What fields does the Kong connect form ask for?

A Name for the connection, the Kong Admin API Url, and an admin Key. The Key is write-only. Fill all three, then run Test Connection.

Which Kong editions does Apiable connect to?

The picker lists Kong Community Edition and Kong Enterprise Edition. The Community Edition path is the one that opens the Kong connect form and runs through the Kong adapter today.

Is the Kong admin Key stored in plain text?

No. The Key field is write-only. You enter it when you connect or update the gateway, and Apiable does not return it when you reopen the form.

How do I check the Kong connection works?

Click the refresh control labelled Test Connection. Apiable calls your Kong Admin API Url with the Key as the check. A green check reads passed; a red mark reads failed.

Does Apiable fully support Kong?

Core flow yes: connect, sync services as APIs, and deploy subscriptions by creating Kong consumers, keys, and ACL group membership. Several per-key operations, including secret rotation, key enable and disable, on-gateway validation, and per-key usage, are not yet implemented.

What does Apiable create on Kong when a consumer subscribes?

A Kong consumer, a key-auth API key or OAuth2 app, ACL group membership for the plan, and the plan's rate-limiting. It can also attach an http-log plugin when usage events are enabled.

How do I let Apiable reach the Kong Admin API safely?

Route the Admin API through Kong itself as a service named admin-api on 127.0.0.1:8001, add a route, and protect it with the key-auth plugin. Apiable then calls that route with an admin key over your normal proxy.

Can I restrict which IP reaches the Kong Admin API route?

Yes. Add the ip-restriction plugin to the admin-api service and allow only Apiable's portal IP. Request that IP from support@apiable.io. Keep key-auth on as well, so the route needs both a valid key and an allowed IP.

Integrations

Connect Kong

Connect Kong in Apiable. Enter the connection name, the Kong Admin API Url, and an admin Key, then run Test Connection. Apiable manages consumers, keys, ACL groups, and rate limits on Kong.

You connect Kong under Integrations → API Gateways. You give the connection a name, enter your Kong Admin API Url, and paste an admin Key. Then you run Test Connection. The core flow works on Kong today; some per-key operations do not yet.

Which Kong editions can you connect?

The Select an API Gateway Type list shows Kong Community Edition and Kong Enterprise Edition as separate rows. The Community Edition row opens the Kong connect form and runs through the Kong adapter. Both, where connected, share the same connect fields and the same adapter behavior.

The connect fields below are the same regardless of edition: a name, the Admin API Url, and an admin Key.

Where do you connect Kong?

Go to Integrations → API Gateways, choose + Add Gateway, and on Select an API Gateway Type pick Kong Community Edition, then connect.

Open Integrations → API Gateways.
Choose + Add Gateway.
On Select an API Gateway Type, select Kong Community Edition.
Confirm the selection to open the connect form. The gateway type is shown at the top.

What does each Kong field mean?

The connect form asks for a name, the Admin API URL, and an admin key. The Key is write-only, so Apiable does not show it again after you save.

Field	What to enter
Name	A label for this connection inside Apiable. Required.
Url	The base URL of your Kong Admin API, for example `https://kong-admin.example.com`. Apiable calls this URL to manage consumers, keys, and plugins. Required.
Key (write-only)	An admin API key sent as the `apikey` header on Admin API calls. Required.

A trailing slash on the Url is removed when you save, so https://kong-admin.example.com/ is stored as https://kong-admin.example.com.

How do you expose the Admin API to Apiable safely?

Route Kong's Admin API through Kong itself. Create a service that points at the Admin API on loopback 127.0.0.1:8001, add a route for it, and protect that route with the key-auth plugin. Apiable then reaches the Admin API over your normal proxy with a key.

This keeps port 8001 closed to the outside while still letting Apiable manage consumers, keys, and plugins through an authenticated route. Run these against your Admin API, then use the proxied route as the Url and the key-auth key as the Key in Apiable.

Create a service named admin-api that targets the Admin API on loopback:

curl -i -X POST http://localhost:8001/services \
  --data "name=admin-api" \
  --data "host=127.0.0.1" \
  --data "port=8001"

Add a route so the service is reachable on a path, for example /admin-api:

curl -i -X POST http://localhost:8001/services/admin-api/routes \
  --data "paths[]=/admin-api"

Protect the route with key-auth so it needs a key:

curl -i -X POST http://localhost:8001/services/admin-api/plugins \
  --data "name=key-auth"

In Apiable, set Url to the proxied Admin API, for example https://kong.example.com/admin-api, and set Key to a key-auth key you issue for this route.

How do you test and save the Kong connection?

Fill in all three fields, then click the refresh control labelled Test Connection. Apiable calls your Admin API URL with the key to confirm it works. A green check reads passed; a red mark reads failed. Then click Save Changes.

Enter Name, Url, and Key. Test Connection stays disabled until all three are filled.
Click the refresh control to run Test Connection. Apiable sends a request to your Admin API URL with the apikey header as the check.
Read the result: a green check means the test passed; a red mark means it failed.
Click Save Changes. The gateway appears on the API Gateways list with its Type, Created, and Edited times.

How do you point the Kong gateway at an Authorization Server?

Open the saved gateway and go to its Authorization tab. Choose the OAuth handler: Gateway-native only or Authorization Server. Picking Authorization Server reveals a picker of your connected servers.

Gateway-native Kong issues OAuth2 apps and JWT credentials through the Kong adapter. The tab also shows a Level 0 API Key section and a Product-level governance pairing mode, then Save Changes. See Authorization Servers.

Where do your Kong APIs appear after connecting?

They appear when you build a plan. Apiable lists your Kong services as APIs, and you choose which the plan exposes. The connect form itself only sets up the connection.

Apiable gates each plan with a Kong ACL group, so a consumer's key only reaches the services in plans they subscribe to. When a consumer subscribes, Apiable creates a Kong consumer, a key-auth key or OAuth2 app, ACL group membership, and the plan's rate-limiting. See APIs and coupling and Rate limits.

What does Apiable support on Kong today?

The core flow: connect the gateway, sync its services as APIs, and deploy subscriptions by creating Kong consumers, keys, ACL group membership, and rate-limiting. Several per-key operations are not yet implemented on Kong.

These operations are not yet implemented on Kong:

Rotating a subscription's secret.
Enabling or disabling an individual API key.
Validating that a plan already exists on the gateway.
Reading usage per plan or per key from the gateway.

Troubleshooting

Match what you see to the fix.

What you see	What to do
Test Connection is greyed out	One of the three fields is empty. Fill Name, Url, and Key.
Test Connection shows a red mark and failed	Apiable could not reach your Admin API. Check the Url is the Admin API base URL and reachable from Apiable, and that the Key is a valid admin key.
The Key field looks empty when you reopen the gateway	Key is write-only, so it is not returned to the form. Re-enter it if you need to test or save again.
Banner: your account does not have a sufficient role to manage gateway integrations	Your role cannot create or edit gateways. Ask an admin for the gateway management role, then reopen the form.
Selecting Kong Enterprise Edition does not open the connect fields	Use Kong Community Edition to open the Kong connect form. Both share the same fields and adapter.
The Kong type shows Coming soon and cannot be picked	Your plan does not include that gateway type. The API Gateways page shows how many gateways your plan allows.
Delete is disabled on the gateway's row menu	A plan still uses this gateway. Repoint or remove those plans, then delete the gateway.
Secret rotation or per-key enable and disable does nothing	Those per-key operations are not yet implemented on Kong. Use Amazon API Gateway if you need them.

Where to next

API Gateways

What a gateway integration does and which types Apiable supports.

APIs and coupling

Pick which of this gateway's APIs a plan exposes.

Rate limits

Set the per-plan rate limits Apiable applies on Kong.

Connect Apigee

The configure-along guide for an Apigee connection, field by field.