20 Kong API Gateway Interview Questions and Answers

Prepare for the types of questions you are likely to be asked when interviewing for a position where Kong API Gateway will be used.

Kong is a popular open-source API gateway. It is used by many large companies as a way to manage, monitor and secure their APIs. If you are applying for a position that involves working with Kong, you should expect to be asked questions about it during your interview. In this article, we will review some of the most common Kong interview questions and provide tips on how to answer them.

Kong API Gateway Interview Questions and Answers

Here are 20 commonly asked Kong API Gateway interview questions and answers to prepare you for your interview:

1. What is Kong API Gateway?

Kong is an API gateway that helps you manage your API traffic. It provides features like rate limiting, authentication, and monitoring. Kong can be used as a standalone gateway or as a plugin in an existing gateway.

2. What are the main features of Kong API Gateway?

Kong API Gateway is an open source API gateway that is built on top of NGINX. It provides a number of features that are useful for API management, such as rate limiting, authentication, and logging. It also has a plugin architecture that allows developers to extend its functionality.

3. Can you explain what a plugin is in context with Kong API Gateway?

A plugin is a piece of software that extends the functionality of Kong. Kong plugins can add new features or modify existing ones. For example, the rate-limiting plugin can be used to limit the number of requests that a client can make to an API.

4. How many types of plugins does Kong support?

Kong supports four types of plugins: security, traffic control, transformation, and authentication. Each type of plugin serves a different purpose, and can be used to customize the functionality of Kong.

5. What is an API in the context of Kong API Gateway?

An API is an interface that allows two pieces of software to communicate with each other. In the context of Kong API Gateway, an API is a set of rules that govern how Kong will interact with a particular upstream service.

6. Is it possible to add multiple plugins for a single API in Kong?

Yes, it is possible to add multiple plugins for a single API in Kong. This can be useful if you want to add multiple layers of protection or functionality to an API. For example, you could add a plugin that rate limits requests, and another plugin that authenticates users.

7. Can you give me some examples of plugins used within Kong?

Kong plugins are used to extend the functionality of the Kong API gateway. Some common plugins include the rate limiting plugin, which allows you to control the rate at which users can access your API, and the CORS plugin, which allows you to control which cross-origin requests are allowed to access your API.

8. Can you explain how authentication works in Kong?

Kong supports multiple authentication methods, including Basic Auth, JWT, and OAuth 2.0. Basic Auth is the simplest form of authentication, and works by sending a username and password with each request. JWT works by sending a signed JSON token with each request. OAuth 2.0 is a bit more complex, and involves sending a bearer token with each request.

9. What’s the difference between basic and key authentication in Kong?

Basic authentication is the simplest form of authentication, where a username and password are sent with each request. Key authentication is more secure, as it uses a unique key that is generated for each user. This key is then used to sign each request, so that the server can verify that it came from a legitimate user.

10. What is rate limiting and why is it important?

Rate limiting is a technique used to control the amount of traffic that is allowed to flow into or out of a system. This is important because it helps to prevent denial of service attacks, and it also helps to ensure that the system is not overwhelmed by too much traffic.

11. How do admin APIs work in Kong?

Admin APIs are used to manage and configure Kong, as well as to retrieve information and statistics about Kong and its usage. Admin APIs are only accessible to users with the appropriate credentials, and they are not meant to be used by end users of Kong.

12. What is the RESTful Admin API?

The RESTful Admin API is an interface that allows you to manage and configure Kong from a remote location. This is useful if you want to automate the management of your Kong gateway or if you need to manage Kong from a central location. The RESTful Admin API is accessed via HTTP, and it uses standard HTTP methods like GET, POST, PUT, and DELETE.

13. What is the process of installing Kong on Ubuntu or Debian Linux?

The process of installing Kong on Ubuntu or Debian Linux is relatively simple. First, you will need to download the Kong package from the Kong website. Next, you will need to unzip the package and navigate to the Kong directory. From there, you will need to run the “” script. Once the installation is complete, you will need to start Kong by running the “kong start” command.

14. What is the purpose of running migrations when using Kong?

Migrations are used to update the Kong database schema to the latest version. This is necessary when upgrading to a new version of Kong, as the database schema may have changed. Migrations are run automatically when Kong is started, but can also be run manually using the kong migrations command.

15. When should I use Postgres over Cassandra as my datastore?

There is no definitive answer to this question, as it depends on a number of factors specific to your application. In general, Postgres may be a better choice if you need ACID compliance, complex queries, or if you are dealing with large amounts of data. Cassandra may be a better choice if you need high availability, scalability, or if you require real-time data.

16. Can you explain the different methods available for deploying Kong?

Kong can be deployed using a few different methods, depending on your needs. You can install Kong using a package manager like Homebrew, or you can download the binary directly from the Kong website. You can also use Docker to deploy Kong, or deploy it using a cloud service like AWS.

17. Why should I use Kong instead of other similar solutions like Zuul, Tyk, etc.?

Kong is a popular open-source API gateway because it is lightweight, scalable, and easy to use. It has a wide range of plugins that allow you to customize its functionality, and it also has a large and active community that can provide support and help you troubleshoot issues.

18. Where can I find more information about Kong?

The Kong website ( is a great place to start. You can also find helpful information in the Kong GitHub repository (

19. In terms of performance, which one is better: Nginx or Kong?

There is no definitive answer to this question as it depends on a number of factors, including the specific use case. Generally speaking, Nginx is considered to be more lightweight and efficient, while Kong is more feature-rich and scalable.

20. What are the differences between OpenResty, NGINX, and LuaJIT?

OpenResty is a web application server built on top of NGINX and LuaJIT. It combines the power of NGINX with the flexibility of Lua to create a lightweight and high-performance web server. NGINX is a web server and reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols. It is also a load balancer and an HTTP cache. LuaJIT is a Just-In-Time compiler for the Lua programming language. It is designed to improve the performance of Lua programs by compiling them to native machine code.


20 Azure Pipelines Interview Questions and Answers

Back to Interview

20 API Gateway Interview Questions and Answers