Skip to main content


The Styra DAS Kong Gateway system type helps you manage the client API requests permitted within your OPA-integrated Kong Gateway. For example, permit API requests only to a predefined backend APIs to minimize the risk of data exfiltration or implement microservice API authorization.

Figure 1 - Kong Gateway Architecture for Ingress trafficFigure 1 - Kong Gateway Architecture for Ingress traffic

For more information on how OPA can be integrated with Kong Gateway for API authorization and enforce security policies over client API requests received by Kong Gateway, see the Kong Gateway tutorial.