References:
- https://www.moesif.com/blog/technical/api-gateways/How-to-Choose-The-Right-API-Gateway-For-Your-Platform-Comparison-Of-Kong-Tyk-Apigee-And-Alternatives/#
- https://konghq.com/wp-content/uploads/2019/01/GigaOm-API-Platform-Benchmark-Kong-Apigee-1-25-19-1.pdf
- https://docs.apigee.com/private-cloud/v4.19.01/installation-requirements”
- https://docs.apigee.com/files/ApigeeEdgePrivateCloud-Install-Config-Guide_v3.pdf
- Apigee AIO installation
| Product | Apigee | Kong |
|---|---|---|
| Installation on AWS | no easy way on AWS requires creating a template, and Google is encouring Saas solution on Google cloud | Simple with cloudformation template with 2 nodes and a connection to RDS |
| Architecture | Edge UI, Edge Management Server, Cassandra, Qpid (analytics), Zookeeper, LDAP, Postgres (analytics) | OpenResty running on top of nginx Postgres or Cassandra for database |
| Deloyment of solution | SAAS on Google Cloud and on-premises Supports installations ranging from 2 hosts to 12 and more for HA installations in 2 datacenters |
Saas on AWS or on-premisesCan horizontally scale out by adding new nodes and connecting them to the databaseHA setup requires Cassandra as it’s able to replicate across data centersIt was very easy to install the free edition with cloudformation template. |
| My experience | Used the SAAS version on Google Cloud Tried rate limiting, API Key and tracing features |
The enterprise edition took longer time as it requires a specific rpm for OS and DB RHEL 8. Key authentication was very simple to activate https://docs.konghq.com/hub/kong-inc/key-auth/ Rate limiting |
| Hardware required | Even the demo requirements for a single machine are 8 Cores, 16GB RAM and 100GB disk space | Can run on 1 Core and 2 GB instance |
| Deployment of API proxies | Deployment of API Proxies is easy through UI | Requires posting to the API, there’s a UI available in the enterprise version. |
| Load Balancing | No need built in the Saas solution Also requires a load balancer for on premises |
Kong requires a Load Balancer to balance requests to Kong DNS: A record all nodes are equally treated SRV records has weights associated with each node Ring Balancer |
| Versioning | Can forward depending on header | Since 1.3 Kong can do it |
| Security/Authentication | Supports JWT, OAuth 1.0, OAuth 2.0, API Key | Plugins are available for Key authentication, JWT, OAuth 2.0, LDAP, CORS, Basic Auth, OpenID, Mutual TLS, Okta, Upstream TLS, JWT Signer are available in the Enterprise Edition |
| API Protection | Rate limiting, IP filtering, JSON, XML threat protection |
Rate limiting, Bot Detection, CORS, IP Restriction, Cleafy threat detection, Signal Sciences, Wallarm AI Powered |
| Protocols supported | SOAP, REST, HTTP, HTTPS | REST, HTTP, HTTPS, grpc, grpcs |
| Easy of use | Easy all the features are there and ready to use | Require activating plugins but this is easy to do |
| Performance | 14x slower than Kong according to article above There are more hops on Apigee because the router handles incoming API traffic from Load Balancer and then sends it to a Message Processor which forwards it to the backend system LB -> Router -> Message Processor -> Microservice |
Kong is 14x faster than Apigee 10x more scalable LB-> nginx -> Microservice Morel lightweight than Apigee |
| Rate limiting | Supported out of the box | Requires a plugin |
| Tracing requests | Supported easily with UI | Requires a plugin |
| Analytics | Build in | Plugin available |
| API Key | Supported out of the box | Plugin available |
| Maturity | Owned by Google, proven, large customers | Startup with 50M funding but still has some large clients such as Expedia, Yahoo Japan, Wework |