Kong Event Gateway: Unifying API and Events in a Single Platform

Kong customers include some of the most forward-thinking, tech-savvy organizations in the world. And while we’re proud to help them innovate through traditional APIs, the reality is that their ambitions don’t stop there. Increasingly, our customers are investing heavily in real-time data and event streaming.

We’re excited to announce the launch of Kong Event Gateway — bringing the power of Kong’s API platform to the world of event-driven architecture, Apache Kafka, and real-time data. With this release, you can build, govern, secure, expose, and socialize Kafka-based event streams just like you do with APIs — all from a single, unified platform. In future releases, we'll add support for additional eventing platforms.

There are two architectural patterns supported for events in Kong Event Gateway:

• Protocol Mediation makes it easier to access Kafka over familiar HTTP protocol using plugins in Kong Gateway.
• Kong Native Event Proxy (Early Access) injects policy-based controls between Kafka clients and Kafka clusters using native Kafka protocols.

In this blog, we’ll cover both:

• Why the API platform is the ideal place to manage, secure, and govern access to event streams
• The specifics of what is available for Kafka today

Why bring an API platform to the eventing universe?

Adding a gateway between clients and event brokers is about unlocking flexibility, control, and scalability. Just like with traditional APIs, a gateway helps decouple producers and consumers from the underlying event streaming infrastructure, making change management and service evolution more agile. It allows teams to apply consistent authentication, enforce contracts, manage access policies, and route traffic intelligently — without having to modify every client, create new topics, or stand up new infrastructure. At the same time, it provides a central point for observability and monitoring.

Implementing an event gateway improves the developer experience for both internal teams and third-party consumers by providing a unified, well-documented interface to publish and subscribe to events. Developers gain access to self-service tooling, consistent event formats, and built-in observability, which accelerates onboarding and reduces integration errors. For third-party consumers, this means faster time to value and a more stable, secure way to interact with real-time data streams.

In short, the Kong Event Gateway — as a part of the larger API platform — brings proven API platform benefits to your event-driven architecture, allowing teams to move faster, stay secure, and build with confidence.

Let’s dive deeper.

A better experience for developers

APIs and event streams are just different approaches to intra-service communication that developers have to engage with. Historically, organizations have had to handle them separately, using one set of tools and workflows for traditional APIs and another for event streaming. That fragmentation creates friction, increases operational complexity, and slows down innovation.

With Kong Event Gateway, you can unify the developer experience for both APIs and events:

• One platform to expose traditional APIs and event streams
• One developer portal to discover, understand, and consume both APIs and events
• One service catalog to internally discover and inventory event APIs and measure their compliance with security, reliability, and other recommended practices
• One place to manage security, access, and governance across all services
• One automation framework to enforce guidelines as automated guardrails across the platform

What's available for Kafka today?

Event Gateway is Kafka-focused right now, but we'll be adding more broker and protocol support in the future. Today, you can use the Kong Konnect API platform to:

• Expose traditional APIs and event streams: expose Kafka broker resources as HTTP-based event APIs and/or native Kafka services that communicate over the Kafka protocol
• Publish Kafka HTTP-based event APIs as self-serve API products in the Konnect Developer Portal
• Inventory and create scorecards for Kafka HTTP-based event APIs in the Konnect Service Catalog
• Manage security, access, and governance across both Kafka event APIs and native Kafka proxy services
• Use a single automation framework to enforce guidelines as automated guardrails across the platform

Note: Both Developer Portal and Service Catalog do not yet support native event proxy services; this is planned for a future release this year.

Whether your developers want to consume event stream data using native protocols or via HTTP-based interfaces like REST APIs or Server-Sent Events (SSE), Kong Event Gateway makes it easy. These benefits equally extend to data teams looking to expose data products and platform teams looking to build common, repeatable, and reliable operations. Product owners and execs get a framework to build innovation faster with new products and experiences.

Productize and monetize real-time data streams

Streaming data has huge potential value — but too often, event streaming data is locked away in its application silo or limited to internal teams. Event brokers’ primary focus on internal, trusted participants makes delivering an enterprise fabric challenging in our ever more complex eco-systems that often stretch outside of our trusted networks to technology partners and SaaS applications, suppliers, or customers.

With Kong Event Gateway, platform teams can expose real-time data streams as self-serve API products. As it pertains to Kafka (which is what we support today), protocol mediation makes eventing data accessible to non-Kafka clients without the need to become a Kafka expert. Or serve power users with native Kafka access — both secured and governed by Kong. Over time, this will extend beyond the Kafka world, as there will never be a shortage of HTTP clients that want access to real-time data from multiple different real-time sources.

Then, use Kong’s unified Developer Portal to publish these services as internal, partner, or monetized data products. That means:

• Developers get easier access to real-time data.
• Customers benefit from new real-time digital experiences.
• Enterprises unlock new growth and innovation opportunities.

Integrating Kong’s Event Gateway allows you to leverage a library of pre-built policies, adding layers of additional security and controls to your event streaming architecture. Perhaps you want to extend access to new internal and external audiences, adding OAuth or API keys — great for monetization scenarios. Perhaps some clients should only see a filtered set of data. Perhaps you want to redact sensitive data or add data encryption. You probably also want to make sure that data pushed into the event stream meets schema specifications to minimize downstream failures.

What is available for Kafka today?

Today, you can use the Konnect API platform to:

• Publish HTTP-based Kafka event APIs as self-serve API products in the Konnect Developer Portal
• Create and publish OAS documentation for “Kafka as REST APIs”
• Implement standardized authorization and credential access for HTTP-based Kafka event APIs
• Implement analytics and observability to track consumption metrics for event API products

Note: Developer Portal support for the native event proxy is coming soon, as is support for AsyncAPI documentation in the Konnect Developer Portal.

Strengthen security posture for event streams

We aren't saying that your event or message broker lacks security functionality. But we are saying there are better ways to operationalize how you manage security for controlling access to those events. This better way is the Event Gateway. With the Event Gateway, you'll be able to:

• Design and enforce standard authorization, encryption, and other security policies for a variety of event broker solutions — all using the same Konnect unified API platform
• Offload custom security logic and policies from the client side to the Gateway, giving you more control (especially in situations where you might not have direct access to the client) and making it easier to make global security decisions and changes, as you can make the change once in the Gateway as opposed to many times across a large set of client applications
• Centrally inventory and manage all services and their security posture from a single pane of glass, leveraging the discovery power of Service Catalog

This is the vision that we have for a secure, multi-broker universe. For the specifics around what is available for Kafka today, please read the section below.

What's available for Kafka today?

Today, you can use the Event Gateway to enforce the following security measures for both protocol mediation event APIs and native Kafka event proxy services:

• Unified auth (OAuth2, OIDC, JWT, API key) across APIs and Kafka event streams
• Observability and analytics for both sync and async traffic
• Automatic encryption and decryption of messages without changes at the client

With Kong Event Gateway, you can enforce a consistent security posture across your events and APIs. Kong centralizes the enforcement of security policies — eliminating the need to manage redundant access rules in Kafka, reducing the risk of configuration drift, and enabling automated policy-as-code workflows.

When operating across untrusted or public networks or when interacting with clients that aren't fully under your control, automatic encryption can significantly reduce risk. Many organizations are moving streaming workloads to the cloud, either client or broker — encryption provides assurance that data is protected at all times and only accessible by authorized clients. Our customers also report the need to secure communications with SaaS software platforms with internal systems as a key driver for encryption and enhanced security in their eventing infrastructure.

By managing both API and event security in a single layer, platform and security teams get the visibility and control they need to stay compliant and secure.

Make more efficient use of your infrastructure, a Kafka-specific benefit (for now)

Event and message brokers are great for streaming large volumes of critical data, but safely sharing data across teams and services can be expensive and operationally complex. Requirement differences between teams can result in duplicate events and even the provisioning of new infrastructure. This is especially true for Kafka, so — today — we're more Kafka-focused for this use case. We'll explore how this kind of solution might be able to map to other event and message brokers and protocols in the future.

Today, the Kong Event Gateway introduces two powerful concepts when using Kafka as your event broker:

• Virtual Clusters: Logically isolate teams without spinning up and maintaining separate physical Kafka clusters by assigning topics to virtual clusters. Deliver multitenancy with fewer resources. Carve out dev and test environments from shared environments.
• Virtual Topics: Eliminate the need to duplicate topics just to segment data access. Instead, store your events in centralized topics and let Kong enforce access policies, message filtering, content redaction, and client isolation dynamically.

Note: Today, you can isolate topics for data segmentation, but message filtering and content redaction for virtual topics will come in a future release this year.

These capabilities reduce the need to overprovision costly Kafka infrastructure, promoting multi-tenancy and helping you elastically scale real-time data access while controlling costs and unlocking more value from your existing investments. At the moment, these are specific to Kafka, but we are actively exploring how to bring similar value to the rest of the eventing universe.

Using Kong Gateway also provides an observability and analytics framework, particularly when paired with Kong Konnect, Kong’s API platform. Monitoring and diagnosing issues across both synchronous and asynchronous APIs is now much easier.