Kong Inc. integrates API and identity management

Kong Inc. announced the integration of Kong Identity within Kong Konnect, its unified Application Programming Interface (API) and Artificial Intelligence (AI) platform, on October 14, 2025, during API Summit 2025. This new feature combines API and identity management to provide secure, seamless, and scalable machine-to-machine (M2M) API access without relying on third-party Identity Provider (IdP) services.

The integration addresses the increasing API traffic driven by autonomous systems and AI agents. Many organizations currently face challenges in securely managing this access. Kong Identity offers every automated client a unique and verifiable identity, implementing strict authentication and authorization processes at the API gateway, thereby mitigating potential risks associated with Machine-to-Machine Communication (M2M) communication.

Kong Identity utilizes the Open Authorization 2.0 (OAuth 2.0) standard in conjunction with OpenID Connect (OIDC), enabling authentication directly at the API gateway. This approach reduces backend load while maintaining security protocols and simplifying service architecture. Reza Shafii, Senior Vice President of Product at Kong Inc., stated, “Kong Identity changes how organizations manage machine identity and API security. By consolidating these critical functions, Kong Konnect empowers teams to take full control of M2M API access, ensuring every API client is authenticated and authorized with precision.”

Kong Identity allows users to create and manage authorization servers per region, define client identities and permissions, generate dynamic JSON Web Tokens (JWTs), and facilitate self-service application provisioning through Dynamic Client Registration integrated with the Konnect Developer Portal. This comprehensive solution supports robust security controls while streamlining application onboarding and API management.

As part of the broader Kong Konnect platform, Kong Identity integrates with existing identity providers for human users and provides a specific solution for digital clients, centralizing API traffic and security policy management.