WSO2 APIMvsKongforcomparisioninproduct.pdf

API Development Portal

2
WSO2 KONG
API/ API Product Both API and API Products are available.
API Products bundle and manage multiple services. Each API
product consists of at least one API product version, and each
API product version is connected to a Gateway service
API Versioning
Supports API versioning via the API developer portal and
default versioning in runtime.
Supports API versioning. Doesn’t support default versioning
OOTB.
Collaborative API Development
Supports collaborative API development OOTB. APIs can be
shared between API developers.
API specification development can be done collaboratively
through the Kong konnect. Org admin can add teams and users
to grant access to entities.
API Lifecycle Management
Supports a well-designed and extensible platform for
lifecycle management.
Provides lifecycle management and APIOps enables an
end-to-end solution for API lifecycle management.
API Governance
Supports moving APIs across environments via an
import-export tool.
No information available.
API Visibility for Private vs Public APIs Supports API visibility via the API developer portal.
Doesn’t support this OOTB but teams concept can used to add
creating and managing API products
Mock API Implementation Capability Supports this OOTB.
No OOTB feature but support plugging to Provide mock
endpoints to test APIs in development against services
API Discovery and Search
A fully open source developer portal to discover APIs and
search by API consumers.
Limited capabilities and the developer portal is only available
for enterprise users.
API Linters for validating the API Specification Supports API Linters. Custom linter rules can be added. Linters are supported in Kong Insomnia.

Application Developer Portal

3
WSO2 KONG
API Categorization Supports tagging and categorizing APIs.
Supports only tagging for every entity. No
proper categorization support.
API Testing/Try-out Capabilities
An integrated API console to try out with
auto-generated parameters and bodies in the
console.
An integrated API console to try out but no
auto-generated parameters or bodies in the
console.
User Sign-up and Login, and Social Logins
Supports sign-up and several social logins
through WSO2 Identity Server, such as Twitter,
Facebook, and Google+
Supports user sign up and via google, github
and microsoft. No information on Social
logins.
Workflow Integrations
Supports many workflows including API lifecycle
state change, user signup, application creation,
key generation, and subscription.
Supports user signup, application creation
workflows. No information available on
other workflow integrations.
Collaborative Application Development Supports application sharing between consumers.No information available.
Reviews and Ratings
Allows users to post ratings and comments in the
Application developer portal.
No information available.
SDKs
Supports generating SDKs for APIs in the
Application developer portal.
No OOTB feature.

API Runtime - Security

4
WSO2 KONG
For Trusted Applications Supports password grant type.
Supports password grant type, but additional
steps are required.
For Untrusted Applications Supports authorization code grant type.
Supports authorization code grant type, but
additional steps are required.
For Insecure Applications Supports implicit grant type.
Supports implicit grant type, but additional
steps are required.
Security on B2B APIs
Supports basic and digest auth on backend
security and can support even OAuth and
NTLM via extensions.
Does not support this OOTB.
Transferring Security Context to Back-end
Services
Supports JWT with user/security information.
Does not support JWT sending to backend. Only
supports some headers with minimal
user/security information.
Threat Protection via Policies
Supports OOTB threat protection for SQL
injection and XML bombs.
Does not support threat protection OOTB. Only
third party plugins are available.
Single Usage Token
WSO2 APIM gateway supports single usage
tokens
No information available.

API Runtime - Rate Limiting

5
WSO2 KONG
Rate Limiting the Back-end Services
Uses access tokens to prevent DoS attacks and
supports backend protection for the whole API
without being client-oriented.

Supports configuring rate limiting policies via a UI.
Supports client-oriented rate limiting and
supports prevention of DoS attacks via
request bandwidth limiting.

Manage rate limiting using ip, credential,
consumer, service, or header.
Spike Arrest
Uses a spike arrest policy to protect against traffic
spikes and DoS attacks.
Can be configured only for client-oriented
spike arrests and not for all requests by the
API.
Rate limiting by region, device type, user
claims
Supports rate limiting by client and IP as well as
user claims.
Only supports either the client or IP and not
both.
Rate limiting by bandwidth consumption
Supports bandwidth based rate limiting for both
KB and MB.
Supports bytes, kilobytes, or megabytes..

API Runtime - Other

6
WSO2 KONG
Message Mediations and Transformation
Supports mediation and transformation
with OOTB mediators and allows custom
mediation as well.
Supports message transformations to a
limited extent (replacing headers, query
params, adding a new body).
SOAP to REST Supports this OOTB. Doesn’t support this OOTB.
REST to SOAP Supports this OOTB. Doesn’t support this OOTB.

Analytics

7
WSO2 KONG
API Related Analytics for API Developers
and Product Managers
Integrates with WSO2 Choreo Analytics to
provide comprehensive data. Available for
both open source and enterprise users.
Additionally ELK Based and DataDog
Based Analytics capability is available.
Supports this via Kong Konnect but
with limited features such as traffic,
latency and reports. Also Kong Vitals,
is deprecated.
Application Related Analytics for App
Developers
Integrates with WSO2 Choreo Analytics to
track app analytics such as top users,
resource usage and faulty invocations. This
is available for both open source and
enterprise users . Additionally ELK Based
and DataDog Based Analytics capability is
available.
Supports this via Kong Konnect
Analytics.
Fraud and Anomaly Detection
Latency alerts and traffic alerts can be
configured using Choreo Analytics.
Doesn’t support enhanced analytics
features for this purpose and has
limited support for this(Support bot
detection).
OpenTelemetry support Supports OpenTelemetry in WSO2 MI.
Supports OpenTelemetry in Kong
Gateway.

Message Transformation Capabilities

8
WSO2 KONG
Smooks support Smooks mediator provide smooks supportNot supported
Data mapping capability and tolling
support
Support data mapping between XML,
JSON and CSV data types and has tooling
support to map graphically and test.
Not supported
XSLT support
XSLT mediator can be used to transform
XML payloads.
Not supported
XQuery support
XQuery mediator can be used to perform
XQuery transformations.
Not supported
Xpath and JSONPath support
Support Xpath 1.0, 2.0 and JSONPath to
extract useful information from the
payloads.
Not supported
WSDL to REST conversion and tooling
support
Allows to create APIS from WSDL files in
tooling
Not supported
Capability to process CSV data
Have a separate CSV module with lot of
functionalities
Not supported
Templating language support like
freemarker
Support freemarker templating to
transform and create new payloads.
Not supported

Data Federation Capabilities

9
WSO2 KONG
Data-Services support
Can create data services using variety of
data sources like CSV, RDBMS, Excel
sheets and Google Sheets
Not supported
Data federation support
Provide a REST/SOAP interfaces to fetch
data from data services, irrespective of the
underlying database.
Not supported
Tooling support to data service creation
Provide automatic data service generation
support in tooling to quickly get start the
project.
Not supported

Customization Capabilities

10
WSO2 KONG
Secondary user stores
Able to configure JDBC and LDAP
secondary user stores
Not supported

WSO2 APK vs Kong (Kuma)
11
WSO2 APK Kong

Fully Open Source

Not fully Open Source

Provides Envoy based Gateway support

Does not provide Envoy based Gateway support

All crucial Gateway features like authentication and rate limiting
are available OOTB

The crucial Gateway features like authentication and rate
limiting are available only through plugins

Organizations support both data and execution isolation

Organizations (Workspaces in Kong) only supports gateway
configuration isolation.

wso2.com
Thanks!