Skip to main content
Interceptors are Gateway plugins that intercept and modify Kafka requests and responses in real time. They help enforce policies, protect data, and add functionality without changing your applications or Kafka configuration.

What Interceptors do

Interceptors can:
  • Encrypt and decrypt message fields or entire payloads
  • Block or skip records that don’t meet data quality rules
  • Enforce producer settings like acks or compression
  • Control topic creation parameters like replication factor or partition count
  • Transform message content or headers

How they work

Interceptors execute in priority order (lowest number first) and can be:
  • Chained - Multiple Interceptors process requests sequentially
  • Scoped - Apply to specific service accounts, groups, or Virtual Clusters
  • Overridden - More specific scopes override broader ones
Gateway applies Interceptors dynamically based on which client connects, so different teams can have different policies without separate clusters.