DataDome

The Kong DataDome plugin relies on the DataDome Bot & Fraud Protection Platform to validate if any incoming API request is legitimate or coming from a bot.

Once the plugin is installed, the only requirement is to configure your DataDome server-side key.

Here’s how the plugin works:

1. The DataDome plugin hooks into every API request from a client.
2. The plugin proxies a request to the DataDome Bot & Fraud Protection Platform to assess threats in real time using DataDome’s machine learning solution.
3. The plugin either allows the request to be proxied to the upstream service, or rejects and blocks it based on DataDome’s assessment.

You can install the DataDome plugin via LuaRocks. A Lua plugin is distributed in .rock format, which is a self-contained package that can be installed locally or from a remote server.

1. Install the DataDome plugin:

   luarocks install kong-plugin-datadome
   

2. Update your loaded plugins list in Kong Gateway.

   In your kong.conf, append datadome to the plugins field. Make sure the field isn’t commented out.

   plugins = bundled,datadome
   

3. Restart Kong Gateway:

   kong restart