KrakenD EE v2.7: Workflows, enhanced Rate Limiting, Direct WS, and more

Today, we released KrakenD EE v2.7, the latest version of our enterprise edition. This version includes many new features and enhancements to existing components. Here’s a closer look at what’s new and why it matters.

Workflows

The most exciting addition in KrakenD EE v2.7 is the new workflow component that allows you to create workflows and nest virtual endpoints without limitations. This feature is a game-changer for those managing complex API ecosystems, enabling you to orchestrate multiple API calls within the gateway efficiently. By nesting virtual endpoints, you can simplify processes, reduce external dependencies, and remove responsibility from the clients consuming your APIs. Here is a super-simple use case (but you can do wild things!):

New Rate Limiting options

The introduction of tier-based rate limiting allows you to categorize users or clients into different tiers, each with its own specific rate limits. You can now implement more granular access controls for enterprises, ensuring premium users enjoy higher request limits while maintaining stricter controls on free or lower-tier users.

In addition, we’ve introduced a parameter-based rate limiting. This feature allows you to define rate limits based on specific {parameters}, providing even more control over how your API handles incoming requests.

Finally, the rate-limiting libraries have undergone an intensive optimization, which brings a much better result on memory usage, reducing RAM consumption by at least 70% in the majority of scenarios. New micro-optimization options like cleanup_period, cleanup_threads, and num_shards give you more control to perform more efficiently, even under heavy load.

Direct WebSocket Communication

We’ve added direct WebSocket communication to KrakenD EE. This feature complements the existing multiplexing option and allows for direct, bidirectional communication with WebSocket clients.

More security options

Security is always a top priority, and in this release, we’ve enhanced the gRPC server with token-based authorization. This added layer of security ensures that only authenticated requests are processed, which is crucial for protecting sensitive data and maintaining the integrity of your services.

Additionally, we’ve corrected redirect issues when using VirtualHosts, particularly those involving trailing slashes, which could cause unexpected behavior in certain scenarios.

Another notable mention is the addition of all security options added to the Community version recently, like:

• Restructured TLS configuration, which now supports multiple certificates
• Enhanced Cross-Origin Resource Sharing (CORS) handling with options_passthrough, options_success_status, and allow_private_network, which helps prevent CSRF Pharming attacks and man-in-the-middle (MITM) attacks
• The new features of the HTTP Security component (like allowed_hosts_are_regex, ssl_proxy_headers, and force_sts_header, which allow you to use regular expressions to define hosts lists, and let you force STS headers even when requests come in plain HTTP.

OpenAPI metadata

Now, when importing OpenAPI specs, you can include x-krakend- metadata to configure gateway behavior directly from the spec file. With this edition, you can operate completely the gateway from an OpenAPI file, even for the things the specification does not cover. Additionally, we’ve added new fields such as jwt_key and param_definition to further extend the configurability of your APIs within the OpenAPI framework.

Conclusion

KrakenD EE v2.7 is a robust and feature-packed release that offers new tools for building and managing scalable, secure, and efficient APIs. Whether you’re looking to streamline complex workflows, enhance security, or optimize performance, this latest version of KrakenD EE provides the capabilities you need to succeed. We encourage all users to upgrade to v2.7 and start exploring the full potential of these new features today! Find below the rest of the features this version brings: