NexJ, a leader in intelligent customer management for the financial services industry, detailed their journey in transitioning from a monolithic architecture to an API-first approach using Kong Gateway, an open-source API management tool. To achieve scalability and enhanced security, NexJ integrated Kong with their existing identity provider, leveraging plugins such as OpenID Connect for JWT token validation and Key Authentication for client verification. The microservices architecture was deployed on Kubernetes, using tools like the Kong Ingress Controller for efficient service routing and load balancing. The architecture emphasizes zero-trust security with mutual TLS for communication between microservices and strict data isolation across environments. NexJ employed a declarative approach using YAML files for configuring Kong and Kubernetes resources, allowing for version control and ease of rollback. Moving forward, NexJ plans to expand their use of Kong’s Development Portal for API tracing, enhance observability, and explore Kong Konnect to reduce operational overhead, aligning with their API-first strategy.