1.
2.
Modify or Replace the Leaked Key
To modify the Key-Secret pair once a key is leaked or to substitute a key bound to an API with
another key, proceed the following steps:
Configure the backend to support two keys: the original key and to-be-modified or
replaced key, so that the request during the switching process can pass signature
verification regardless the key modification or replacement.
After the backend is configured, modify the key. Verify that the new Key and Secret take
effect and delete the leaked or obsolete key.
Throttling
What is throttling policy
You can set throttling for APIs, users, and apps by minute, hour, or day, or you can sort out the
specific users or apps with designated throttling policy. The throttling policy is described as follows:
Throttling policy contains the following dimensions:
The three values can be set in one throttling policy. Note that the user traffic limit
API traffic limit
The call times within a unit time for the
API bound by the policy must not exceed
the set value. The time unit may be
minute, hour, or day, for example, 5,000
times per minute.
App traffic limit
The call times called by each app within a
unit time for an API bound to the policy
must not exceed the set value, for
example, 50,000 times per hour.
User traffic limit
The call times called by each Alibaba
Cloud account within a unit time must
not exceed the set value. An Alibaba
Cloud account may have multiple apps.
The traffic limit for an Alibaba Cloud
account is exactly the limit on the total
traffic of all apps in this account. For
example, the traffic may be 500,000 times
per day.
API Gateway
User Guide for Providers
8
