manualshive.com logo in svg

Alibaba Cloud API Gateway, User Manual

The Alibaba Cloud API Gateway allows users to easily manage and secure their APIs. Download the free User Manual to learn how to set up, configure, and optimize your API Gateway. Access the manual at manualshive.com for step-by-step instructions on maximizing the potential of this powerful tool.

Share
Download
background image

-

-

-

-

-

Connect & Alibaba cloud App needs to authenticate APPkey, and OpenID Connect does not.

 

Functions that are not supported by OpenID Connect

 

Cannot use App authentication

Cannot use App level Throttling

Cannot use AlibabaCloud Account level Throttling
 

 
Implementation principle 

 

By performing OpenID Connect authentication, APIs can be classified into authorization APIs and 

service APIs. 

 

 

Authorization APIs: Interfaces used to issue a Token to the client. When configuring such

APIs, you must inform the API gateway about the key corresponding to your Token and the

public key used to resolve the Token.

Service APIs: Interfaces used to obtain user information and perform an operation. When

configuring such APIs, you must inform the API gateway about the parameter that

represents the Token in your request. After the request arrives at the API gateway, the API

gateway automatically checks whether this request is valid.
 

 
Certification method

 

 

The client calls an authorization API

 

 

The client uses authentications to get the “Token”:

API Gateway

User Guide for Providers

14

Summary of Contents for API Gateway

Page 1: ...API Gateway User Guide for Providers...

Page 2: ...deprecation and version switching Easy data conversion You can configure a mapping rule to convert the calling request into the format required by the backend Presetting of request verification You c...

Page 3: ...o backend services the format of returned results the parameter verification rules and so on Define basic information Basic API information includes the API group API name description and API type Sel...

Page 4: ...rom that in the backend service address You have to map the parameters when defining the path if they are in the backend service address Input parameter definition The parameters to input conprise hea...

Page 5: ...r The parameter name must be globally unique It is not allowed to enter a parameter named name in headers and queries at the same time After the preceding steps now you can test and release the API gr...

Page 6: ...in name as follows The unique and fixed second level domain name is assigned by the system during group creation By default a second level domain name is used to call the API only in the test environm...

Page 7: ...definitions Editing the definition of a released API does not affect the definition in the production environment unless you release and synchronize it to the production environment It is not allowed...

Page 8: ...ew the release history of each of you APIs including the version number notes test production and time of each release When viewing the release history you can select a version and switch to it The ne...

Page 9: ...he throttling policy is described as follows Throttling policy contains the following dimensions The three values can be set in one throttling policy Note that the user traffic limit API traffic limit...

Page 10: ...e and special object settings appliable to each API separately The lattest policy bound to the API overwrites the previous one and takes effect immediately To add a special app or user you must obtain...

Page 11: ...ount Restrictions on the number of independent domain names bound to an API group At most five independent domain names can be bound to a group Restrictions on the traffic for calling an API The traff...

Page 12: ...name is X Ca Signature How to add a signature at the backend HTTP service For more information about the demo Java of signature calculation see https github com aliyun api gateway demo sign backend ja...

Page 13: ...ercase letters in the key of the header to lowercase and splice the keys in the following method URL URL indicates the Form parameter in the Path Query Body The organization method is as follows If Qu...

Page 14: ...uthorization OpenID Connect is a lightweight standard based on OAuth 2 0 which provides a framework for identity interaction through APIs Compared with OAuth OpenID Connect not only authenticates a re...

Page 15: ...oken to the client When configuring such APIs you must inform the API gateway about the key corresponding to your Token and the public key used to resolve the Token Service APIs Interfaces used to obt...

Page 16: ...ined by the authorization API and the signed Appkey to call the service API The API gateway authenticates and resolves the Token and sends the user information contained in the Token to the backend Du...

Page 17: ...d U P mode The API gateway transparently transmits the request to the AS The AS sends the user authentication request to the Provider service provider The Provider returns the authentication results o...

Page 18: ...as follows The Consumer sends the parameter with the id_token to the API gateway The API gateway saves the publicKey used for verification verifies and resolves the id_token to obtain the User informa...

Page 19: ...e KeyPair uses the RSA SHA256 encryption algorithm To guarantee security 2 048 bits are encrypted All KeyPairs used in the AS are in the JSON format The following is an example publicKey privateKey St...

Page 20: ...uiM2oiKtW3bAaBP uiR7sVMFcuB5baCebHU487YymJCBTfeCZtFdi6c4w0 dp gVCROKonsjiQCG s6X4j saAL016jJsw 7QEYE6uiMHqR _6iJ _uD1V8Vuec RxaItyc6SBsh24oeqsNoG7Ndaw7w912UVDwVjwJKQFCJDjU0v4oniItosKcPvM8M0TDUB1qZojuM...

Page 21: ...s toJson PrivateKey privateKey new RsaJsonWebKey JsonUtil parseJson privateKeyText getPrivateKey jws setKey privateKey String idToken jws getCompactSerialization eyJhbGciOiJSUzI1NiIsImtpZCI6Ijg4NDgzNz...

Page 22: ...example obtaining the Token using U P Service APIs Used by the Provider to provide services The Consumer calls the obtained Token as an input parameter The OpenID Connect certification method is used...

Page 23: ...he Input parameter definition area a corresponding parameter must be defined Otherwise an error message is prompted as shown in the following figure Configuring the custom system parameters The servic...

Page 24: ...sing the RAM employees can use the sub accounts to view create manage and delete API groups APIs authorizations and throttling policies However the sub accounts are not the owner of resources whose op...

Page 25: ...policy For more information about how to view create modify and delete a custom authorization see Authorization policy management For more information about how to enter the authorization policy conte...

Page 26: ...region indicates the region You can also enter the wildcards which indicate all regions account id indicates the account ID such as 1234567890123456 You can also enter the wildcards relative id indica...

Page 27: ...ntid trafficco ntrol trafficcontrolId DeleteTrafficSpecialControl acs apigateway regionid accountid trafficco ntrol trafficcontrolId DeployApi acs apigateway regionid accountid apigroup groupId Descri...

Page 28: ...cs apigateway regionid accountid apigroup DescribeRulesByApi acs apigateway regionid accountid group groupId DescribeSecretKeys acs apigateway regionid accountid secretke y DescribeTrafficControls acs...

Page 29: ...rafficcontrolId RemoveAppsFromApi acs apigateway regionid accountid apigroup groupId RemoveBlackList acs apigateway regionid accountid blacklist blacklistid SetAccessPermissionByApis acs apigateway re...

Page 30: ...the intranet This authorization is only used for the API gateway to access corresponding backend resources The API gateway cannot access unauthorized resources or ports For example if only port 80 of...

Page 31: ...e the API gateway for access Click API Gateway Console Open API Authorize VPC and then click Create Authorization Go to the authorization page and enter corresponding information VPC name Indicates th...

Page 32: ...tion of other parameters for the API is consistent with that for other APIs Save the configuration The API creation is complete 3 Authorize a security group Optional You can skip this step if you use...

Page 33: ...backend service works in multiple VPC instances Why cannot I authorize my VPC Make sure that the VPC ID instance ID and port number are correct and that the authorization policy and VPC are within the...

Page 34: ...e interdependency among them may in turn restrict each of them during the process and mutual misunderstanding may influence the development progress or even delay the project schedule Therefore Mock i...

Page 35: ...t to the test or online environment for test or to the API debugging page for debugging based on your actual needs Debugging You can initiate an API call on the API debugging page to test the setting...

Page 36: ...r end which avoids unnecessary latency and improves efficiency In case of a large amount of requests the client can use this method to transmit the request data with only a few connections Header comp...

Page 37: ...future To Support HTTPS HTTPS is a protocol integrating HTTP and SSL It encrypts information and data to guarantee data transmission security HTTPS is widely used today The API gateway also supports...

Page 38: ...e and click Open API Group Management Click the group to which the SSL certificate is to be bound and check the group details Before binding the SSL certificate bind an Independent domain name to the...

Page 39: ...er binding the SSL certificate you can enable access over HTTP HTTPS or HTTP and HTTPS for APIs For security considerations we recommend that you configure all APIs to support access over HTTPS You ca...

Page 40: ...After the adjustment the API configuration is complete Your API supports access over HTTPS API Gateway User Guide for Providers 39...

Reviews:

No comments

Related manuals for API Gateway

Ubee DVW32CB Subscriber User Manual preview
DVW32CB
Brand: Ubee Pages: 114
Ubee DDW36C User Manual preview
DDW36C
Brand: Ubee Pages: 105
Ubee DVW3201B Subscriber User Manual preview
DVW3201B
Brand: Ubee Pages: 96
Ubee DDW3611 User Manual preview
DDW3611
Brand: Ubee Pages: 96
Pace V5500 DSL Datasheet preview
V5500 DSL
Brand: Pace Pages: 2
Sencore DMG 1200 User Manual preview
DMG 1200
Brand: Sencore Pages: 37
NetModule NG800 User Manual preview
NG800
Brand: NetModule Pages: 223
Digicom VoiceGATE 8D5499 User Manual preview
VoiceGATE 8D5499
Brand: Digicom Pages: 29
Bang & Olufsen ML Gateway Installation Manual preview
ML Gateway
Brand: Bang & Olufsen Pages: 58
ActionTec VOSKY UP101 User Manual preview
VOSKY UP101
Brand: ActionTec Pages: 41
enphase ENV-S-WM230 Quick Install Manual preview
ENV-S-WM230
Brand: enphase Pages: 3
Lantronix DeviceLinx Xchip Direct SoC User Manual preview
DeviceLinx Xchip Direct SoC
Brand: Lantronix Pages: 62
Renu Electronics GWY-00 User Manual preview
GWY-00
Brand: Renu Electronics Pages: 105
Rosslare AY-Q65 Installation And Programming Manual preview
AY-Q65
Brand: Rosslare Pages: 28
Rosslare AC-525 Hardware Installation And User'S Manual preview
AC-525
Brand: Rosslare Pages: 52
Team TMN-51T Hardware User'S Manual preview
TMN-51T
Brand: Team Pages: 16
2N Telekomunikace 2N StarGate User Manual preview
2N StarGate
Brand: 2N Telekomunikace Pages: 105
4IPNET WHG315 User Manual preview
WHG315
Brand: 4IPNET Pages: 368

Brands by name

Popular brands

Load more brands