KrakenD

What Is KrakenD?

In 2016, Albert Lombarte and the team that would become KrakenD faced a problem many platform engineers still recognise: the API gateways available at the time were either too slow, too complex, or too expensive to operate at scale. Nginx-based solutions required deep Lua knowledge. Kong's plugin architecture introduced runtime dependencies. AWS API Gateway locked you into a single cloud. The response from Barcelona was to throw out every assumption about what an API gateway needed to be.

The core insight was architectural: most gateway failures are failures of state. If a gateway needs to check a database before routing a request, that database becomes a bottleneck. If it holds in-memory session data, scaling horizontally requires synchronisation. KrakenD's answer was to eliminate state entirely. Configuration compiles into a single Go binary. No runtime database. No coordination between instances. Every request is processed statelessly, which means every instance is identical, every restart is instantaneous, and horizontal scaling is trivial.

That philosophy has held through eight years of development. Today, KrakenD handles REST, gRPC, GraphQL, WebSockets, and SOAP backends from a single declarative JSON or YAML configuration. The Community Edition is fully open source under Apache 2.0. The Enterprise Edition adds the operational features — SSO, RBAC, developer portal, OpenAPI import — that large organisations typically require. Both are self-hosted, both are EU-built, and both run without phoning home to any KrakenD servers.

The company remains based in Barcelona and privately held, competing against Kong, AWS API Gateway, and Apigee without venture-backed marketing budgets, on the strength of the product's performance benchmarks alone.

Key Features

Stateless Compiled Architecture

KrakenD's most important feature is one you never see: the absence of a database. Every other major API gateway — Kong, APISIX, Tyk — requires at least one external store to function. KrakenD compiles your entire krakend.json configuration into a single binary at startup. The binary reads no external state during request handling. This produces measured throughput of over 20,000 requests per second on modest hardware, with added latency measured in microseconds rather than milliseconds.

For operations teams, this matters in concrete ways. There is no Postgres or Cassandra to provision. There is no clustering protocol to debug at 2 a.m. Rolling restarts are clean because every instance starts fresh from the same binary. Autoscaling in Kubernetes is as simple as adjusting a replica count — no leader election, no session affinity, no warm-up period.

Request Aggregation and Transformation

KrakenD was originally designed to solve the backend-for-frontend problem: a mobile app needs data from five microservices, but making five sequential requests from the client burns battery and adds latency. KrakenD lets you define a single endpoint that fans out to multiple backends in parallel, merges the responses, filters fields, and returns a single JSON payload. This happens entirely in the gateway layer with no separate orchestration service.

The transformation capabilities extend to header manipulation, body field filtering, content encoding, and response caching with configurable TTL. Teams replacing a monolith with microservices find this particularly useful for maintaining stable API contracts while migrating backends incrementally.

Protocol Breadth

Modern service architectures rarely speak only HTTP/REST. KrakenD handles gRPC backends and can expose them as REST endpoints — useful for services written in Go that use gRPC internally but need to serve mobile clients over REST. WebSocket proxying supports both direct connections and multiplexed channels. GraphQL backends can be queried and their responses merged with REST responses in the same aggregation endpoint. SOAP backends, common in enterprise environments, are also supported without additional middleware.

All of this is configured declaratively — no plugins to install, no code to write, no scripting language to learn. The configuration schema is comprehensive and well-documented.

Observability Without Vendor Lock-in

KrakenD exports metrics and traces via OpenTelemetry, supporting Prometheus, Grafana, Jaeger, Zipkin, Datadog, and InfluxDB. The approach is consistent with the gateway's broader philosophy: the platform produces data, you choose where it goes. There is no proprietary monitoring dashboard in the Community Edition. Teams that already operate an observability stack find this integrates cleanly; teams starting from scratch need to build or procure that stack separately.

Enterprise Edition Additions

The paid tier adds the features that enterprise procurement teams typically require: LDAP/SSO integration, role-based access control, audit logging, a developer portal for API documentation, and OpenAPI specification import. Rate limiting becomes tiered — different API consumers can receive different quota limits based on their tier, a common pattern for API products with multiple customer segments. A 2-month free trial is available with no credit card required.

Pricing

KrakenD's Community Edition costs nothing and carries no feature restrictions on the core gateway. For the majority of self-hosted deployments, the free tier provides everything needed: full protocol support, rate limiting, circuit breaker, JWT authentication, and observability export.

Enterprise Edition pricing is not publicly listed — KrakenD uses custom licensing based on deployment scale and feature requirements. The model is described as perpetual licence rather than annual subscription, which suits organisations that prefer capital expenditure over ongoing operational costs. The 2-month trial provides meaningful evaluation time before committing.

The total cost of ownership comparison against Kong Enterprise or AWS API Gateway typically favours KrakenD at high request volumes: Kong's plugin-heavy architecture adds resource overhead that compounds at scale, and AWS API Gateway charges per API call at rates that accumulate quickly for high-traffic services. KrakenD's fixed infrastructure cost makes it predictable regardless of traffic growth.

For teams with modest budgets, the Community Edition is a genuine production option. Dozens of organisations run KrakenD CE in production at significant scale without purchasing a licence.

EU Compliance & Privacy

KrakenD is incorporated in Barcelona as KrakenD S.L. and falls under Spanish law, which means EU jurisdiction and GDPR applicability by default. More practically: the self-hosted architecture means KrakenD the company never receives your API traffic, configuration, or request logs. There is nothing to transfer to third parties because nothing leaves your infrastructure.

The Enterprise Edition is also entirely self-hosted. No telemetry, no licence verification calls that could expose configuration metadata, no cloud component. FIPS 140-2 compliant builds are available in the Enterprise Edition for organisations in regulated industries where cryptographic standards compliance is mandated.

For teams building on EU cloud infrastructure (Hetzner, OVHcloud, Scaleway), KrakenD integrates cleanly without introducing any non-EU data flows at the gateway layer.

Who It's Best For

High-throughput API teams where added latency is a real cost — payment processing, search, real-time applications. KrakenD's benchmark numbers are not marketing claims; the architecture genuinely produces lower overhead than alternatives.

Platform engineering teams who find Kong's plugin ecosystem and database dependency operationally expensive. The single-binary, zero-dependency model simplifies infrastructure significantly for teams that prefer fewer moving parts.

EU-regulated organisations that need to self-host their API gateway without any SaaS component. Financial services, healthcare, and public sector organisations with data residency requirements benefit from the fully self-contained deployment model.

Microservices teams implementing a backend-for-frontend pattern. KrakenD's response aggregation is purpose-built for this use case and handles it more elegantly than most alternatives.

The Verdict

KrakenD does one thing very well and is honest about what it trades to get there. The performance and operational simplicity are real, the open-source model is genuinely unrestricted, and the EU provenance is a meaningful advantage for data-sovereign deployments. The cost is a smaller ecosystem than Kong's and an Enterprise Edition that requires a sales conversation before pricing is disclosed. Teams that have outgrown NGINX-based routing and want a high-performance alternative built by people who understand the problem should put KrakenD at the top of their evaluation list.

Frequently Asked Questions

Is KrakenD open source?

Yes. KrakenD Community Edition is fully open source under the Apache 2.0 licence and available on GitHub. The Enterprise Edition adds SSO, RBAC, a developer portal, and OpenAPI import under a commercial licence.

Does KrakenD require a database?

No. KrakenD compiles your entire gateway configuration into a single stateless binary. There is no external database to provision or maintain. This is the core architectural decision that enables its performance characteristics.

How does KrakenD compare to Kong?

KrakenD outperforms Kong in raw throughput benchmarks due to its stateless compiled architecture. Kong offers a broader plugin marketplace and more mature enterprise tooling. KrakenD suits teams that prioritise performance and infrastructure simplicity; Kong suits teams with complex third-party integration requirements.

Is KrakenD GDPR compliant?

Yes. KrakenD S.L. is a Spanish company under EU jurisdiction. The self-hosted Community Edition transmits no data to KrakenD's servers. All API traffic processing happens within your own infrastructure.

What is included in the Enterprise free trial?

The 2-month Enterprise trial includes all premium features: SSO, RBAC, audit logging, developer portal, OpenAPI import, tiered rate limiting, AI-powered traffic control, and dedicated support engineer access. No credit card is required.