Enterprise vs. Open Source

A visual tool to generate KrakenD configurations

Check security and best practices recommendations of your configuration before going live

Validate configuration files (syntax, linting, route declaration testing)

Declare the configuration using templates and environment-specific values

Extends the flexible config adding $ref, nested directories, multiple settings file formats, conflict handling, debugging and more.

Write the configuration in JSON, YAML, TOML, HCL and more.

Speed up development with a specific container with hot-reload functionality

Automatic validation as you type, showing documentation while hovering an attribute, explanation of errors, and autocompletion of properties

A ready-to-use image to build your custom Go plugins and embed them in KrakenD

Integrated tool to write integration tests to launch in your pipeline and check that the functionality works correctly

Import configurations from OpenAPI + Mocking server generation (Swagger v2 & OpenAPI 3)

Generate OpenAPI documentation from the KrakenD configuration

Start an API gateway from an OpenAPI definition file.

Generate Postman collections during the CI/CD stage

Generate Graphviz images displaying your configuration logic

Dump requests and responses into a files

Create an API consumption layer that provides aggregated “views” of several services and returns only the needed data

Create endpoints with data views aggregation from multiple APIs or services simultaneously

Filter, group, capture, rename, inject, and more on responses from services.

Set automatically cache headers for CDN or intermediate caching

Automatic output encoding and translation (XML, JSON, RSS, noop)

A speed-optimized JSON decoder for larger datasets and complex objects

Manipulate arrays and flatten objects from the response

Ouput compression of responses in gzip format

Craft the body you send to a backend through templates, and injecting other values from the user request such as the original body, headers, querystrings or URL parameters.

Completely manipulate the response of a backend using Go templates before it is returned to the end-user.

Select, slice, filter, map, project, flatten, sort, and all sorts of operations through a javascript-like query language

Modify the response of your services with regular expressions.

Add validation rules to continue with the request or to return the response

Transform requests and responses with Lua scripts

Write your own Go plugins and side-load them with KrakenD to extend the functionality

Ensure the response passes a JSON schema validation before returning it to the end-user

Validate the request body against a JSON schema

Statically transform requests and responses through a simple DSL definition

Override the policy of returning backend error details with different strategies (delegated, graceful degradation, forward, interpretation)

Store backend responses in memory to reduce the number of calls a user sends to the origin, reducing the network traffic and alleviating your services’ pressure.

Use the ouput of a previous call to be chained in the next call.

Add static/stub data as replacement of failing responses or while you are scaffolding your project.

Create nested and dependent API consumption to complete a job

Binary with a FIPS 140-2 validated encryption module available

A powerful engine that evaluates requests, responses and tokens during runtime and allows you to perform business validation logic, ABAC, and RBAC.

TLS configuration secured by default to TLS 1.3. Multiple certificates are possible.

Explicit configuration for cookie, query-string, and headers forwarding

Define a list of hosts that KrakenD should accept requests to.

OWASP recommendations that add a frame-breaking strategy.

Prevent the user’s browser from interpreting files as something else than declared by the content type

Enables the Cross-site scripting (XSS) filter in the user’s browser.

Web security policy mechanism to protect websites against protocol downgrade attacks and cookie hijacking

Resist impersonation by attackers using mis-issued or otherwise fraudulent certificates.

Cross-origin resource sharing

Proxy requests to a single backend without manipulation and preserving the response as is.

Test new backends in production by sending them copies of the traffic but ignore their responses.

JSON Web Token processing to assemble the final upstream URL

Receives all the traffic from routes and methods that do not resolve to any of the other existing endpoints in the configuration.

Header and query string processing to assemble the final upstream URL

Create a single endpoint for a group of URLs sharing a common pattern (e.g.: /foo/*).

Define a set of URLs or regular expressions that are handled by an endpoint

Run different configurations of KrakenD endpoints based on the host accessing the server.

Allow the end-user to follow redirects set by services instead of the gateway resolving them.

Authorize tokens coming from third parties or your company identity provider, and apply business logic rules.

A wrapper for your existing login endpoint that signs with your secret key the selected fields of the backend payload right before returning the content to the end-user.

OAuth 2.0 Client Credentials Grant to automatically request access tokens before reaching the backend’s protected resources.

Authentication of requests based on .htpasswd files

Authenticate users with API keys in headers or query strings

An RPC listener that allows you to revoke JWT tokens

An API to revoke tokens through all KrakenD nodes in a cluster

Support validation of tokens originated in multiple identity providers, internal or external

Mutual TLS authentication (mTLS) for authentication in business-to-business (B2B) applications where clients provide certificates to connect to KrakenD.

NT Login Manager Authentication against Window backends like Microsoft Dynamics.

Offer REST content while consuming other protocols from the services like AMQP, Kafka, NATS, gRPC to name a few

Create a gRPC server even when you don’t have any capable upstream gRPC backend, consuming regular HTTP content.

Connect to your gRPC services by providing the .proto files

Enable static web server capabilities to serve javascript applications, CSS, images, etc along with its API.

Connect to services using weighted DNS SRV records

REST to GraphQL transformation and GraphQL gateway as a proxy

Balancing egress traffic (to upstream)

Implement event-driven architectures with Async agents, which react to new events in queues and push data to your backends or webhooks.

Invoke Amazon Lambda functions on a KrakenD endpoint call

REST to SOAP and request forgery and manipulation to efortlessly modernize legacy services

WebSocket Protocol (RFC-6455) to enable two-way multiplexed communication between multiple clients and a single backend host through the API gateway.

WebSocket proxy to connect clients to backend services directly, keeping a 1:1 relationship.

Connections to services through an HTTP corporate proxy

Retrieve messages from a queue and deliver them to the user as a REST endpoint

Publish a REST endpoint that sends messages to a queue automatically.

Enable message queuing and durable publish/subscribe messaging in Azure

Send and receive messages between independent applications using GCP PubSub

Connect to the high performance open source messaging system NATS

Enable the distributed streaming platform Apache Kafka

Enable exchanging data with topics, push-based, many-to-many in AWS SNS

Use queues from the managed Amazon Simple Queue Service (SQS)

Improve the response times and decrease error rates by requesting in parallel the same information multiple times. Backend pressure in exchange for better response times.

The circuit breaker prevents sending more traffic to a failing backend until it recovers, alleviating its pressure under challenging conditions.

The Spike Arrest policy ensures a minimum time between different requests. KrakenD will enable Spike Arrest after exhausting the burst capacity of the rate-limiting features.

Discard traffic from bot patterns

Define the default timeout but per-endpoint timeouts, idle connections, and other settings.

Stateless rate limit to control the throughput of users against the API.

Rate limit based on tiers/plans, applying different limits depending on the subscription type of the user.

Stateless rate limit to control the throughput of users against specific endpoints.

A Redis database store to centralize all KrakenD node counters.

Restrict the connections KrakenD makes to your backends, independently of users’ acrivity.

Restrict the traffic to specific to all endpoints based on IP address and CIDR blocks.

Forward requests to your services with enrichment coming from Maxmind’s GeoIP2 City database

Push KrakenD metrics and traces to any thrid party supporting OpenTelemetry

Push KrakenD metrics and traces directly to SaaS providers without a local collector

Override OpenTelemetry behavior on specific endpoints and backends

Choose where and how to log the gateway activity

Send structured events in GELF format to your Graylog Cluster

Collect extended metrics to push them to InfluxDB or expose them in a /__stats/ endpoint for you to build a customized dashboard.

Submit spans to a Jaeger Collector (HTTP) or Jaeger Agent (UDP) automatically.

Push to AWS X-RAY end-to-end view of requests as they travel through your application, and the map of your application’s underlying components.

Export traces to Zipkin to troubleshoot latency problems in service architectures.

Application logs in JSON format

Have KrakenD pushing logs to your Elastic server and visualize them through a Kibana dashboard.

Expose data to Prometheus, and publish a /metrics endpoint in the selected port.

Export metrics and events to InfluxDB

The preconfigured Grafana dashboard for KrakenD offers valuable information to understand the performance of your services and detect anomalies in the service.

Export metrics and traces to Google Cloud

Push the gateway activity to Datadog, both stats and traces.

End-users validation, machine-to-machine, ot gateway-to-machine communication using Auth0.

The Keycloak integration allows one of the many possible OpenID Connect different security options available in KrakenD.

You can use Azure Active Directory and protect endpoints with its JWT integration.

OpenSource users can push metrics and traces to NewRelic through OpenTelemetry, although NewRelic has limitations on the recognized data types (e.g., histograms).

NewRelic integration with a custom implementation using the official NewRelic SDK. This is the easiest to setup (just declare an API key) and richest in data option for NewRelic users

The gateway sends all the traces to a local OpenTelemetry Collector that pushes all the data to your Application Insights on Azure Monitor.

Monitor API usage and bill customers for their usage by directly connecting Stripe or similar tools.

Set usage rules on your Moesif dashboard and let KrakenD react in real-time and cut users that are exceeding their quota.