DEV Community

Alex Spinov
Alex Spinov

Posted on

Kong Gateway Has a Free API: The API Gateway That Handles Authentication, Rate Limiting, and Routing in One Place

#kong #api #gateway #devops

Every API needs authentication, rate limiting, and routing. You can build these yourself, or you can use Kong — the most popular open-source API gateway that handles all of it with zero custom code.

What Is Kong Gateway?

Kong is an open-source API gateway built on nginx and OpenResty. It sits in front of your APIs and handles cross-cutting concerns: authentication, rate limiting, request transformation, logging, and more. You configure everything through a REST Admin API.

The Free API

Kong Gateway OSS is completely free:

  • Admin API: Full REST API for managing routes, services, and plugins
  • 50+ plugins: Auth, rate limiting, caching, logging, transformations
  • DB-less mode: Run without a database using declarative config
  • Multi-protocol: HTTP, gRPC, WebSocket, TCP/UDP
  • Plugin development kit: Build custom plugins in Lua, Go, Python, or JavaScript

Quick Start

Run Kong with Docker:

# Start Kong in DB-less mode
docker run -d --name kong \
  -e KONG_DATABASE=off \
  -e KONG_DECLARATIVE_CONFIG=/etc/kong/kong.yml \
  -e KONG_PROXY_ACCESS_LOG=/dev/stdout \
  -p 8000:8000 -p 8001:8001 \
  -v $(pwd)/kong.yml:/etc/kong/kong.yml \
  kong:latest
Enter fullscreen mode Exit fullscreen mode

Declare your routes:

_format_version: "3.0"
services:
  - name: user-service
    url: http://user-api:3000
    routes:
      - name: user-routes
        paths: ["/users"]
    plugins:
      - name: rate-limiting
        config:
          minute: 100
          policy: local
      - name: key-auth
        config:
          key_names: ["apikey"]

  - name: order-service
    url: http://order-api:3001
    routes:
      - name: order-routes
        paths: ["/orders"]
    plugins:
      - name: rate-limiting
        config:
          minute: 50
Enter fullscreen mode Exit fullscreen mode

Or use the Admin API:

# Add a service
curl -X POST http://localhost:8001/services \
  -d name=my-api \
  -d url=http://backend:3000

# Add a route
curl -X POST http://localhost:8001/services/my-api/routes \
  -d paths[]=/api/v1

# Enable rate limiting
curl -X POST http://localhost:8001/services/my-api/plugins \
  -d name=rate-limiting \
  -d config.minute=100

# Enable API key auth
curl -X POST http://localhost:8001/services/my-api/plugins \
  -d name=key-auth
Enter fullscreen mode Exit fullscreen mode

Why Teams Choose Kong

A healthcare startup had 12 microservices, each implementing its own auth and rate limiting. Every service had slightly different implementations, and bugs in one service auth did not get fixed in others. After putting Kong in front of all services, they deleted thousands of lines of auth code and got consistent security policies across every endpoint.

Who Is This For?

  • Backend teams needing API gateway features without building them
  • Platform engineers standardizing API security across services
  • Startups wanting production-grade API management for free
  • Enterprise teams migrating from expensive API management platforms

Start Using Kong

Kong gives you enterprise API gateway features with zero licensing cost. One gateway, all your APIs, consistent security and observability.

Need help setting up API infrastructure or microservices? I build custom backend solutions — reach out to discuss your project.

Found this useful? I publish daily deep-dives into developer tools and APIs. Follow for more.

Top comments (0)