API gateways serve as a crucial security component in the modern IT infrastructure by mediating between client applications and backend services, enforcing authentication, and managing access tokens through communication with authorization servers. These gateways can implement various client authentication methods, including the more secure mutual TLS (mTLS), which is essential for zero trust security frameworks. Kong, a prominent API gateway, supports all OAuth2.0 and OpenID Connect flows, including TLS Client Authentication, to enhance security by verifying both client and server certificates. Within these flows, Kong can securely fetch access tokens and proxy requests to backend services, making it vital for environments with stringent security requirements. By adopting mTLS, Kong helps organizations adhere to zero trust principles, ensuring that only authenticated and authorized entities can access sensitive resources.