manualshive.com logo in svg

Alibaba Cloud API Gateway, User Manual

The Alibaba Cloud API Gateway allows users to easily manage and secure their APIs. Download the free User Manual to learn how to set up, configure, and optimize your API Gateway. Access the manual at manualshive.com for step-by-step instructions on maximizing the potential of this powerful tool.

Share
Download
background image

-

-

Use the OIDC in the AS to generate the id_token

 

The id_token, also known as ID Token, is a type of tokens defined in the OIDC protocol. For

more information, see 

OpenID Connect Core 1.0

The KeyPair, keyId, and Claims are required to generate the id_token (for more information

about the Claims, see 

ID_Token

). 

 

 
KeyId description

 

The KeyId must be unique. For example, the KeyId generated using the UUID is a string of at least 32

random characters, which can be all numbers or numbers and letters. 

Example (Java)

 

Or 

 
KeyPair description

 

The KeyPair is a PKI system-based public and private key pair using the asymmetric algorithm. Each

pair contains a publicKey and a privateKey. The publicKey is stored in the RS, which is used for

verification. The privateKey is stored in the AS, which serves as the digital signature when the

id_token is generated. 

The KeyPair uses the RSA SHA256 encryption algorithm. To guarantee security, 2,048 bits are

encrypted. 

All KeyPairs used in the AS are in the JSON format. The following is an example: 

publicKey:

 

privateKey: 

String keyId = UUID.randomUUID().toString().replaceAll("-", "");

String keyId = String.valueOf(UUID.randomUUID().getMostSignificantBits()) +
String.valueOf(UUID.randomUUID().getMostSignificantBits());

{"kty":"RSA","kid":"67174182967979709913950471789226181721","alg":"ES256","n":"oH5WunqaqIopfOFBz9RfBVVII
cmk0WDJagAcROKFiLJScQ8N\_nrexgbCMlu-dSCUWq7XMnp1ZSqw-XBS2-XEy4W4l2Q7rx3qDWY0cP8pY83hqxTZ6-
8GErJm\_0yOzR4WO4plIVVWt96-
mxn3ZgK8kmaeotkS0zS0pYMb4EEOxFFnGFqjCThuO2pimF0imxiEWw5WCdREz1v8RW72WdEfLpTLJEOpP1FsFyG3OI
DbTYOqowD1YQEf5Nk2TqN\_7pYrGRKsK3BPpw4s9aXHbGrpwsCRwYbKYbmeJst8MQ4AgcorE3NPmp-
E6RxA5jLQ4axXrwC0T458LIVhypWhDqejUw","e":"AQAB"}

{"kty":"RSA","kid":"67174182967979709913950471789226181721","alg":"ES256","n":"oH5WunqaqIopfOFBz9RfBVVII
cmk0WDJagAcROKFiLJScQ8N\_nrexgbCMlu-dSCUWq7XMnp1ZSqw-XBS2-XEy4W4l2Q7rx3qDWY0cP8pY83hqxTZ6-
8GErJm\_0yOzR4WO4plIVVWt96-

API Gateway

User Guide for Providers

18

Summary of Contents for API Gateway

Page 1: ...API Gateway User Guide for Providers...

Page 2: ...deprecation and version switching Easy data conversion You can configure a mapping rule to convert the calling request into the format required by the backend Presetting of request verification You c...

Page 3: ...o backend services the format of returned results the parameter verification rules and so on Define basic information Basic API information includes the API group API name description and API type Sel...

Page 4: ...rom that in the backend service address You have to map the parameters when defining the path if they are in the backend service address Input parameter definition The parameters to input conprise hea...

Page 5: ...r The parameter name must be globally unique It is not allowed to enter a parameter named name in headers and queries at the same time After the preceding steps now you can test and release the API gr...

Page 6: ...in name as follows The unique and fixed second level domain name is assigned by the system during group creation By default a second level domain name is used to call the API only in the test environm...

Page 7: ...definitions Editing the definition of a released API does not affect the definition in the production environment unless you release and synchronize it to the production environment It is not allowed...

Page 8: ...ew the release history of each of you APIs including the version number notes test production and time of each release When viewing the release history you can select a version and switch to it The ne...

Page 9: ...he throttling policy is described as follows Throttling policy contains the following dimensions The three values can be set in one throttling policy Note that the user traffic limit API traffic limit...

Page 10: ...e and special object settings appliable to each API separately The lattest policy bound to the API overwrites the previous one and takes effect immediately To add a special app or user you must obtain...

Page 11: ...ount Restrictions on the number of independent domain names bound to an API group At most five independent domain names can be bound to a group Restrictions on the traffic for calling an API The traff...

Page 12: ...name is X Ca Signature How to add a signature at the backend HTTP service For more information about the demo Java of signature calculation see https github com aliyun api gateway demo sign backend ja...

Page 13: ...ercase letters in the key of the header to lowercase and splice the keys in the following method URL URL indicates the Form parameter in the Path Query Body The organization method is as follows If Qu...

Page 14: ...uthorization OpenID Connect is a lightweight standard based on OAuth 2 0 which provides a framework for identity interaction through APIs Compared with OAuth OpenID Connect not only authenticates a re...

Page 15: ...oken to the client When configuring such APIs you must inform the API gateway about the key corresponding to your Token and the public key used to resolve the Token Service APIs Interfaces used to obt...

Page 16: ...ined by the authorization API and the signed Appkey to call the service API The API gateway authenticates and resolves the Token and sends the user information contained in the Token to the backend Du...

Page 17: ...d U P mode The API gateway transparently transmits the request to the AS The AS sends the user authentication request to the Provider service provider The Provider returns the authentication results o...

Page 18: ...as follows The Consumer sends the parameter with the id_token to the API gateway The API gateway saves the publicKey used for verification verifies and resolves the id_token to obtain the User informa...

Page 19: ...e KeyPair uses the RSA SHA256 encryption algorithm To guarantee security 2 048 bits are encrypted All KeyPairs used in the AS are in the JSON format The following is an example publicKey privateKey St...

Page 20: ...uiM2oiKtW3bAaBP uiR7sVMFcuB5baCebHU487YymJCBTfeCZtFdi6c4w0 dp gVCROKonsjiQCG s6X4j saAL016jJsw 7QEYE6uiMHqR _6iJ _uD1V8Vuec RxaItyc6SBsh24oeqsNoG7Ndaw7w912UVDwVjwJKQFCJDjU0v4oniItosKcPvM8M0TDUB1qZojuM...

Page 21: ...s toJson PrivateKey privateKey new RsaJsonWebKey JsonUtil parseJson privateKeyText getPrivateKey jws setKey privateKey String idToken jws getCompactSerialization eyJhbGciOiJSUzI1NiIsImtpZCI6Ijg4NDgzNz...

Page 22: ...example obtaining the Token using U P Service APIs Used by the Provider to provide services The Consumer calls the obtained Token as an input parameter The OpenID Connect certification method is used...

Page 23: ...he Input parameter definition area a corresponding parameter must be defined Otherwise an error message is prompted as shown in the following figure Configuring the custom system parameters The servic...

Page 24: ...sing the RAM employees can use the sub accounts to view create manage and delete API groups APIs authorizations and throttling policies However the sub accounts are not the owner of resources whose op...

Page 25: ...policy For more information about how to view create modify and delete a custom authorization see Authorization policy management For more information about how to enter the authorization policy conte...

Page 26: ...region indicates the region You can also enter the wildcards which indicate all regions account id indicates the account ID such as 1234567890123456 You can also enter the wildcards relative id indica...

Page 27: ...ntid trafficco ntrol trafficcontrolId DeleteTrafficSpecialControl acs apigateway regionid accountid trafficco ntrol trafficcontrolId DeployApi acs apigateway regionid accountid apigroup groupId Descri...

Page 28: ...cs apigateway regionid accountid apigroup DescribeRulesByApi acs apigateway regionid accountid group groupId DescribeSecretKeys acs apigateway regionid accountid secretke y DescribeTrafficControls acs...

Page 29: ...rafficcontrolId RemoveAppsFromApi acs apigateway regionid accountid apigroup groupId RemoveBlackList acs apigateway regionid accountid blacklist blacklistid SetAccessPermissionByApis acs apigateway re...

Page 30: ...the intranet This authorization is only used for the API gateway to access corresponding backend resources The API gateway cannot access unauthorized resources or ports For example if only port 80 of...

Page 31: ...e the API gateway for access Click API Gateway Console Open API Authorize VPC and then click Create Authorization Go to the authorization page and enter corresponding information VPC name Indicates th...

Page 32: ...tion of other parameters for the API is consistent with that for other APIs Save the configuration The API creation is complete 3 Authorize a security group Optional You can skip this step if you use...

Page 33: ...backend service works in multiple VPC instances Why cannot I authorize my VPC Make sure that the VPC ID instance ID and port number are correct and that the authorization policy and VPC are within the...

Page 34: ...e interdependency among them may in turn restrict each of them during the process and mutual misunderstanding may influence the development progress or even delay the project schedule Therefore Mock i...

Page 35: ...t to the test or online environment for test or to the API debugging page for debugging based on your actual needs Debugging You can initiate an API call on the API debugging page to test the setting...

Page 36: ...r end which avoids unnecessary latency and improves efficiency In case of a large amount of requests the client can use this method to transmit the request data with only a few connections Header comp...

Page 37: ...future To Support HTTPS HTTPS is a protocol integrating HTTP and SSL It encrypts information and data to guarantee data transmission security HTTPS is widely used today The API gateway also supports...

Page 38: ...e and click Open API Group Management Click the group to which the SSL certificate is to be bound and check the group details Before binding the SSL certificate bind an Independent domain name to the...

Page 39: ...er binding the SSL certificate you can enable access over HTTP HTTPS or HTTP and HTTPS for APIs For security considerations we recommend that you configure all APIs to support access over HTTPS You ca...

Page 40: ...After the adjustment the API configuration is complete Your API supports access over HTTPS API Gateway User Guide for Providers 39...

Reviews:

No comments

Related manuals for API Gateway

OpenVox VS-GW2120-44W User Manual preview
VS-GW2120-44W
Brand: OpenVox Pages: 76
RTA 460ECTCP-NNA4 Product User Manual preview
460ECTCP-NNA4
Brand: RTA Pages: 81
3Com VCX V6000 Manual preview
VCX V6000
Brand: 3Com Pages: 24
NKE Hub'O Getting Started preview
Hub'O
Brand: NKE Pages: 14
Plugwise Stretch 3 Installation Manual preview
Stretch 3
Brand: Plugwise Pages: 16
Siemens SIMATIC IOT2020 Quick Install Manual preview
SIMATIC IOT2020
Brand: Siemens Pages: 2
Siemens SIMATIC IOT Gateway MQTT Installation Quick Manual preview
SIMATIC IOT Gateway MQTT
Brand: Siemens Pages: 2
Siemens MindConnect Nano Quick Start preview
MindConnect Nano
Brand: Siemens Pages: 2
Siemens Instabus/DALI Gateway N 141 Technical Product Information preview
Instabus/DALI Gateway N 141
Brand: Siemens Pages: 5
Siemens SIMATIC IOT2050 Product Information preview
SIMATIC IOT2050
Brand: Siemens Pages: 25
Siemens GAMMA 5WG1 143-1AB01 Operating And Mounting Instructions preview
GAMMA 5WG1 143-1AB01
Brand: Siemens Pages: 2
Siemens DCW1151 Installation Manual preview
DCW1151
Brand: Siemens Pages: 6
Siemens Gigaset SE567 Quick Start Manual preview
Gigaset SE567
Brand: Siemens Pages: 8
Siemens DESIGO RXC Manual preview
DESIGO RXC
Brand: Siemens Pages: 20
Siemens SIMATIC PN/M-Bus LINK Operating Instructions Manual preview
SIMATIC PN/M-Bus LINK
Brand: Siemens Pages: 62
Siemens HiPath HG 1500 Service Manual preview
HiPath HG 1500
Brand: Siemens Pages: 43
Siemens Cerberus GW-21 Technical Manual preview
Cerberus GW-21
Brand: Siemens Pages: 44
Siemens ProtoAir FPA-W44 Startup Manual preview
ProtoAir FPA-W44
Brand: Siemens Pages: 66

Brands by name

Popular brands

Load more brands