News KrakenD EE 2.2 released, and it's supercharged! …

KrakenD Enterprise 2.1 released

by Albert Lombarte

Oct 28, 2022

6 min read

The KrakenD team is pleased to announce the release of KrakenD Enterprise 2.1, already available for install or upgrade.

KrakenD EE 2.1 brings a lot of new functionality, including advanced manipulation with a JSON Query language, a Revoke Server to manage tokens in clusters, new Kibana and Grafana dashboards, faster encoding, a rewritten and richer NewRelic exporter, Websockets balancing, and much more. Apologies because we have added so much that the summary is not going to be short this time :)

Changed the official Docker registry!

KrakenD Enterprise was download from a private Amazon or Azure container registries, where you needed their corresponding CLI tools to authenticate you. In order to ease this process, all Docker images of Enterprise are publicly available under the repository krakend/krakend-ee. For KrakenD EE 2.0 or greater you can now replace the following lines:

# Before
# Now
FROM krakend/krakend-ee

Easier and cleaner!

Advanced manipulation with a query language

You are probably now using Lua or Go plugins for complicated manipulations, or maybe you avoid them because it’s cumbersome. KrakenD EE 2.1 adds a powerful JSON query language manipulation executor that allows you to transform the data in ways it wasn’t possible without scripting just yet: perform searches, evaluate expressions, do replacements, apply sorting, and more.

KrakenD Advanced manipulation

Learn more about Advanced manipulation with JMESPath

Revoke Server

You can start KrakenD now with krakend revoke-server, and it creates a new service available to all KrakenD servers in a cluster. It pushes revoke instructions to all members in the cluster and maintains consistency between all the nodes, existing or new. In addition, you can interact with the server through an API to better integrate it with your existing applications, and it helps you revoke still valid tokens from a time expiration point of view.

Revoke Server

Learn more about the Revoke Server

Service Rate Limit

In addition to the proxy rate limit and the endpoint rate limit, the Enterprise version adds a service rate limit. It controls the usage of a specific user or all users against all endpoints in the API.

Learn more about Service Rate Limit

Response Schema Validator

The Response Schema Validator plugin ensures that the backend responses contain at least the structure of your choice before its returned to the user. You can define the rules with a JSON schema.

For instance, you might want to connect to three backend servers simultaneously and aggregate their information. In specific cases, if one of them does not return the needed information, there is no point in returning the information to the end user. The plugin gives you control on that.

Content Replacer

The Content Replacer is a manipulation plugin that allows you to apply regular expressions to any object, from the response. It can be used for standardization, obfuscating information, or any other application. Example:

    "content-replacer": {
        "data.credit_card": {
            "@comment": "Ridiculous card masking. Take 4 digits and remove the rest. Credit card is inside a data object.",
            "find": "(^\\d{4})(.*)",
            "replace": "${1}-XXXX",
            "regexp": true
        "message": {
            "@comment": "Replace '6 items left' with '6' on the message field",
            "find": " items left",
            "replace": ""

Faster json decoder. Yes, faster!

It seemed impossible, but this version comes with a faster JSON decoder, and it flies! The fast-json encoder is now available in the encoding section of your backends. The new encoder is 140% faster on collections and 30% faster on objects on average tests, compared to the open source edition json decoder, and the difference is relevant when you manipulate payloads of a certain size.

Learn more about fast-json

Websocket balancing

Before this version, multiple WebSocket servers needed external balancing, but this is no longer necessary. KrakenD now accepts multiple WebSocket servers in its host array.

New Dashboards

We have created a new repository Telemetry Dashboards with new Dashboard configurations, and we’ve rewritten our NewRelic integration. The new stuff is:

NR traces

New features on OpenAPI

Three new features on OpenAPI generation:

  • When you use OpenAPI in combination with JSON Schema, write methods add the validation requirements in the documentation.

  • Multiple OpenAPI exports based on audience. You can segment the endpoints in your API to multiple audiences and generate different OpenAPI specs for each.

  • Add a response example as a static JSON object to show in the documentation.

        "documentation/openapi": {
            "description": "An endpoint that is available to all plans",
            "audience": ["gold","silver","bronze"],
            "example": {
                "hi": "This is what I return"

The list of new features still goes on…

More new features worth mentioning:

  • Easier logging to disk or remote server logging via the configurable syslog facility

  • Added a skip option for the static server to ignore matching sub-paths and route them to KrakenD endpoints. For instance, you can now treat any path starting on / in KrakenD as static (e.g., routes of a React application) and route sub-paths like /api/ to endpoints.

        "plugin/http-server": {
            "name": ["static-filesystem"],
            "static-filesystem": {
                "prefix": "/",
                "path": "./react/dist",
                "skip": [
  • Added a no_redirect option to wildcards to let clients follow redirections (e.g: user logins)

        "plugin/http-client": {
                "name": "wildcard",
                "no_redirect": false
  • Added identifier to the API Key authentication to allow custom headers and custom query strings. This is useful for transitioning from legacy systems.

        "auth/api-keys": {
            "strategy": "header",
            "identifier": "X-Key"
  • Added a krakend version command that outputs the KrakenD, Go, and Glibc versions.

  • Added allow_insecure_connections flag to ease development stages that use self-signed certificates.

  • Customizable response body for 404 and 405 errors

  • Added context propagation between Handler plugins and KrakenD Client plugins (router gin 1.8.1)

  • Added capacity and client_capacity (token bucket size) to router rate limit, previously only on backend rate limit.

Relevant fixes

  • More logging consistency (Bot detector, Bloom filter, Gologging)
  • Better control of errors when GELF is failing
  • Influx client not initialized during startup randomly (namespace collision being the cause)
  • The check-plugin command could panic when analyzing malformed files.


The following components and options are marked as deprecated and will be removed in future versions:

  • The --accept-eula (or -e) flag is no longer necessary to start KrakenD
  • The telemetry/opencensus component for NewRelic will stop working in future versions. Use telemetry/newrelic instead.

Youtube channel

We have started to create video content on our KrakenD API Gateway channel on youtube; subscribe!

Stay up to date with KrakenD releases and important updates

We use cookies to understand how you use our site and to improve your overall experience. By continuing to use our site, you accept our Privacy Policy. More information