---
title: Kong API gateway integration
description: Ping Identity provides the ping-auth Kong Gateway integration plugin, which enables PingAuthorize to be used for attribute-based access control and policy decisions.
component: pingauthorize
version: 11.0
page_id: pingauthorize:pingauthorize_integrations:paz_kong_gateway_integration
canonical_url: https://docs.pingidentity.com/pingauthorize/11.0/pingauthorize_integrations/paz_kong_gateway_integration.html
revdate: July 12, 2023
---

# Kong API gateway integration

Ping Identity provides the `ping-auth` Kong Gateway integration plugin, which enables PingAuthorize to be used for attribute-based access control and policy decisions.

Integration with Kong Gateway allows PingAuthorize to handle the complexities of attribute-based access control and dynamic authorization, making it easier for you to control access to your application programming interface (API) *(tooltip: \<div class="paragraph">
\<p>A specification of interactions available for building software to access an application or service.\</p>
\</div>)* resources. Instead of configuring policies multiple times, deploy the Kong Gateway integration once and manage your policy rules in PingAuthorize.

The following are important to consider when using the `ping-auth` Kong Gateway integration plugin for PingAuthorize:

* Mutual TLS (mTLS)

  This plugin supports client certificate authentication using mTLS. However, this feature requires using the `mtls-auth` plugin, only available in the enterprise edition of Kong, in conjunction with `ping-auth`. For more information, see the [Kong mTLS documentation](https://docs.konghq.com/hub/kong-inc/mtls-auth/). When configured, `mtls-auth` uses the mTLS process to retrieve the client certificate, which allows `ping-auth` to provide the certificate in the `client_certificate` field of the sideband requests.

* Transfer-encoding

  Because of an outstanding defect in Kong, `ping-auth` is unable to support the Transfer-Encoding header, regardless of the value.

* Logging limit

  Because of OpenResty's log level limit, log messages are limited to 2048 bytes by default, which is less than the size of many requests and responses. For more information, see the [OpenResty reference documentation](https://openresty-reference.readthedocs.io/en/latest/Lua_Nginx_API/#ngxlog).