Zuplo vs Kong API Gateway

What are the key differences?#

With close to 40,000 GitHub stars and 400+ contributors, the folks behind Kong have definitely earned the right to call their open source project "The Cloud-Native API Gateway." Their reach and legacy is undeniable, but at Zuplo, we've approached the same concerns around API management and API gateways with more contemporary approaches that simplify deployments and err on the side of a smoother developer experience.

Our consistency of vision creates some pretty big differences when using Kong vs. Zuplo:

• DIY vs. managed (and multi-cloud) deployments
• Total cost of ownership
• Programmability and developer experience

DIY vs. fully-managed (and multi-cloud) deployments#

With four different "deployment topologies" and twelve installation options for bare metal or Kubernetes environments, Kong Gateway certainly offers flexibility. You can use a quickstart script and some Docker containers to try out Kong locally and build a proof of concept, but to migrate to production, you must make choices that may very well weigh you down with tech debt from Day 1.

As their documentation says of the topologies: "Each mode has benefits and limitations, so it is important to consider them carefully when deciding which mode to use to install Kong Gateway in production."

From there, you need to work through dozens of documentation pages to complete installation, set up access control, figure out networking, finish integrating with an existing Prometheus or Datadog instance for observability, and maintain the system you've created.

At Zuplo, we love self-hosting and have plenty of Kubernetes management time under our belts, but we don't think API developers should need to make such confining decisions or learn so much about Kubernetes operations just to launch enterprise-grade APIs. Instead, you build your APIs using industry standards like OpenAPI, with full ownership of your code in your Git provider of choice, and Zuplo takes care of instant deployments to 300+ data centers on the global edge.

Want to enable multi-cloud? With Kong, you'll need Kong Connect, which means installing and hosting your data plane nodes. With Zuplo, simply proxy your traffic to any backend, in any cloud, and our platform securely tunnels it with WireGuard technology.

Total cost of ownership#

Kong's spiraling decisions around deployment topologies and strategies majorly impact your bottom line. With Kong Connect Plus, you pay a separate fee for each cluster, environment, gateway service, and developer portal you need to support your API-first organization. Deploying a single API and developer portal costs around $650/month.

If you opt for the open source Kong Gateway, or license the enterprise edition of Kong to run on your own environment, you are still responsible for the total cost of self-hosting. You need to create new infrastructure to deploy Kong's components, all of which incurs tangible cloud hosting costs and intangible—and ongoing—operational and maintenance burden on your team.

Enabling high availability, for example, requires manually setting up many disparate nodes in multiple locations and with multiple cloud providers.

With Zuplo, the cost of deploying a single enterprise-grade API, complete with features like API key authentication and rate limiting, is as low as free. Simple as that.

Our serverless architecture, which deploys your APIs and custom gateway logic to more than 300+ data centers, already handles billions of requests/month for a single customer, with instant fail-over to the next-best edge location. We build high availability into every plan—even the free one.

Programmability and developer experience#

According to its documentation, Kong uses a "flexible, low-code, plug-in based approach" to implement your API traffic policies. In other words, everything happens through an API. While you might not be writing much code, you will spend lots of time in your terminal writing POST requests to Kong Gateway's Admin API using curl and its routes, parameters, and request bodies.

For example, a single API call enables basic API rate limiting in Kong at various levels (global, service, route, consumer).

curl -i -X POST http://localhost:8001/plugins \
	--data name=rate-limiting \
	--data config.minute=5 \
	--data config.policy=local

---

But if you want to enable dynamic rate limiting logic, such as applying different limits to different user tiers, you will need to:

1. Pay for the Rate Limiting Advanced plugin from Kong,
2. Decide which data store you'll use (and perhaps spin up a Redis instance),
3. Choose your rate limiting algorithm,
4. Tweak limits based on how your cluster scales,
5. Add rate limiting tiers with curl requests,
6. Manually add users to said tiers with even more curl, and
7. Figure out a way to synchronize the user-level data stored in your API gateway with your primary database.

We designed the Zuplo developer experience around familiar tools that sync with your existing workflows. With a few clicks, you can enable rate limiting per API, per user, or per API key, and all the configuration options are in easy-to-use JSON.

Layering in dynamic rate limiting requires no additional plugins or major architectural decisions. You can store tier information within each user's API keys, so you don't have to manage the data or worry about synchronization between your microservices and your API gateway. You can then implement custom logic in readable (and reviewable) TypeScript:

import { ZuploContext, ZuploRequest } from "@zuplo/runtime";

export function rateLimit(request: ZuploRequest, context: ZuploContext) {
  const user = request.user;

  // premium customers get 1000 requests per minute

  if (user.data.customerType === "premium") {
    return {
      key: user.sub,

      requestsAllowed: 1000,

      timeWindowMinutes: 1,
    };
  }

  // free customers get 5 requests per minute

  if (user.data.customerType === "free") {
    return {
      key: user.sub,

      requestsAllowed: 5,

      timeWindowMinutes: 1,
    };
  }
}

---

Even better, Zuplo syncs all your policies, even custom modules, with your Git provider of choice for version control, quality control checks, and repeatability—and full-on GitOps workflows, if that's your style.

What's next?#

Kong has deservedly staked a powerful claim in the API management platform space. Despite its impact, it remains expensive, cumbersome to deploy, and not designed for a contemporary developer experience in an API-first organization.

As an alternative to Kong, Zuplo redefines the API lifecycle to help you build consistent, secure, and resilient APIs using the tools developers already love—and it's already besting Kong in formal RFPs for its extensibility, lower TCO, and multi-cloud deployment options.

Build your first enterprise-grade API with Zuplo#

1. Import an OpenAPI spec or create new routes using Zuplo's UI. Zuplo automatically deploys your gateway and routes traffic to proxy traffic to your backend services.
2. Add sophisticated policies and features, like rate limiting or API key authentication, with a single click. Customize and program new logic with TypeScript and a GitOps-friendly workflow.
3. Share the automatically generated developer portal with end users to help them self-serve API keys and learn about your API with always-accurate documentation.