# Kong Gateway MCP

> Kong Gateway MCP connects your AI agent directly to your API management layer. Manage all aspects of your traffic flow—from creating new services and defining routes to updating certificates and monitoring system health—using natural conversation instead of cURL commands or dashboard clicks.

## Overview
- **Category:** friends-mcp
- **Price:** Free
- **Tags:** api-gateway, microservices, traffic-management, rest-api, infrastructure-as-code, load-balancing

## Description

You can use this MCP to take full control of your entire API infrastructure lifecycle right from any chat interface. Instead of logging into a complex dashboard just to check if an endpoint is working, you tell your agent what you need done. It handles the details: defining new upstream services, setting up consumer access policies, or checking rate limiting plugins. Your AI acts like a dedicated DevOps engineer, letting you list all active routes and then create updates on the fly. When you connect this MCP via Vinkius, you gain visibility into everything, from managing SSL/TLS certificates to ensuring load balancing targets are healthy. It simplifies massive infrastructure tasks down to simple conversation.

## Tools

### create_certificate
Generates a new SSL/TLS certificate for use within Kong.

### create_consumer
Registers and creates a new API consumer identity in the gateway.

### create_plugin
Adds a specific functional plugin, like rate limiting or logging, to the system.

### create_route
Establishes a new rule that directs incoming API traffic to a specific service.

### create_service
Defines a new upstream backend service that the gateway will proxy requests to.

### create_sni
Sets up a new Subject Name Ind used for virtual hosting on certificates.

### create_target
Adds a specific backend server address that an upstream can connect to.

### create_upstream
Sets up a new group of backend servers (upstreams) for load balancing.

### delete_certificate
Removes an existing SSL/TLS certificate from the gateway configuration.

### delete_consumer
Permanently removes a registered API consumer identity.

### delete_plugin
Deactivates and removes a plugin from the gateway's configuration.

### delete_route
Removes an existing traffic routing rule from the system.

### delete_service
Deletes a defined backend service, stopping all associated routes.

### delete_sni
Removes an existing Subject Name Ind from the gateway configuration.

### delete_target
Removes a specific backend server address from an upstream group.

### delete_upstream
Deletes the entire upstreams definition, taking down associated targets.

### get_certificate
Retrieves all details for a specific SSL/TLS certificate.

### get_consumer
Fetches the full profile and policy details for an API consumer.

### get_info
Retrieves high-level operational information about the Kong node instance.

### get_plugin
Gets detailed configuration and status for a specific plugin.

### get_route
Fetches all current routing rules, including their conditions and targets.

### get_service
Retrieves the configuration details for a specific backend service.

### get_sni
Gets the Subject Name Ind details, including which certificates it applies to.

### get_status
Checks the overall operational status of the Kong gateway node.

### get_upstream
Retrieves information about a defined upstream group, including its targets.

### list_certificates
Lists every certificate currently configured on the gateway.

### list_consumers
Provides a list of all active API consumers and their current policies.

### list_plugins
Lists every plugin currently installed and configured on the gateway.

### list_routes
Shows all active routing rules that are directing traffic through the gateway.

### list_services
Lists every defined backend service endpoint available for proxying.

### list_snis
Shows all configured Subject Name Inds used for virtual hosting.

### list_targets
Lists all backend server targets associated with a specific upstream group.

### list_upstreams
Displays every defined upstreams cluster used for load balancing.

### update_certificate
Modifies parameters on an existing SSL/TLS certificate, like renewal dates or keys.

### update_consumer
Changes the policy or scope for an already created API consumer.

### update_plugin
Adjusts settings on a plugin, such as modifying rate limit thresholds.

### update_route
Modifies the rules or destination of an existing traffic route.

### update_service
Updates the connection details for a service, like changing its target host.

### update_sni
Changes metadata on an existing Subject Name Ind record.

### update_upstream
Modifies the settings for a backend upstreams cluster, like adding new targets.

## Prompt Examples

**Prompt:** 
```
List all services currently configured in Kong.
```

**Response:** 
```
I've retrieved the services. You have 3 services configured: 'billing-api', 'users-service', and 'inventory-proxy'. Would you like to see the details for any of them?
```

**Prompt:** 
```
Create a new service named 'auth-api' pointing to 'http://auth.internal'.
```

**Response:** 
```
Service 'auth-api' has been successfully created with ID '8273-abc-123'. It is configured to point to 'http://auth.internal' on port 80. Should I create a route for this service now?
```

**Prompt:** 
```
What is the current status of my Kong Gateway node?
```

**Response:** 
```
The Kong node is healthy. Database is reachable, and there are currently 124 active connections. The server has been up for 14 days.
```

## Capabilities

### Establish New API Services
Define and configure new backend services that your APIs will connect to.

### Control Traffic Routing Rules
Set up specific rules, like path matching or header checking, that guide incoming traffic to the correct service.

### Manage Client Access
Create and track API consumers, defining which applications are allowed to hit your gateway.

### Secure Endpoints
List, update, or create SSL certificates and SNIs to ensure all traffic is encrypted.

### Monitor Gateway Health
Retrieve real-time status information on the entire Kong instance, including connection counts and uptime.

## Use Cases

### The Certificate Renewal Headache
The security team knows the certificates are expiring next week. Instead of logging into a separate certificate management portal, they ask their agent to list_certificates and then use update_certificate on the expired key, getting confirmation it's ready for deployment.

### Adding a New Microservice
A developer needs a new endpoint. They tell the agent to create_service first, pointing it to the internal IP. Then they use create_route to funnel traffic from `/v2/new` to that service definition.

### Revoking Client Access
A client account is compromised. Instead of manually finding and deleting their credentials, an architect uses the agent to get_consumer details, confirms the scope, and then executes delete_consumer immediately.

## Benefits

- You instantly audit security rules. Instead of running `curl` commands against a dashboard to check consumer access, you ask for details using get_consumer or list_consumers.
- Maintenance is faster and safer. Need to change where traffic goes? Use the agent to update_route or create_service instead of manually editing configuration files and risking downtime.
- Keep your system secure without leaving your terminal. Check gateway status with get_status or list_certificates, getting real-time data instantly as if you were running a simple command.
- Scaling load balancing is straightforward. You can list_upstreams and then use update_upstream to add targets or modify health checks across entire clusters.
- Debugging traffic flow gets easy. If something breaks, you can get_route to see the exact rules in place and pinpoint which service definition needs fixing.

## How It Works

The bottom line is that your agent handles all the API calls and complex data structures behind the scenes, letting you talk shop instead of writing scripts.

1. Provide your agent with your Kong Admin URL and any necessary admin tokens.
2. Tell your agent the infrastructure change you need—for example, 'Create a new service for user profiles pointing to auth.internal.'
3. The MCP executes the request, confirming if the Service, Route, or Consumer was created, updated, or deleted.

## Frequently Asked Questions

**How do I list all services with Kong Gateway MCP?**
You use the list_services tool. This gives you a comprehensive rundown of every backend service defined on your gateway that can accept traffic.

**Can I delete a route using the get_route or list_routes tools?**
No, those tools only read data. To remove a rule, you must use the delete_route tool to properly decommission the specific traffic path.

**What's the difference between create_upstream and update_upstream?**
create_upstream sets up an entirely new cluster of backend servers. update_upstream modifies an existing cluster, perhaps by adding or removing targets without affecting its core definition.

**How do I check if a consumer exists using get_consumer?**
You provide the Consumer ID to get_consumer. It returns the full profile and status, confirming whether the account is active and what policies apply.

**How do I check which SSL/TLS certificates are available using list_certificates?**
It lists every configured certificate. This lets you confirm that your API endpoints have the necessary secure keys for communication.

**If I want to implement rate limiting, how does create_plugin help me manage policies?**
You use this tool to deploy specific plugins like Rate Limiting or Authentication. Once a plugin is active, you control its policy settings for the entire gateway.

**What process should I follow if I need to add new backend endpoints using list_targets?**
You first define an upstream group, and then use this command. It connects the logical service definition to a specific set of live server addresses.

**How do I check the general operational health of my Kong Gateway node using get_status?**
This command returns real-time performance data for your entire gateway instance. You can quickly verify active connections and overall stability without checking logs.

**How can I check if my Kong Gateway instance is running correctly?**
You can use the `get_status` tool. It will return the current status of the Kong node, including database connectivity and server metrics.

**Can I list all the plugins currently enabled on my gateway?**
Yes! Use the `list_plugins` tool to retrieve a complete list of all configured plugins across your entire Kong instance.

**Is it possible to create a new service and its route through the AI?**
Absolutely. You can use `create_service` to define your upstream and then `create_route` to specify how traffic should reach that service.