Zuplo vs. Kong API Gateway

Zuplo is redefining what it means to be an API Management platform and is an alternative to Kong API Gateway. With Zuplo, you can easily build and share quality APIs with other developers. Compare features, pricing, deployment options, and customizability below.

Overview#

As an alternative to Kong, developers use Zuplo’s API management platform for its complexity-free architecture, seamless integration with the tools and workflows they know best, and developer portals with automatic Stripe-quality documentation.

What is Kong?#

Kong is an API management platform with multiple products for cloud native and microservices-based applications. Kong Gateway is an open source API gateway product “distinguished for its high performance and extensibility via plugins,” whereas Kong Mesh and Kong Connect extend the Gateway’s behavior with advanced features for security and governance.

What is Zuplo?#

Zuplo is a fully-managed API management platform that helps businesses become API-first. Developers use Zuplo to build new APIs, layering in security, custom policy, and API key authentication in minutes using familiar GitOps patterns and unlimited environments. Once deployed to 300+ edge data centers worldwide, Zuplo helps support the user’s journey with autogenerated Stripe-quality documentation.

What are the key differences?#

With close to 40,000 GitHub stars and 400+ contributors, the folks behind Kong have definitely earned the right to call their open source project “The Cloud-Native API Gateway.” Their reach and legacy is undeniable, but at Zuplo, we’ve approached the same concerns around API management and API gateways with more contemporary approaches that simplify deployments and err on the side of a smoother developer experience.

Our consistency of vision creates some pretty big differences when using Kong vs. Zuplo:

  • DIY vs. managed (and multi-cloud) deployments
  • Total cost of ownership
  • Programmability and developer experience

DIY vs. fully-managed (and multi-cloud) deployments#

With four different “deployment topologies” and twelve installation options for bare metal or Kubernetes environments, Kong Gateway certainly offers flexibility. You can use a quickstart script and some Docker containers to try out Kong locally and build a proof of concept, but to migrate to production, you must make choices that may very well weigh you down with tech debt from Day 1.

As their documentation says of the topologies: “Each mode has benefits and limitations, so it is important to consider them carefully when deciding which mode to use to install Kong Gateway in production.”

From there, you need to work through dozens of documentation pages to complete installation, set up access control, figure out networking, finish integrating with an existing Prometheus or Datadog instance for observability, and maintain the system you’ve created.

At Zuplo, we love self-hosting and have plenty of Kubernetes management time under our belts, but we don’t think API developers should need to make such confining decisions or learn so much about Kubernetes operations just to launch enterprise-grade APIs. Instead, you build your APIs using industry standards like OpenAPI, with full ownership of your code in your Git provider of choice, and Zuplo takes care of instant deployments to 300+ data centers on the global edge.

Want to enable multi-cloud? With Kong, you’ll need Kong Connect, which means installing and hosting your data plane nodes. With Zuplo, simply proxy your traffic to any backend, in any cloud, and our platform securely tunnels it with WireGuard technology.

Total cost of ownership#

Kong’s spiraling decisions around deployment topologies and strategies majorly impact your bottom line. With Kong Connect Plus, you pay a separate fee for each cluster, environment, gateway service, and developer portal you need to support your API-first organization. Deploying a single API and developer portal costs around $650/month.

If you opt for the open source Kong Gateway, or license the enterprise edition of Kong to run on your own environment, you are still responsible for the total cost of self-hosting. You need to create new infrastructure to deploy Kong’s components, all of which incurs tangible cloud hosting costs and intangible—and ongoing—operational and maintenance burden on your team.

Enabling high availability, for example, requires manually setting up many disparate nodes in multiple locations and with multiple cloud providers.

With Zuplo, the cost of deploying a single enterprise-grade API, complete with features like API key authentication and rate limiting, is as low as free. Simple as that.

Our serverless architecture, which deploys your APIs and custom gateway logic to more than 300+ data centers, already handles 3 billion requests/month for a single customer, with instant fail-over to the next-best edge location. We build high availability into every plan—even the free one.

Programmability and developer experience#

According to its documentation, Kong uses a “flexible, low-code, plug-in based approach” to implement your API traffic policies. In other words, everything happens through an API. While you might not be writing much code, you will spend lots of time in your terminal writing POST requests to Kong Gateway’s Admin API using curl and its routes, parameters, and request bodies.

For example, a single API call enables basic API rate limiting in Kong at various levels (global, service, route, consumer).

curl -i -X POST http://localhost:8001/plugins \
	--data name=rate-limiting \
	--data config.minute=5 \
	--data config.policy=local

But if you want to enable dynamic rate limiting logic, such as applying different limits to different user tiers, you will need to:

  1. Pay for the Rate Limiting Advanced plugin from Kong,
  2. Decide which data store you’ll use (and perhaps spin up a Redis instance),
  3. Choose your rate limiting algorithm,
  4. Tweak limits based on how your cluster scales,
  5. Add rate limiting tiers with curl requests,
  6. Manually add users to said tiers with even more curl, and
  7. Figure out a way to synchronize the user-level data stored in your API gateway with your primary database.

We designed the Zuplo developer experience around familiar tools that sync with your existing workflows. With a few clicks, you can enable rate limiting per API, per user, or per API key, and all the configuration options are in easy-to-use JSON.

Layering in dynamic rate limiting requires no additional plugins or major architectural decisions. You can store tier information within each user’s API keys, so you don’t have to manage the data or worry about synchronization between your microservices and your API gateway. You can then implement custom logic in readable (and reviewable) TypeScript:

import { ZuploContext, ZuploRequest } from "@zuplo/runtime";
 
export function rateLimit(request: ZuploRequest, context: ZuploContext) {
  const user = request.user;
 
  // premium customers get 1000 requests per minute
 
  if (user.data.customerType === "premium") {
    return {
      key: user.sub,
 
      requestsAllowed: 1000,
 
      timeWindowMinutes: 1,
    };
  }
 
  // free customers get 5 requests per minute
 
  if (user.data.customerType === "free") {
    return {
      key: user.sub,
 
      requestsAllowed: 5,
 
      timeWindowMinutes: 1,
    };
  }
}

Even better, Zuplo syncs all your policies, even custom modules, with your Git provider of choice for version control, quality control checks, and repeatability—and full-on GitOps workflows, if that’s your style.

Detailed API management platform comparison: Zuplo vs. Kong#

ZuploKong
Cost- Free up to 100K req/month
- $25/month to add a custom domain
- $500/month for up to 1M requests/month 99% SLA
- Enterprise package for 99.9% SLA
Pay for each cluster, environment, plugin, developer portal, in addition to requests and analytics data. Deploying a single API and developer portal costs around $650/month.
Deployment optionsFully-managed and auto-scaled, with deployments to 300+ edge data centers for 50ms response times around the world.Deploy Kong Gateway to your existing Kubernetes clusters manually—manage uptime, resiliency, and scale yourself.
SecuritySecure tunneling connection based on WireGuard technology to secure backend connections on private or public clouds.Self-manage security between the Kong Gateway and your backend using a service mesh or other tunneling/mTLS provider.
Rate limitingOne-click support for per API, per user, or per API key rate limits, or dynamic customizations with TypeScript.Enable global, service-level, route-level, or consumer-level rate limits by sending curl requests to the Admin API.
GitOps supportGateway configurations are stored in version control-friendly files, and Git integrations sync desired state with existing CI/CD pipelines.Reconfigure Kong Gateway to operate in DB-less mode or build a custom integration with GitHub Actions or another CI/CD platform.
Customization & programmabilityTypeScript-based policy and business logic customizations that deploy and run natively on the API gateway.Write custom plugins for the Kong Gateway, which requires familiarity with Lua.
AuthenticationSupport for API key and JWT management, and external identity providers. Includes unlimited keys, end-user self-service, rate limiting per API key, and open-source React integrations.Support via plugins for API keys, JWTs, HMAC, LDAP,  OpenID Connect, and others.
Developer environmentsUnlimited environments for previews, testing, and production created in seconds by creating a new Git branch.Manage, deploy, and pay for multiple environments.
OpenAPI supportSupport for importing OpenAPI definition for API-first workflows. Additional policies support OpenAPI compliance with request/response inspection.Existing OpenAPI definitions must be converted to a proprietary format.
Stripe-like developer portalAutomatic builds and deployments using an OpenAPI definition, with built-in API key authentication, for beautiful documentation.Build manually after writing documentation and uploading an OpenAPI definition.
Multi-cloudRoute to multiple backends with unified API policies for consistent authentication, logging, metrics, and more.Deploy Kong to multiple cloud providers and build connectivity/integration yourself.
High availabilityBuilt-in and included in all tiers.Yes, if you pay extra and handle management.
Integrated Web Application Firewall (WAF)Built-in for all edge deployments, in partnership with Cloudflare.None.

What’s next?#

Kong has deservedly staked a powerful claim in the API management platform space. Despite its impact, it remains expensive, cumbersome to deploy, and not designed for a contemporary developer experience in an API-first organization.

As an alternative to Tyk, Zuplo redefines the API lifecycle to help you build consistent, secure, and resilient APIs using the tools developers already love—and it’s already besting Kong in formal RFPs for its extensibility, lower TCO, and multi-cloud deployment options.

Build your first enterprise-grade API with Zuplo#

  1. Import an OpenAPI spec or create new routes using Zuplo’s UI. Zuplo automatically deploys your gateway and routes traffic to proxy traffic to your backend services.
  2. Add sophisticated policies and features, like rate limiting or API key authentication, with a single click. Customize and program new logic with TypeScript and a GitOps-friendly workflow.
  3. Share the automatically generated developer portal with end users to help them self-serve API keys and learn about your API with always-accurate documentation.

Designed for Developers, Made for the Edge