See your APIs like an attacker does.  Get a free API Attack Surface Assessment

Effortless API protection for modern gateways

Kong routes your APIs. Salt secures them. Together, we provide full-lifecycle API protection, with rapid deployment, rich visibility, and advanced threat prevention, all without degrading performance.

See it in action

Why Salt + Kong?

Kong is a powerhouse for API traffic control. Salt adds the intelligence and protection needed to stop today’s most complex threats, with seamless, frictionless integration:

  • Instantly discover every API routed through Kong, even undocumented, shadow, or zombie APIs
  • Detect business logic abuse, data scraping, and BOLA attacks that bypass traditional tools
  • Establish API posture baselines and detect misconfigurations or drift
  • Enforce runtime protections by sending block commands to Kong
  • Uncover sensitive data exposure and track compliance with automated classification

Designed for fast, flexible deployment

Salt integrates with Kong via plugin or sidecar collector — no agents, no code changes, no inline risk:

Deploy in minutes with a few simple config steps
Passively mirror traffic over secure HTTPS via Salt’s HTTP connector
No impact on performance, no need to route traffic through Salt
“We went from install to insights in under an hour — Salt’s Kong plugin made it seamless to get value immediately.”

Key benefits

Rapid integration:
Plug-and-protect in minutes using the Salt Kong plugin
Frictionless operation:
Fully passive traffic mirroring keeps app performance untouched
Continuous API discovery:
Automatically detect new, changed, or third-party APIs
Posture & compliance:
Enforce API governance standards and monitor sensitive data
Real-time threat detection:
Identify and stop low-and-slow logic attacks missed by WAFs
Developer-friendly feedback:
Deliver actionable insights to harden APIs early in the SDLC

Salt + Kong offers a modern, efficient approach to secure API growth without the operational overhead. Don’t let visibility or security gaps hold you back. Secure your APIs at scale, faster.

Ready to see us in action?

Schedule a demo today to see ways to protect yourself from the API threat vector.

Book a demo