Response aggregation and upstream authentication

We’re currently evaluating Kong as an API management tool, and have run into roadblocks on a couple of features. I’d love some info on whether these are possible, preferably without requiring third party plugins, etc.

First, what’s the best way to authenticate our gateway service with the upstream service? I can see there are several authentication plugins, but they seem to be only for authenticating with the Kong endpoint. We’ve tried, unsuccessfully, to use the request transformer plugin with a reference to a vault value. For testing purposes, we’ve had to statically specify our auth header using a request transformer, but would prefer a better way to secure this. This approach also won’t work if we need to integrate with an OAuth provider.

Secondly, how would we go about sending a request to multiple upstream services at once, and combine their responses into a single response back to the consumer? This is a key feature of several alternatives we’re reviewing, but seems to be unavailable with Kong.

Thanks for any help.

I see this has been a while and nobody has answered. I’m not affiliated with Kong, i’m just a user.
AFAIK Kong doesn’t support natively merge together several service calls.
What I’d do, is write a custom plugin that attaches the authentication to the call, possibly retrieving the credentials from vaults.
Also, another custom plugin to make all the calls, and merge them together. They can be written in go or lua.