Kong Gateway: Open Source vs Enterprise
Kong Gateway (OSS): An open-source package containing the basic API gateway functionality and open-source plugins. You can manage the open-source Gateway with Kong’s Admin API, Kong Manager Open Source, or with declarative configuration.
Kong Gateway Enterprise (available in Free or Enterprise mode): Kong’s API gateway with added functionality.
- In Free mode, this package adds Kong Manager
- With an Enterprise subscription, it also includes:
- RBAC
- Enterprise plugins
| Open Source | Enterprise | |
|---|---|---|
| Fast, Lightweight, Cloud-Native API Gateway | ||
| End-to-End Automation Drive a GitOps flow of API design and execution | ||
| Kong Ingress Controller Deploy APIs to Kubernetes in a native fashion. | ||
| Gateway Mocking Mock API responses directly on the API gateway. | ||
| Kong Manager: Admin GUI Visually manage Kong cluster, plugins, APIs, and consumers. | ||
| Basic Traffic Control Plugins Manage ACME certificates, basic rate limiting, and lightweight caching. | ||
| Simple Data Transformations Add or remove headers, JSON data, or query strings. | ||
| gRPC Transformations Translate requests from gRPC-Web and REST to backend gRPC services. | ||
| GraphQL Convert GraphQL queries to REST requests. Rate limit and cache GraphQL queries. | ||
| Request Validation Validate requests using either Kong’s own schema validator or a JSON Schema Draft 4-compliant validator. | ||
| jq Transformations Advanced JSON transformations of requests or responses with the ability to chain transformations. | ||
| Advanced Caching Cache responses and optimize for high scale by integrating distributed backends | ||
| Advanced Rate Limiting Enterprise-grade rate limiting with sliding window controls | ||
| Authentication Common methods of API authentication - Basic Auth, HMAC, JWT Key Auth, limited OAuth 2.0, limited LDAP | ||
| Advanced Authentication Enterprise-grade API authentication - Full OAuth 2.0, OpenID Connect, Vault, mutual TLS, JWT signing/resigning, full LDAP | ||
| Role-Based Access Control (RBAC) Control gateway configurations based on a user’s role in the organization | ||
| Basic Authorization (Bot Detection, CORS controls, ACLs) Control access to APIs by rules of user behavior and control lists | ||
| Advanced Authorization (OPA) Control access to APIs with complex, programmable, enterprise-wide rules | ||
| Secret Management Encrypt sensitive keys, certificates, and passwords | ||
| FIPS 140-2 Support Kong Gateway now provides a FIPS mode, which at its core uses the FIPS 140-2 compliant BoringCrypto for cryptographic operations. | ||
| Signed Kong Images Kong Gateway container images are signed and verifiable in accordance with SLSA guidelines. | ||
| Kong Images Build Provenance Kong Gateway container images generate build level provenance and are verifiable in accordance with SLSA guidelines. | ||
| Simple logging Send basic API gateway logs - File logging, HTTP logging, basic StatsD, TCP/UDP logging | ||
| API Analytics Natively analyze requests and responses flowing through the API gateway | ||
| Gateway Event Hooks Automatically log out or send web hooks on changes to the gateway, such as administrators added or rate limits exceeded | ||
| Multi-LLM support Switch between different AI providers and models without having to change your application code | ||
| AI traffic control Proxy AI traffic through the Kong Gateway and manage it with AI plugins | ||
| AI prompt security Enforce secure and compliant AI prompts with the AI Prompt Decorator, AI Prompt Guard, and AI Prompt Template plugins | ||
| AI observability Collect metrics from AI traffic, and use any Kong Gateway logging plugin to send it to your logging provider of choice | ||
| Enterprise support 24/7 x 365 technical support SLAs | ||
| Security CVE and Bug Fix Backports | ||
| Performance Tuning Guidance | ||
| Customer Success Packages - Add-on Accelerate time to value with dedicated Technical Account Managers and Field Engineers |