Kong Gateway: Open Source vs Enterprise
Kong Gateway (OSS): An open-source package containing the basic API gateway functionality and open-source plugins. You can manage the open-source Gateway with Kong’s Admin API, Kong Manager Open Source, or with declarative configuration.
Kong Gateway Enterprise (available in Free or Enterprise mode): Kong’s API gateway with added functionality.
- In Free mode, this package adds Kong Manager
- With an Enterprise subscription, it also includes:
- RBAC
- Enterprise plugins
Open Source | Enterprise | |
---|---|---|
Fast, Lightweight, Cloud-Native API Gateway | ||
End-to-End Automation Drive a GitOps flow of API design and execution | ||
Kong Ingress Controller Deploy APIs to Kubernetes in a native fashion. | ||
Gateway Mocking Mock API responses directly on the API gateway. | ||
Kong Manager: Admin GUI Visually manage Kong cluster, plugins, APIs, and consumers. | ||
Basic Traffic Control Plugins Manage ACME certificates, basic rate limiting, and lightweight caching. | ||
Simple Data Transformations Add or remove headers, JSON data, or query strings. | ||
gRPC Transformations Translate requests from gRPC-Web and REST to backend gRPC services. | ||
GraphQL Convert GraphQL queries to REST requests. Rate limit and cache GraphQL queries. | ||
Request Validation Validate requests using either Kong’s own schema validator or a JSON Schema Draft 4-compliant validator. | ||
jq Transformations Advanced JSON transformations of requests or responses with the ability to chain transformations. | ||
Advanced Caching Cache responses and optimize for high scale by integrating distributed backends | ||
Advanced Rate Limiting Enterprise-grade rate limiting with sliding window controls | ||
Authentication Common methods of API authentication - Basic Auth, HMAC, JWT Key Auth, limited OAuth 2.0, limited LDAP | ||
Advanced Authentication Enterprise-grade API authentication - Full OAuth 2.0, OpenID Connect, Vault, mutual TLS, JWT signing/resigning, full LDAP | ||
Role-Based Access Control (RBAC) Control gateway configurations based on a user’s role in the organization | ||
Basic Authorization (Bot Detection, CORS controls, ACLs) Control access to APIs by rules of user behavior and control lists | ||
Advanced Authorization (OPA) Control access to APIs with complex, programmable, enterprise-wide rules | ||
Secret Management Encrypt sensitive keys, certificates, and passwords | ||
FIPS 140-2 Support Kong Gateway now provides a FIPS mode, which at its core uses the FIPS 140-2 compliant BoringCrypto for cryptographic operations. | ||
Signed Kong Images Kong Gateway container images are signed and verifiable in accordance with SLSA guidelines. | ||
Kong Images Build Provenance Kong Gateway container images generate build level provenance and are verifiable in accordance with SLSA guidelines. | ||
Simple logging Send basic API gateway logs - File logging, HTTP logging, basic StatsD, TCP/UDP logging | ||
API Analytics Natively analyze requests and responses flowing through the API gateway | ||
Gateway Event Hooks Automatically log out or send web hooks on changes to the gateway, such as administrators added or rate limits exceeded | ||
Multi-LLM support Switch between different AI providers and models without having to change your application code | ||
AI traffic control Proxy AI traffic through the Kong Gateway and manage it with AI plugins | ||
AI prompt security Enforce secure and compliant AI prompts with the AI Prompt Decorator, AI Prompt Guard, and AI Prompt Template plugins | ||
AI observability Collect metrics from AI traffic, and use any Kong Gateway logging plugin to send it to your logging provider of choice | ||
Enterprise support 24/7 x 365 technical support SLAs | ||
Security CVE and Bug Fix Backports | ||
Performance Tuning Guidance | ||
Customer Success Packages - Add-on Accelerate time to value with dedicated Technical Account Managers and Field Engineers |