The DataDome plugin is developed in Lua and integrates smoothly with Kong (no IPC - interprocess communication)

The script will hook into the request/response of an API request and it is executed for every request from a client and before it is being proxied to the upstream on the access phase (see details here).

Compatibility

Kong Gateway OSS (Open Source)
Kong Konnect (Version managed by KongHQ)

Installation

On each node (data plane), run the following command:

sudo luarocks install kong-plugin-datadome

Configuration

Loading the plugin

Add DataDome to the plugin's list

You can choose one of the options below:

Kong configuration file (on each Kong node): comma separated list with all your plugins, please add datadome

plugins = plugin1,plugin2,datadome

Environment variable (KONG_PLUGINS) : comma separated list with all your plugins, please add datadome

KONG_PLUGINS = plugin1,plugin2,datadome

Apply the plugin

You can restart kong:

 kong restart

Or, if you want to apply a plugin without stopping Kong:

 kong prepare
 kong reload

More detailed information on Kong official documentation here

Enable DataDome Bot Protection to your API

DataDome Server Side Key is available inside your Dashboard > Integrations

Option 1 : Kong Open Source

If you already have an API configured, execute the command below replacing the following <values>

curl -i -X POST http://localhost:8001/services/<YOUR_API>/plugins \
     -F "name=datadome" \
     -F "config.datadome_server_side_key=<server_side_key>"

Option 2 : Kong Konnect

Ask your Kong Account Manager or CSM to enable DataDome plugin in your tenant
Depending where you want to enable DataDome (Globally or at services level), select Plugins

Click + New Plugin

On Custom Plugins, select DataDome

Fill Datadome Server Side Key
Save

You are now protected by DataDome Bot & Fraud Protection

Settings

Setting	Description	Required	Default Value
datadome_server_side_key	your DataDome License key	yes
datadome_endpoint	hostname of the API Server Available endpoints	no	`api.datadome.co`
datadome_timeout	Timeout for regular API calls	no	`150` (in milliseconds)
datadome_url_pattern_inclusion	Regular expression to include URLs	no
datadome_url_pattern_exclusion	Regular expression to exclude URLs	no	List of excluded static assets below

"\\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js|map|json)$"

Settings example:

curl -i -X POST http://localhost:8001/services/<YOUR_API>/plugins \
     -F "name=datadome" \
     -F "config.datadome_server_side_key=<server_side_key>" \
     -F "config.datadome_timeout=150" \

FAQ

How do I activate debug logs?

To activate the debug level, you can choose one of the options below:

Kong configuration file

log_level = debug

Environment variable

KONG_LOG_LEVEL=debug

The debug level allows you to see:

all the plugins loaded
DataDome verbose mode