Automating the creation of APIs in Kong
Process automation is a constant exercise, we should be always aware of opportunities to automate tasks and optimize processes. And with this post, we want to share one of those occasions, which was the creation of a simple but effective tool to validate and import Open APIs (Swagger) into the Kong API Gateway, optimizing the deployment process of our customers.
At first glance, creating APIs seems an easy task to be performed by a member of the development team, however, with an increasing number of APIs, it can end up being a repetitive, costly and error prone proccess. In addition, developers already invest time to design great contracts with API First, why not automate their import as well?
With this need in mind, we created the Swagger to Kong.
The tool’s name is as simple as the its complexity, implemented in Python and making use of known libraries, has the main features:
- Validation of Open API and Swagger definitions
- Importing APIs into Kong using good practices
- Support for json and yaml formats
- Provisioning Kong plugins (enable API Security, monitoring, etc.)
- Supports variable interpolation to contemplate url from different environments, for example: dev, hom, prd, etc.
Using the Tool
The tool can easily run with Docker, but for this you need the following requirements:
- Docker installed
- Kong API Gateway in operation
- Konga up and running, to easily check the imported API
Validating the Open API / Swagger
The validation it is an important step to guarantee the compliance with the Open API specification, and can be performed as follows:
- Obtain an Open API, for example, petstore-v3.0.yaml
- Remove the openapi (first) element for test purpose
- Run Open API validation:
4. Checking the Result
ERROR in “/etc/openapi/spec.file” [ValidationError]: Could not determine specification schema version!
Importing Open API / Swagger into Kong
- Importing petstore-v3.0.yaml
2. Checking APIs created through Konga UI
Importing Open API / Swagger into Kong with Plugins
The Kong plugins can be defined via json, and the tool makes use of this functionality and combines the routes and plugins through regular expressions. This allows, for example, provisioning security in all APIs through the jwt-keycloak, or prometheus metrics, as follows:
- Define prometheus plugin for all the petstore routes (.*)
2. Importing petstore-v3.0.yaml with the prometheus plugin definition
3. Checking APIs created through Konga UI
As a result of a simple automation, we had feedback that developers can now consume this time with other important business tasks, as well as using the tool for provisioning and local testing with the API First pattern. This also motivated other initiatives that generated more value for customers:
- Pipeline Integration: With steps contract validation and automatic import into API Gateway in environments, on every git commit
- API Security: Authorization and authentication with OAuth2 and Keycloak through plugins, ensuring the security of the APIs in the delivery pipeline
- Improved API governance with OPA (Open Policy Agent) and Spectral, enforcing Open API Specification with custom validations