Whether you opt for KrakenD's Open Source or Enterprise edition, you're choosing a robust API Gateway trusted by industry leaders. The Enterprise edition builds on this solid foundation by offering additional premium features designed for those looking to optimize time-to-market and operational costs. Vendor support is included with the Enterprise edition and available as an optional paid service for the Community edition.
Whichever path you choose, know that KrakenD engineers are committed to your success.
CI/CD, GitOps, and development toolsCommand line tools to integrate in your GitOps pipelines. | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
KrakenD Designer A visual tool to generate KrakenD configurations | Included in Community | Included in Enterprise |
Audit configuration Check security and best practices recommendations of your configuration before going live | Included in Community | Included in Enterprise |
Syntax validation and linting Validate configuration files (syntax, linting, route declaration testing) | Included in Community | Included in Enterprise |
Flexible configuration Declare the configuration using templates and environment-specific values | Included in Community | Included in Enterprise |
Extended flexible configuration Extends the flexible config adding | Not included in Community | Included in Enterprise |
Multi-format configuration Write the configuration in JSON, YAML, TOML, HCL and more. | Included in Community | Included in Enterprise |
Hot-reload in development Speed up development with a specific container with hot-reload functionality | Included in Community | Included in Enterprise |
IDE integration Automatic validation as you type, showing documentation while hovering an attribute, explanation of errors, and autocompletion of properties | Included in Community | Included in Enterprise |
Plugin builder A ready-to-use image to build your custom Go plugins and embed them in KrakenD | Included in Community | Included in Enterprise |
End-to-end testing tool Integrated tool to write integration tests to launch in your pipeline and check that the functionality works correctly | Not included in Community | Included in Enterprise |
OpenAPI importer Import configurations from OpenAPI + Mocking server generation (Swagger v2 & OpenAPI 3) | Not included in Community | Included in Enterprise |
OpenAPI exporter Generate OpenAPI documentation from the KrakenD configuration | Not included in Community | Included in Enterprise |
OpenAPI server Start an API gateway from an OpenAPI definition file. | Not included in Community | Included in Enterprise |
Postman Generate Postman collections during the CI/CD stage | Not included in Community | Included in Enterprise |
DOT image generator Generate Graphviz images displaying your configuration logic | Not included in Community | Included in Enterprise |
Dump to disk Dump requests and responses into a files | Not included in Community | Included in Enterprise |
Request and response transformationKrakenD goes beyond the simple proxying to service and offers numerous ways to work with multiple data sources simultaneously. | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
Backend For Frontend Create an API consumption layer that provides aggregated “views” of several services and returns only the needed data | Included in Community | Included in Enterprise |
Aggregation Create endpoints with data views aggregation from multiple APIs or services simultaneously | Included in Community | Included in Enterprise |
Data transformation Filter, group, capture, rename, inject, and more on responses from services. | Included in Community | Included in Enterprise |
HTTP Cache headers (for CDN) Set automatically cache headers for CDN or intermediate caching | Included in Community | Included in Enterprise |
Automatic output encoding Automatic output encoding and translation (XML, JSON, RSS, noop) | Included in Community | Included in Enterprise |
Faster JSON decoding (fastjson) A speed-optimized JSON decoder for larger datasets and complex objects | Not included in Community | Included in Enterprise |
Flatmap Manipulate arrays and flatten objects from the response | Included in Community | Included in Enterprise |
Gzip compression Ouput compression of responses in gzip format | Not included in Community | Included in Enterprise |
Request manipulation using go templates (body generator) Craft the body you send to a backend through templates, and injecting other values from the user request such as the original body, headers, querystrings or URL parameters. | Not included in Community | Included in Enterprise |
Response manipulation using go templates Completely manipulate the response of a backend using Go templates before it is returned to the end-user. | Not included in Community | Included in Enterprise |
Response manipulation with query language Select, slice, filter, map, project, flatten, sort, and all sorts of operations through a javascript-like query language | Not included in Community | Included in Enterprise |
Regular expression replacements Modify the response of your services with regular expressions. | Not included in Community | Included in Enterprise |
Conditional request and responses (CEL) Add validation rules to continue with the request or to return the response | Included in Community | Included in Enterprise |
Lua scripting Transform requests and responses with Lua scripts | Included in Community | Included in Enterprise |
Lua advanced helpers Advanced helpers that run on Go’s native implementation rather than Lua for better performance and extended functionality. | Not included in Community | Included in Enterprise |
Custom Go plugins Write your own Go plugins and side-load them with KrakenD to extend the functionality | Included in Community | Included in Enterprise |
JSON Schema response validation Ensure the response passes a JSON schema validation before returning it to the end-user | Not included in Community | Included in Enterprise |
JSON Schema request validation Validate the request body against a JSON schema | Included in Community | Included in Enterprise |
Martian (DSL) Statically transform requests and responses through a simple DSL definition | Included in Community | Included in Enterprise |
Multistrategy error handling Override the policy of returning backend error details with different strategies (delegated, graceful degradation, forward, interpretation) | Included in Community | Included in Enterprise |
Cache Store backend responses in memory to reduce the number of calls a user sends to the origin, reducing the network traffic and alleviating your services’ pressure. | Included in Community | Included in Enterprise |
Sequential proxy Use the ouput of a previous call to be chained in the next call. | Included in Community | Included in Enterprise |
Mocked data Add static/stub data as replacement of failing responses or while you are scaffolding your project. | Included in Community | Included in Enterprise |
Workflows Create nested and dependent API consumption to complete a job | Not included in Community | Included in Enterprise |
SecurityKrakenD is secure by default, and has a zero-trust approach. It also allows you to add and modify multiple options to protect you from hacking attempts. | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
FIPS-140-2 cryptography module Binary with a FIPS 140-2 validated encryption module available | Not included in Community | Included in Enterprise |
Security Policies Engine A powerful engine that evaluates requests, responses and tokens during runtime and allows you to perform business validation logic, ABAC, and RBAC. | Not included in Community | Included in Enterprise |
TLS for HTTPS and HTTP/2 TLS configuration secured by default to TLS 1.3. Multiple certificates are possible. | Included in Community | Included in Enterprise |
Zero-trust parameter forwarding Explicit configuration for cookie, query-string, and headers forwarding | Included in Community | Included in Enterprise |
Restrict connections by host Define a list of hosts that KrakenD should accept requests to. | Included in Community | Included in Enterprise |
Clickjacking protection OWASP recommendations that add a frame-breaking strategy. | Included in Community | Included in Enterprise |
MIME-Sniffing prevention Prevent the user’s browser from interpreting files as something else than declared by the content type | Included in Community | Included in Enterprise |
Cross-site scripting (XSS) protection Enables the Cross-site scripting (XSS) filter in the user’s browser. | Included in Community | Included in Enterprise |
HTTP Strict Transport Security (HSTS) Web security policy mechanism to protect websites against protocol downgrade attacks and cookie hijacking | Included in Community | Included in Enterprise |
HTTP Public Key Pinning (HPKP) Resist impersonation by attackers using mis-issued or otherwise fraudulent certificates. | Included in Community | Included in Enterprise |
CORS Cross-origin resource sharing | Included in Community | Included in Enterprise |
RoutingOptions to work with routing | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
Noop proxy Proxy requests to a single backend without manipulation and preserving the response as is. | Included in Community | Included in Enterprise |
Traffic shadowing/mirroring Test new backends in production by sending them copies of the traffic but ignore their responses. | Included in Community | Included in Enterprise |
JWT claim-based routing JSON Web Token processing to assemble the final upstream URL | Included in Community | Included in Enterprise |
Catchall (Fallback upstream) Receives all the traffic from routes and methods that do not resolve to any of the other existing endpoints in the configuration. | Not included in Community | Included in Enterprise |
Header and query string based dynamic routing Header and query string processing to assemble the final upstream URL | Not included in Community | Included in Enterprise |
Wildcard routes Create a single endpoint for a group of URLs sharing a common pattern (e.g.: | Not included in Community | Included in Enterprise |
URL rewrite Define a set of URLs or regular expressions that are handled by an endpoint | Not included in Community | Included in Enterprise |
Virtual Hosts Run different configurations of KrakenD endpoints based on the host accessing the server. | Not included in Community | Included in Enterprise |
Configurable client redirects Allow the end-user to follow redirects set by services instead of the gateway resolving them. | Not included in Community | Included in Enterprise |
Authorization and authenticationAuthorization, authentication and related functionalities to protect your endpoints. | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
JWT, OpenID Connect, OAuth2 Authorize tokens coming from third parties or your company identity provider, and apply business logic rules. | Included in Community | Included in Enterprise |
JWT token signing A wrapper for your existing login endpoint that signs with your secret key the selected fields of the backend payload right before returning the content to the end-user. | Included in Community | Included in Enterprise |
Client credentials OAuth 2.0 Client Credentials Grant to automatically request access tokens before reaching the backend’s protected resources. | Included in Community | Included in Enterprise |
Basic authentication Authentication of requests based on .htpasswd files | Not included in Community | Included in Enterprise |
API keys Authenticate users with API keys in headers or query strings | Not included in Community | Included in Enterprise |
Token revocation bloom filter An RPC listener that allows you to revoke JWT tokens | Included in Community | Included in Enterprise |
Revoke Server An API to revoke tokens through all KrakenD nodes in a cluster | Not included in Community | Included in Enterprise |
Multiple identity providers per endpoint Support validation of tokens originated in multiple identity providers, internal or external | Not included in Community | Included in Enterprise |
mTLS Mutual TLS authentication (mTLS) for authentication in business-to-business (B2B) applications where clients provide certificates to connect to KrakenD. | Included in Community | Included in Enterprise |
NTLM authentication NT Login Manager Authentication against Window backends like Microsoft Dynamics. | Not included in Community | Included in Enterprise |
Services ConnectivityIntegrations with non-REST services | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
Protocol translation Offer REST content while consuming other protocols from the services like AMQP, Kafka, NATS, gRPC to name a few | Included in Community | Included in Enterprise |
gRPC Server Create a gRPC server even when you don’t have any capable upstream gRPC backend, consuming regular HTTP content. | Not included in Community | Included in Enterprise |
gRPC Client Connect to your gRPC services by providing the .proto files | Not included in Community | Included in Enterprise |
Static web server Enable static web server capabilities to serve javascript applications, CSS, images, etc along with its API. | Not included in Community | Included in Enterprise |
Service discovery Connect to services using weighted DNS SRV records | Included in Community | Included in Enterprise |
GraphQL REST to GraphQL transformation and GraphQL gateway as a proxy | Included in Community | Included in Enterprise |
Load Balancing Balancing egress traffic (to upstream) | Included in Community | Included in Enterprise |
Async Agents Implement event-driven architectures with Async agents, which react to new events in queues and push data to your backends or webhooks. | Included in Community | Included in Enterprise |
Lambda functions Invoke Amazon Lambda functions on a KrakenD endpoint call | Included in Community | Included in Enterprise |
SOAP integration REST to SOAP and request forgery and manipulation to efortlessly modernize legacy services | Not included in Community | Included in Enterprise |
WebSockets multiplexer WebSocket Protocol (RFC-6455) to enable two-way multiplexed communication between multiple clients and a single backend host through the API gateway. | Not included in Community | Included in Enterprise |
Direct WebSockets WebSocket proxy to connect clients to backend services directly, keeping a 1:1 relationship. | Not included in Community | Included in Enterprise |
Intermediary web proxy Connections to services through an HTTP corporate proxy | Not included in Community | Included in Enterprise |
AMQP/RabbitMQ Consumer Retrieve messages from a queue and deliver them to the user as a REST endpoint | Included in Community | Included in Enterprise |
AMQP/RabbitMQ Producer Publish a REST endpoint that sends messages to a queue automatically. | Included in Community | Included in Enterprise |
Azure Service Bus Topic and Subscription Enable message queuing and durable publish/subscribe messaging in Azure | Included in Community | Included in Enterprise |
Google Cloud PubSub Send and receive messages between independent applications using GCP PubSub | Included in Community | Included in Enterprise |
NATS Connect to the high performance open source messaging system NATS | Included in Community | Included in Enterprise |
Apache Kafka Enable the distributed streaming platform Apache Kafka | Included in Community | Included in Enterprise |
Amazon SNS Enable exchanging data with topics, push-based, many-to-many in AWS SNS | Included in Community | Included in Enterprise |
Amazon SQS Use queues from the managed Amazon Simple Queue Service (SQS) | Included in Community | Included in Enterprise |
Traffic ManagementKrakenD offers several ways to protect the usage of your infrastructure that might act at very different levels. | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
Concurrent calls Improve the response times and decrease error rates by requesting in parallel the same information multiple times. Backend pressure in exchange for better response times. | Included in Community | Included in Enterprise |
Circuit breaker The circuit breaker prevents sending more traffic to a failing backend until it recovers, alleviating its pressure under challenging conditions. | Included in Community | Included in Enterprise |
Spike Arrest and Burst The Spike Arrest policy ensures a minimum time between different requests. KrakenD will enable Spike Arrest after exhausting the burst capacity of the rate-limiting features. | Included in Community | Included in Enterprise |
Bot detector Discard traffic from bot patterns | Included in Community | Included in Enterprise |
Granular timeouts Define the default timeout but per-endpoint timeouts, idle connections, and other settings. | Included in Community | Included in Enterprise |
Service rate limit Stateless rate limit to control the throughput of users against the API. | Not included in Community | Included in Enterprise |
Tiered rate limit Rate limit based on tiers/plans, applying different limits depending on the subscription type of the user. | Not included in Community | Included in Enterprise |
Endpoint rate limit Stateless rate limit to control the throughput of users against specific endpoints. | Included in Community | Included in Enterprise |
Stateful rate limit (Redis backed) A Redis database store to centralize all KrakenD node counters. | Not included in Community | Included in Enterprise |
Proxy rate limit Restrict the connections KrakenD makes to your backends, independently of users’ acrivity. | Included in Community | Included in Enterprise |
IP Filtering Restrict the traffic to specific to all endpoints based on IP address and CIDR blocks. | Not included in Community | Included in Enterprise |
Maxmind's GeoIP Forward requests to your services with enrichment coming from Maxmind’s GeoIP2 City database | Not included in Community | Included in Enterprise |
ObservabilityLogging, tracing and metrics. | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
OpenTelemetry Push KrakenD metrics and traces to any thrid party supporting OpenTelemetry | Included in Community | Included in Enterprise |
OpenTelemetry SaaS authentication Push KrakenD metrics and traces directly to SaaS providers without a local collector | Not included in Community | Included in Enterprise |
Granular OpenTelemetry Override OpenTelemetry behavior on specific endpoints and backends | Included in Community | Included in Enterprise |
Exporter Override for OpenTelemetry Change OpenTelemetry exporters for specific endpoints | Not included in Community | Included in Enterprise |
Logging Choose where and how to log the gateway activity | Included in Community | Included in Enterprise |
Customizable Logging Set custom patterns for logging | Not included in Community | Included in Enterprise |
Graylog/GELF logging Send structured events in GELF format to your Graylog Cluster | Included in Community | Included in Enterprise |
Custom access log Define field by field how your access log should look like | Not included in Community | Included in Enterprise |
Extended metrics Collect extended metrics to push them to InfluxDB or expose them in a /__stats/ endpoint for you to build a customized dashboard. | Included in Community | Included in Enterprise |
Jaeger tracing Submit spans to a Jaeger Collector (HTTP) or Jaeger Agent (UDP) automatically. | Included in Community | Included in Enterprise |
AWS X-Ray metrics and traces Push to AWS X-RAY end-to-end view of requests as they travel through your application, and the map of your application’s underlying components. | Included in Community | Included in Enterprise |
Zipkin tracing Export traces to Zipkin to troubleshoot latency problems in service architectures. | Included in Community | Included in Enterprise |
Elastic Logstash Application logs in JSON format | Included in Community | Included in Enterprise |
ELK Stack dashboard Have KrakenD pushing logs to your Elastic server and visualize them through a Kibana dashboard. | Included in Community | Included in Enterprise |
Prometheus Expose data to Prometheus, and publish a /metrics endpoint in the selected port. | Included in Community | Included in Enterprise |
InfluxDB metrics Export metrics and events to InfluxDB | Included in Community | Included in Enterprise |
Grafana Dashboard The preconfigured Grafana dashboard for KrakenD offers valuable information to understand the performance of your services and detect anomalies in the service. | Included in Community | Included in Enterprise |
Google Cloud's operation suite Export metrics and traces to Google Cloud | Included in Community | Included in Enterprise |
Datadog Push the gateway activity to Datadog, both stats and traces. | Included in Community | Included in Enterprise |
Auth0/Okta End-users validation, machine-to-machine, ot gateway-to-machine communication using Auth0. | Included in Community | Included in Enterprise |
Keycloak The Keycloak integration allows one of the many possible OpenID Connect different security options available in KrakenD. | Included in Community | Included in Enterprise |
Azure Active Directory You can use Azure Active Directory and protect endpoints with its JWT integration. | Included in Community | Included in Enterprise |
NewRelic (through OpenTelemetry) OpenSource users can push metrics and traces to NewRelic through OpenTelemetry, although NewRelic has limitations on the recognized data types (e.g., histograms). | Included in Community | Included in Enterprise |
NewRelic (native SDK) NewRelic integration with a custom implementation using the official NewRelic SDK. This is the easiest to setup (just declare an API key) and richest in data option for NewRelic users | Not included in Community | Included in Enterprise |
Azure OpenTelemetry Collector The gateway sends all the traces to a local OpenTelemetry Collector that pushes all the data to your Application Insights on Azure Monitor. | Included in Community | Included in Enterprise |
API Governance and API MonetizationMonetize API usage with a robust analytics and billing platform, and govern the usage of your APIs | CE
Community Edition | EE
Enterprise Edition |
---|---|---|
API Monetization (Moesif integration) Monitor API usage and bill customers for their usage by directly connecting Stripe or similar tools. | Not included in Community | Included in Enterprise |
API Governance Set usage rules on your Moesif dashboard and let KrakenD react in real-time and cut users that are exceeding their quota. | Not included in Community | Included in Enterprise |