![Article: Token-Based Access Control With Kong, OPA and Curity](https://images.ctfassets.net/tldhjvq55hjd/abeC3GubZ2pZ7U1ZoO804/c06b2b8b1c76957e86a1a60e840a3d9d/News_kong_2x.png?w=1200&h=481&q=50&fm=png&bg=white)
Article: Token-Based Access Control With Kong, OPA and Curity
Curity's Jonas Iggbom recently contributed to the Kong Inc. blog. In the article, he explains how you can establish token-based access control using the Curity Identity Service, Kong Gateway, and Open Policy Agent.
The blog post focuses on implementing the Phantom Token Approach to achieve Level 3 of the API Security Maturity Model. This approach externally uses opaque (reference) access tokens, exchanging them for a signed JSON Web Token (JWT) with scopes and claims in Kong Gateway. The system then passes that information onward to the upstream API.
Read the article Token-Based Access Control With Kong, OPA and Curity here.