Kong
DataDome Kong Plugin build detects and protects against bot activity
The DataDome plugin is developed in Lua and integrates smoothly with Kong (no IPC - interprocess communication)
The script will hook into the request/response of an API request and it is executed for every request from a client and before it is being proxied to the upstream on the access phase (see details here).
Compatibility
- Kong Gateway OSS (Open Source)
- Kong Konnect (Version managed by KongHQ)
Installation
On each node (data plane), run the following command:
sudo luarocks install kong-plugin-datadome
Configuration
Loading the plugin
Add DataDome to the plugin's list
You can choose one of the options below:
- Kong configuration file (on each Kong node): comma separated list with all your plugins, please add datadome
plugins = plugin1,plugin2,datadome
- Environment variable (KONG_PLUGINS) : comma separated list with all your plugins, please add datadome
KONG_PLUGINS = plugin1,plugin2,datadome
Apply the plugin
You can restart kong:
kong restart
Or, if you want to apply a plugin without stopping Kong:
kong prepare
kong reload
More detailed information on Kong official documentation here
Enable DataDome Bot Protection to your API
DataDome Server Side Key is available inside your Dashboard > Integrations
Option 1 : Kong Open Source
If you already have an API configured, execute the command below replacing the following <values>
curl -i -X POST http://localhost:8001/services/<YOUR_API>/plugins \
-F "name=datadome" \
-F "config.datadome_server_side_key=<server_side_key>"
Option 2 : Kong Konnect
- Ask your Kong Account Manager or CSM to enable DataDome plugin in your tenant
- Depending where you want to enable DataDome (Globally or at services level), select Plugins
- Click + New Plugin
- On Custom Plugins, select DataDome
- Fill Datadome Server Side Key
- Save
You are now protected by DataDome Bot & Fraud Protection
Settings
| Setting | Description | Required | Default Value |
|---|---|---|---|
| datadome_server_side_key | your DataDome License key | yes | - |
| datadome_endpoint | hostname of the API Server Available endpoints | no | api.datadome.co |
| datadome_timeout | Timeout for regular API calls | no | 150 (in milliseconds) |
| datadome_url_pattern_inclusion | Regular expression to include URLs | no | - |
| datadome_url_pattern_exclusion | Regular expression to exclude URLs | no | List of excluded static assets below |
"\\.(avi|flv|mka|mkv|mov|mp4|mpeg|mpg|mp3|flac|ogg|ogm|opus|wav|webm|webp|bmp|gif|ico|jpeg|jpg|png|svg|svgz|swf|eot|otf|ttf|woff|woff2|css|less|js|map|json)$"
Settings example:
curl -i -X POST http://localhost:8001/services/<YOUR_API>/plugins \
-F "name=datadome" \
-F "config.datadome_server_side_key=<server_side_key>" \
-F "config.datadome_timeout=150" \
FAQ
How do I activate debug logs?
To activate the debug level, you can choose one of the options below:
log_level = debug
KONG_LOG_LEVEL=debug
The debug level allows you to see:
- all the plugins loaded
- DataDome verbose mode
Updated about 1 month ago