manualshive.com logo in svg

Alibaba Cloud API Gateway, User Manual

The Alibaba Cloud API Gateway allows users to easily manage and secure their APIs. Download the free User Manual to learn how to set up, configure, and optimize your API Gateway. Access the manual at manualshive.com for step-by-step instructions on maximizing the potential of this powerful tool.

Share
Download
background image

1.

2.

3.

4.

5.

1. Authorization server (AS): Used to generate the id_token and
manage the KeyPair. 

 

You must perform this step by yourself. For more information about the method, see Configure an

API in the API gateway as follows. 

 

As shown in the preceding figure, the process is as follows:

 

The Consumer (caller) sends an id_token authentication request to the API gateway, for

example, in the user name+password (U+P) mode. 

The API gateway transparently transmits the request to the AS. 

The AS sends the user authentication request to the Provider (service provider). 

The Provider returns the authentication results or an error message if the authentication

fails. 

If the authentication succeeds, the AS generates an id_token, which includes the User

information (expandable, and can include other necessary information). 
 

The API gateway sends the id_token returned by the AS to the Consumer.

  
Note: The AS is not required to be independently deployed. It can be integrated in the

API Gateway

User Guide for Providers

16

Summary of Contents for API Gateway

Page 1: ...API Gateway User Guide for Providers...

Page 2: ...deprecation and version switching Easy data conversion You can configure a mapping rule to convert the calling request into the format required by the backend Presetting of request verification You c...

Page 3: ...o backend services the format of returned results the parameter verification rules and so on Define basic information Basic API information includes the API group API name description and API type Sel...

Page 4: ...rom that in the backend service address You have to map the parameters when defining the path if they are in the backend service address Input parameter definition The parameters to input conprise hea...

Page 5: ...r The parameter name must be globally unique It is not allowed to enter a parameter named name in headers and queries at the same time After the preceding steps now you can test and release the API gr...

Page 6: ...in name as follows The unique and fixed second level domain name is assigned by the system during group creation By default a second level domain name is used to call the API only in the test environm...

Page 7: ...definitions Editing the definition of a released API does not affect the definition in the production environment unless you release and synchronize it to the production environment It is not allowed...

Page 8: ...ew the release history of each of you APIs including the version number notes test production and time of each release When viewing the release history you can select a version and switch to it The ne...

Page 9: ...he throttling policy is described as follows Throttling policy contains the following dimensions The three values can be set in one throttling policy Note that the user traffic limit API traffic limit...

Page 10: ...e and special object settings appliable to each API separately The lattest policy bound to the API overwrites the previous one and takes effect immediately To add a special app or user you must obtain...

Page 11: ...ount Restrictions on the number of independent domain names bound to an API group At most five independent domain names can be bound to a group Restrictions on the traffic for calling an API The traff...

Page 12: ...name is X Ca Signature How to add a signature at the backend HTTP service For more information about the demo Java of signature calculation see https github com aliyun api gateway demo sign backend ja...

Page 13: ...ercase letters in the key of the header to lowercase and splice the keys in the following method URL URL indicates the Form parameter in the Path Query Body The organization method is as follows If Qu...

Page 14: ...uthorization OpenID Connect is a lightweight standard based on OAuth 2 0 which provides a framework for identity interaction through APIs Compared with OAuth OpenID Connect not only authenticates a re...

Page 15: ...oken to the client When configuring such APIs you must inform the API gateway about the key corresponding to your Token and the public key used to resolve the Token Service APIs Interfaces used to obt...

Page 16: ...ined by the authorization API and the signed Appkey to call the service API The API gateway authenticates and resolves the Token and sends the user information contained in the Token to the backend Du...

Page 17: ...d U P mode The API gateway transparently transmits the request to the AS The AS sends the user authentication request to the Provider service provider The Provider returns the authentication results o...

Page 18: ...as follows The Consumer sends the parameter with the id_token to the API gateway The API gateway saves the publicKey used for verification verifies and resolves the id_token to obtain the User informa...

Page 19: ...e KeyPair uses the RSA SHA256 encryption algorithm To guarantee security 2 048 bits are encrypted All KeyPairs used in the AS are in the JSON format The following is an example publicKey privateKey St...

Page 20: ...uiM2oiKtW3bAaBP uiR7sVMFcuB5baCebHU487YymJCBTfeCZtFdi6c4w0 dp gVCROKonsjiQCG s6X4j saAL016jJsw 7QEYE6uiMHqR _6iJ _uD1V8Vuec RxaItyc6SBsh24oeqsNoG7Ndaw7w912UVDwVjwJKQFCJDjU0v4oniItosKcPvM8M0TDUB1qZojuM...

Page 21: ...s toJson PrivateKey privateKey new RsaJsonWebKey JsonUtil parseJson privateKeyText getPrivateKey jws setKey privateKey String idToken jws getCompactSerialization eyJhbGciOiJSUzI1NiIsImtpZCI6Ijg4NDgzNz...

Page 22: ...example obtaining the Token using U P Service APIs Used by the Provider to provide services The Consumer calls the obtained Token as an input parameter The OpenID Connect certification method is used...

Page 23: ...he Input parameter definition area a corresponding parameter must be defined Otherwise an error message is prompted as shown in the following figure Configuring the custom system parameters The servic...

Page 24: ...sing the RAM employees can use the sub accounts to view create manage and delete API groups APIs authorizations and throttling policies However the sub accounts are not the owner of resources whose op...

Page 25: ...policy For more information about how to view create modify and delete a custom authorization see Authorization policy management For more information about how to enter the authorization policy conte...

Page 26: ...region indicates the region You can also enter the wildcards which indicate all regions account id indicates the account ID such as 1234567890123456 You can also enter the wildcards relative id indica...

Page 27: ...ntid trafficco ntrol trafficcontrolId DeleteTrafficSpecialControl acs apigateway regionid accountid trafficco ntrol trafficcontrolId DeployApi acs apigateway regionid accountid apigroup groupId Descri...

Page 28: ...cs apigateway regionid accountid apigroup DescribeRulesByApi acs apigateway regionid accountid group groupId DescribeSecretKeys acs apigateway regionid accountid secretke y DescribeTrafficControls acs...

Page 29: ...rafficcontrolId RemoveAppsFromApi acs apigateway regionid accountid apigroup groupId RemoveBlackList acs apigateway regionid accountid blacklist blacklistid SetAccessPermissionByApis acs apigateway re...

Page 30: ...the intranet This authorization is only used for the API gateway to access corresponding backend resources The API gateway cannot access unauthorized resources or ports For example if only port 80 of...

Page 31: ...e the API gateway for access Click API Gateway Console Open API Authorize VPC and then click Create Authorization Go to the authorization page and enter corresponding information VPC name Indicates th...

Page 32: ...tion of other parameters for the API is consistent with that for other APIs Save the configuration The API creation is complete 3 Authorize a security group Optional You can skip this step if you use...

Page 33: ...backend service works in multiple VPC instances Why cannot I authorize my VPC Make sure that the VPC ID instance ID and port number are correct and that the authorization policy and VPC are within the...

Page 34: ...e interdependency among them may in turn restrict each of them during the process and mutual misunderstanding may influence the development progress or even delay the project schedule Therefore Mock i...

Page 35: ...t to the test or online environment for test or to the API debugging page for debugging based on your actual needs Debugging You can initiate an API call on the API debugging page to test the setting...

Page 36: ...r end which avoids unnecessary latency and improves efficiency In case of a large amount of requests the client can use this method to transmit the request data with only a few connections Header comp...

Page 37: ...future To Support HTTPS HTTPS is a protocol integrating HTTP and SSL It encrypts information and data to guarantee data transmission security HTTPS is widely used today The API gateway also supports...

Page 38: ...e and click Open API Group Management Click the group to which the SSL certificate is to be bound and check the group details Before binding the SSL certificate bind an Independent domain name to the...

Page 39: ...er binding the SSL certificate you can enable access over HTTP HTTPS or HTTP and HTTPS for APIs For security considerations we recommend that you configure all APIs to support access over HTTPS You ca...

Page 40: ...After the adjustment the API configuration is complete Your API supports access over HTTPS API Gateway User Guide for Providers 39...

Reviews:

No comments

Related manuals for API Gateway

RTA 460MMBS-NNA1 Product User Manual preview
460MMBS-NNA1
Brand: RTA Pages: 66
THOR H-1ASI-IP-B User Manual preview
H-1ASI-IP-B
Brand: THOR Pages: 20
3Com VCX V6000 Manual preview
VCX V6000
Brand: 3Com Pages: 24
4IPNET HSG326 Quick Installation Manual preview
HSG326
Brand: 4IPNET Pages: 24
2Wire 2701HG Series Specification preview
2701HG Series
Brand: 2Wire Pages: 4
2Wire HomePortal 1000S Installation Manual preview
HomePortal 1000S
Brand: 2Wire Pages: 54
Technicolor TG789vac v2 Installation Manual preview
TG789vac v2
Brand: Technicolor Pages: 39
AudioCodes Mediant 2000 User Manual preview
Mediant 2000
Brand: AudioCodes Pages: 418
CheckVideo G1104-8-6T Installing And Configuring preview
G1104-8-6T
Brand: CheckVideo Pages: 8
RTA 460BMSUS-NNA4 Product User Manual preview
460BMSUS-NNA4
Brand: RTA Pages: 76
olympia electronics GR-7601 Manual preview
GR-7601
Brand: olympia electronics Pages: 4
AudioCodes Mediant 1000B Hardware Installation Manual preview
Mediant 1000B
Brand: AudioCodes Pages: 70
AudioCodes Mediant 800 Reference Manual preview
Mediant 800
Brand: AudioCodes Pages: 195
AudioCodes Mediant 800 MSBG User Manual preview
Mediant 800 MSBG
Brand: AudioCodes Pages: 890
3Com 3C510 User Manual preview
3C510
Brand: 3Com Pages: 34
Popp 008900 Manual preview
008900
Brand: Popp Pages: 6
TEKTELIC Communications 5235 User Manual preview
5235
Brand: TEKTELIC Communications Pages: 29
SKS-Kinkel 300111 Installation Instructions Manual preview
300111
Brand: SKS-Kinkel Pages: 88

Brands by name

Popular brands

Load more brands