenticate JSON Web Tokens
– LDAP Authentication – Integrate Kong with a LDAP server
– Security – Protect your services with additional security layers:
– ACL – Control which consumers can access APIs
– CORS – Allow developers to make requests from the browser
– Dynamic SSL – Add an SSL certificate for an underlying service
– IP Restriction – Whitelist or blacklist IPs that can make requests
– Bot Detection – Detect and clock bots or custom clients
Traffic Control
– Canary Release – Slowly roll out software changes to a subset of users
– Forward Proxy – Allows Kong to connect to intermediary transparent HTTP proxies
– Proxy Caching – Cache and serve commonly requested responses in Kong
– Request Size Limiting – Block requests with bodies greater than a specific size
– Rate Limiting – Upgrades Kong Community Edition rate limiting with more flexibility and higher performance
– Rate Limiting – Rate-limit how many HTTP requests a developer can make
– Response Rate Limiting – Rate-Limiting based on a custom response header value
– Request Termination – Terminates all requests with a specific response
Transformations
– Request Transformer – Modify the request before hitting the upstream server
– Request Transformer – Use powerful regular expressions, variables, and templates to transform API requests
– Response Transformer – Modify the upstream response before returning it to the client
– Correlation ID – Correlate requests and responses using a unique ID
Logging
– TCP – Send request and response logs to a TCP server
– UDP – Send request and response logs to a UDP server
– HTTP – Send request and response logs to an HTTP server
– File – Append a request and response data to a log file on disk
– StatsD – Send request and response logs to StatsD
– Syslog – Send request and response logs to Syslog
– Loggly – Send request and response logs to Loggly
Providing a pretty interesting stack of plugins that can be implemented at the API management layer. Demonstrating what users have been asking for, and what plugins were prioritized by the platform, and the 3rd party developers delivering plugins at this layer. Additionally, we spent some time looking at the suggested plugins on the Kong forum, learning about what has been asked for, but not developed and published as part of the Kong plugin directory. Showing what types of open source and enterprise grade plugins the community is interested in.
After looking at the existing plugins, and learning about the suggested plugins from the community, we wanted to learn more about how Kong plugins can be developed. Building on what we’ve learned from doing our earlier Kong, Hello World plugin, and taking a fresh look at what is possible. The Kong plugin environment is a Lua Nginx environment, allowing developers to create Lua modules that deliver the expected plugin functionality and inject different features and functionality at the API management layer. The Lua Nginx environment allows for the interaction with Nginx, which is the Kong engine, allowing for the retrieval of the request or response, accessing Nginx’s shared memory zone, and allowing for interaction with the data store holding the Kong environment.
As we were researching the subject, we found a couple of interesting stories, including our own previous post on creating a hello world plugin:
– 10 Tips for Developing Your First Kong Plugin
– Developing A Hello World Kong Plugin
– Configuring Kong Plugins
We are working our way through each of the leading API management platforms out there, understanding the different approaches to allowing providers and developers to extend the platform–allowing for customized functionality at the API management layer. Opening up a world of possibility at the intersection of API deployment and integration, making Kong and other platforms much more powerful than they can ever achieve on their own. Which we also see as an opportunity for API service providers like us to help deliver more value to API providers and consumers within the existing platforms they depend on.