API Gateway Drives Legacy Modernization

Svenska Spel's move from custom-built, monolithic systems to a standardized API platform was driven by the deregulation of the Swedish gaming market in 2019. This shift from a state monopoly to a competitive environment necessitated greater agility, faster partner integration, and a robust, secure foundation for digital growth. Their legacy architecture, while stable and performant for its time, had become a bottleneck, making it difficult to innovate and scale. The core of their new architecture is a significant consolidation from approximately 600 tightly coupled modules to a target of 130 well-defined microservices. This strategic decomposition is managed on-premises in a "cloud-like" Kubernetes environment, with a full migration to a public cloud planned for completion by 2028. This hybrid approach allows their teams to build skills and refine the microservices architecture in a controlled environment before making the full leap. To manage the complexity of over 700 APIs handling what has grown to 10 million daily transactions, Svenska Spel implemented Kong Konnect as a universal SaaS control plane. This provides a single point of governance for API traffic, security, and observability. By using isolated gateways for each partner integration, they can control the "blast radius" of any potential issues and enforce specific security policies for different external partners. Authentication and security are handled using modern, standardized protocols. They employ an OIDC (OpenID Connect) authentication flow with a "split-token" approach to avoid exposing access tokens in the browser. For service-to-service identity within their Kubernetes clusters, they have integrated SPIFFE/SVID via sidecar proxies, enforcing a zero-trust networking model even for internal traffic. This technological transformation is mirrored by an organizational one. Svenska Spel has restructured its technology division, creating a new group function for "Gaming Responsibility & Data-Driven Transformation." Their engineering culture promotes a hybrid model where a central platform team ("DesignTech") manages the core design system and infrastructure, but feature teams are empowered to contribute to its evolution, fostering a sense of shared ownership. The modernization is a multi-year journey with clear timelines. The initial focus is on migrating all partner integrations to the new Kong-based flow by the end of 2026. Following that, the large-scale migration of their main gaming site APIs will continue, with the entire platform modernization and cloud migration targeted for completion before 2028. The business impact is already evident in their financial performance. Despite the complete shutdown of their land-based casino operations, online sales have climbed 8% to SEK 4.87 billion, now accounting for 63% of the group's revenue. This successful pivot to a digital-first model, supported by a scalable and secure API platform, has allowed them to exceed financial targets.