diff --git a/docs/apig/umn/ALL_META.TXT.json b/docs/apig/umn/ALL_META.TXT.json
new file mode 100644
index 000000000..996de1867
--- /dev/null
+++ b/docs/apig/umn/ALL_META.TXT.json
@@ -0,0 +1,1652 @@
+[
+ {
+ "uri":"apig-ug-0016.html",
+ "product_code":"apig",
+ "code":"1",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Service Overview",
+ "title":"Service Overview",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0017.html",
+ "product_code":"apig",
+ "code":"2",
+ "des":"API Gateway (APIG) is a high-performance, high-availability, and high-security API hosting service that helps you build, manage, and deploy APIs at any scale. With just a",
+ "doc_type":"productdesc",
+ "kw":"What Is APIG?,Service Overview,User Guide",
+ "title":"What Is APIG?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-zh-pd-180307002.html",
+ "product_code":"apig",
+ "code":"3",
+ "des":"You can quickly create APIs by configuring the required settings on the API Gateway console. API Gateway provides an inline debugging tool to simplify API development, an",
+ "doc_type":"productdesc",
+ "kw":"Product Advantages,Service Overview,User Guide",
+ "title":"Product Advantages",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-zh-pd-180307003.html",
+ "product_code":"apig",
+ "code":"4",
+ "des":"As enterprises develop rapidly with quick business changes, internal systems of enterprises need to keep pace with the development. However, it is difficult to ensure sys",
+ "doc_type":"productdesc",
+ "kw":"Application Scenarios,Service Overview,User Guide",
+ "title":"Application Scenarios",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-specifications.html",
+ "product_code":"",
+ "code":"5",
+ "des":"Table 1 lists the specifications of dedicated API gateways.For dedicated gateways, you can adjust the maximum number of requests per second for each API.The specification",
+ "doc_type":"",
+ "kw":"Specifications,Service Overview,User Guide",
+ "title":"Specifications",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-zh-pd-180307005.html",
+ "product_code":"apig",
+ "code":"6",
+ "des":"To change the default restrictions, increase the quota by referring to Help Center > Others > FAQs > How Do I Apply for a Higher Quota?",
+ "doc_type":"productdesc",
+ "kw":"Notes and Constraints,Service Overview,User Guide",
+ "title":"Notes and Constraints",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-pd-190529006.html",
+ "product_code":"",
+ "code":"7",
+ "des":"If you need to assign different permissions to employees in your enterprise to access your APIG resources, Identity and Access Management (IAM) is a good choice for fine-",
+ "doc_type":"",
+ "kw":"Permissions Management,Service Overview,User Guide",
+ "title":"Permissions Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-zh-pd-180307004.html",
+ "product_code":"apig",
+ "code":"8",
+ "des":"A set of predefined functions that encapsulates application capabilities. You can create APIs and make them accessible to users.When creating an API, you need to configur",
+ "doc_type":"productdesc",
+ "kw":"Basic Concepts,Service Overview,User Guide",
+ "title":"Basic Concepts",
+ "githuburl":""
+ },
+ {
+ "uri":"en-us_topic_0080101651.html",
+ "product_code":"apig",
+ "code":"9",
+ "des":"API Gateway (APIG) is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With APIG, ",
+ "doc_type":"usermanual",
+ "kw":"Using APIG,User Guide",
+ "title":"Using APIG",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0012.html",
+ "product_code":"apig",
+ "code":"10",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Getting Started",
+ "title":"Getting Started",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0013.html",
+ "product_code":"apig",
+ "code":"11",
+ "des":"API Gateway (APIG) is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With APIG, ",
+ "doc_type":"usermanual",
+ "kw":"Introduction,Getting Started,User Guide",
+ "title":"Introduction",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307001.html",
+ "product_code":"apig",
+ "code":"12",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Opening APIs",
+ "title":"Opening APIs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307002.html",
+ "product_code":"apig",
+ "code":"13",
+ "des":"The following figure shows the process of exposing an API.Creating a GatewayBuy a dedicated gateway. For details, see Buying a Dedicated Gateway.Buy a dedicated gateway. ",
+ "doc_type":"usermanual",
+ "kw":"Process Flow,Opening APIs,User Guide",
+ "title":"Process Flow",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307003.html",
+ "product_code":"apig",
+ "code":"14",
+ "des":"API group informationParameterDescriptionNameAPI group name. It is recommended that you enter a name based on naming rules to facilitate search.DescriptionDescription of ",
+ "doc_type":"usermanual",
+ "kw":"Creating an API Group,Opening APIs,User Guide",
+ "title":"Creating an API Group",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-190419107.html",
+ "product_code":"apig",
+ "code":"15",
+ "des":"The independent domain name must be registered and resolved. For details, see \"Prerequisites\" in Binding a Domain Name.",
+ "doc_type":"usermanual",
+ "kw":"Binding a Domain Name,Opening APIs,User Guide",
+ "title":"Binding a Domain Name",
+ "githuburl":""
+ },
+ {
+ "uri":"en-us_topic_0080101678.html",
+ "product_code":"apig",
+ "code":"16",
+ "des":"Create an API with the following steps:Setting Basic InformationDefining API RequestDefining Backend ServiceDefining ResponsesSetting basic informationParameterDescriptio",
+ "doc_type":"usermanual",
+ "kw":"Creating an API,Opening APIs,User Guide",
+ "title":"Creating an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-190419108.html",
+ "product_code":"apig",
+ "code":"17",
+ "des":"If the API is called successfully, the status code 200 is displayed.",
+ "doc_type":"usermanual",
+ "kw":"Debugging an API,Opening APIs,User Guide",
+ "title":"Debugging an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307004.html",
+ "product_code":"apig",
+ "code":"18",
+ "des":"Environment informationParameterDescriptionNameEnvironment name. It is recommended that you enter a name based on naming rules to facilitate search.DescriptionDescription",
+ "doc_type":"usermanual",
+ "kw":"(Optional) Creating an Environment,Opening APIs,User Guide",
+ "title":"(Optional) Creating an Environment",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307005.html",
+ "product_code":"apig",
+ "code":"19",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Publishing an API,Opening APIs,User Guide",
+ "title":"Publishing an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307007.html",
+ "product_code":"apig",
+ "code":"20",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Calling APIs",
+ "title":"Calling APIs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307008.html",
+ "product_code":"apig",
+ "code":"21",
+ "des":"The following figure shows the process of calling an API.Obtaining an APIObtain an API and its documentation from an API provider.Obtain an API and its documentation from",
+ "doc_type":"usermanual",
+ "kw":"Process Flow,Calling APIs,User Guide",
+ "title":"Process Flow",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307010.html",
+ "product_code":"apig",
+ "code":"22",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Creating an App and Getting Authorized,Calling APIs,User Guide",
+ "title":"Creating an App and Getting Authorized",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307009.html",
+ "product_code":"apig",
+ "code":"23",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Adding an AppCode for Simple Authentication,Calling APIs,User Guide",
+ "title":"Adding an AppCode for Simple Authentication",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307011.html",
+ "product_code":"apig",
+ "code":"24",
+ "des":"Use an API test tool to configure the API calling information.For illustration purposes, an API and its documentation are obtained through offline channels. You can also ",
+ "doc_type":"usermanual",
+ "kw":"Calling an API,Calling APIs,User Guide",
+ "title":"Calling an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0006.html",
+ "product_code":"apig",
+ "code":"25",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Gateway Management",
+ "title":"Gateway Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-191004.html",
+ "product_code":"apig",
+ "code":"26",
+ "des":"This section describes how to buy a dedicated gateway. You can create APIs and use them to provide services only after a dedicated gateway is created.There are some limit",
+ "doc_type":"usermanual",
+ "kw":"Buying a Dedicated Gateway,Gateway Management,User Guide",
+ "title":"Buying a Dedicated Gateway",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-200801.html",
+ "product_code":"apig",
+ "code":"27",
+ "des":"You can modify the basic information and configuration parameters of dedicated gateways.To modify the basic information about a dedicated gateway, do as follows:",
+ "doc_type":"usermanual",
+ "kw":"Modifying a Dedicated Gateway,Gateway Management,User Guide",
+ "title":"Modifying a Dedicated Gateway",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0019.html",
+ "product_code":"",
+ "code":"28",
+ "des":"VPC endpoints are secure and private channels for connecting VPCs to VPC endpoint services.APIs can be exposed and accessed across VPCs in the same region of the same clo",
+ "doc_type":"",
+ "kw":"Managing VPC Endpoints,Gateway Management,User Guide",
+ "title":"Managing VPC Endpoints",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0008.html",
+ "product_code":"apig",
+ "code":"29",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"API Opening",
+ "title":"API Opening",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307014.html",
+ "product_code":"apig",
+ "code":"30",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"API Group Management",
+ "title":"API Group Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307015.html",
+ "product_code":"apig",
+ "code":"31",
+ "des":"Before creating an API, you must create an API group. An API group contains different APIs used for the same service.Each API can only belong to one API group.After the A",
+ "doc_type":"usermanual",
+ "kw":"Creating an API Group,API Group Management,User Guide",
+ "title":"Creating an API Group",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180327076.html",
+ "product_code":"apig",
+ "code":"32",
+ "des":"Before you open an API, you must bind one or more independent domain names to the group to which the API belongs.In a dedicated gateway, you cannot bind the same independ",
+ "doc_type":"usermanual",
+ "kw":"Binding a Domain Name,API Group Management,User Guide",
+ "title":"Binding a Domain Name",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307018.html",
+ "product_code":"apig",
+ "code":"33",
+ "des":"You can delete an API group if you do not require it.API groups that contain APIs cannot be deleted.You have created an API group.In the Operation column of the target AP",
+ "doc_type":"usermanual",
+ "kw":"Deleting an API Group,API Group Management,User Guide",
+ "title":"Deleting an API Group",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-lgug-200226001.html",
+ "product_code":"apig",
+ "code":"34",
+ "des":"A gateway response is displayed if APIG fails to process an API request. APIG provides a set of default responses and also allows you to create gateway responses with cus",
+ "doc_type":"usermanual",
+ "kw":"Adding a Gateway Response,API Group Management,User Guide",
+ "title":"Adding a Gateway Response",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307019.html",
+ "product_code":"apig",
+ "code":"35",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"API Management",
+ "title":"API Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307020.html",
+ "product_code":"apig",
+ "code":"36",
+ "des":"You can selectively expose your services by configuring their APIs in APIG.To create an API, set the basic information and define the API request, backend service, and re",
+ "doc_type":"usermanual",
+ "kw":"Creating an API,API Management,User Guide",
+ "title":"Creating an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180621094.html",
+ "product_code":"apig",
+ "code":"37",
+ "des":"For security reasons, browsers restrict cross-origin requests initiated from within scripts. This means that a web application can only request resources from its origin.",
+ "doc_type":"usermanual",
+ "kw":"CORS,API Management,User Guide",
+ "title":"CORS",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307025.html",
+ "product_code":"apig",
+ "code":"38",
+ "des":"After creating an API, debug it on the APIG console by setting HTTP headers and body parameters to verify whether the API is running normally.APIs with backend request pa",
+ "doc_type":"usermanual",
+ "kw":"Debugging an API,API Management,User Guide",
+ "title":"Debugging an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307021.html",
+ "product_code":"apig",
+ "code":"39",
+ "des":"APIs using app authentication can only be called by apps that have been authorized to call them.You can only authorize apps to call published APIs.You can authorize apps ",
+ "doc_type":"usermanual",
+ "kw":"Authorizing Apps to Call an API,API Management,User Guide",
+ "title":"Authorizing Apps to Call an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307023.html",
+ "product_code":"apig",
+ "code":"40",
+ "des":"APIs can be called only after they have been published in an environment. You can publish APIs in different environments. APIG allows you to view the publication history ",
+ "doc_type":"usermanual",
+ "kw":"Publishing an API,API Management,User Guide",
+ "title":"Publishing an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307024.html",
+ "product_code":"apig",
+ "code":"41",
+ "des":"You can remove APIs that you do not need from the environments where the APIs have been published.This operation will cause the APIs to be inaccessible in the environment",
+ "doc_type":"usermanual",
+ "kw":"Taking an API Offline,API Management,User Guide",
+ "title":"Taking an API Offline",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307027.html",
+ "product_code":"apig",
+ "code":"42",
+ "des":"You can delete published APIs you no longer require.Deleted APIs cannot be accessed by apps or users who were using the APIs, so make sure you notify users before the del",
+ "doc_type":"usermanual",
+ "kw":"Deleting an API,API Management,User Guide",
+ "title":"Deleting an API",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-181025104.html",
+ "product_code":"apig",
+ "code":"43",
+ "des":"APIG allows you to import Swagger 2.0 APIs to existing or new API groups. Swagger is an open-source tool built based on OpenAPI specifications to design, build, record, a",
+ "doc_type":"usermanual",
+ "kw":"Importing APIs,API Management,User Guide",
+ "title":"Importing APIs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-181204105.html",
+ "product_code":"apig",
+ "code":"44",
+ "des":"You can export APIs one by one or in batches as JSON or YAML files.You have created an API group and API.The export result is displayed on the right.",
+ "doc_type":"usermanual",
+ "kw":"Exporting APIs,API Management,User Guide",
+ "title":"Exporting APIs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307028.html",
+ "product_code":"apig",
+ "code":"45",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Request Throttling",
+ "title":"Request Throttling",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307029.html",
+ "product_code":"apig",
+ "code":"46",
+ "des":"Request throttling controls the number of times an API can be called within a time period to protect backend services.To provide stable, uninterrupted services, you can c",
+ "doc_type":"usermanual",
+ "kw":"Creating a Request Throttling Policy,Request Throttling,User Guide",
+ "title":"Creating a Request Throttling Policy",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307032.html",
+ "product_code":"apig",
+ "code":"47",
+ "des":"You can delete request throttling policies you no longer require.You have created a request throttling policy.In the Operation column of the request throttling policy you",
+ "doc_type":"usermanual",
+ "kw":"Deleting a Request Throttling Policy,Request Throttling,User Guide",
+ "title":"Deleting a Request Throttling Policy",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307033.html",
+ "product_code":"apig",
+ "code":"48",
+ "des":"If you want to control the number of API calls received from a specific app or tenant, add an excluded app or tenant to a request throttling policy.You have created an ap",
+ "doc_type":"usermanual",
+ "kw":"Adding an Excluded App or Tenant,Request Throttling,User Guide",
+ "title":"Adding an Excluded App or Tenant",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307035.html",
+ "product_code":"apig",
+ "code":"49",
+ "des":"You can remove excluded apps or tenants from a request throttling policy. This section takes an excluded app as an example.You have created a request throttling policy.Yo",
+ "doc_type":"usermanual",
+ "kw":"Removing an Excluded App or Tenant,Request Throttling,User Guide",
+ "title":"Removing an Excluded App or Tenant",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180712096.html",
+ "product_code":"apig",
+ "code":"50",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Access Control",
+ "title":"Access Control",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180712097.html",
+ "product_code":"apig",
+ "code":"51",
+ "des":"Access control policies are a type of security measures provided by APIG. You can use them to allow or deny API access from specific IP addresses or accounts.Access contr",
+ "doc_type":"usermanual",
+ "kw":"Creating an Access Control Policy,Access Control,User Guide",
+ "title":"Creating an Access Control Policy",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180712100.html",
+ "product_code":"apig",
+ "code":"52",
+ "des":"You can delete access control policies you no longer require.You have created an access control policy.In the Operation column of the access control policy you want to de",
+ "doc_type":"usermanual",
+ "kw":"Deleting an Access Control Policy,Access Control,User Guide",
+ "title":"Deleting an Access Control Policy",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307036.html",
+ "product_code":"apig",
+ "code":"53",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Environment Management",
+ "title":"Environment Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307037.html",
+ "product_code":"apig",
+ "code":"54",
+ "des":"An API can be called in different environments, such as production, testing, and development environments. RELEASE is the default environment provided by APIG. You can de",
+ "doc_type":"usermanual",
+ "kw":"Creating an Environment and Environment Variable,Environment Management,User Guide",
+ "title":"Creating an Environment and Environment Variable",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307039.html",
+ "product_code":"apig",
+ "code":"55",
+ "des":"You can delete environments you no longer require.You have created an environment.You can delete an environment only if no APIs have been published in the environment.",
+ "doc_type":"usermanual",
+ "kw":"Deleting an Environment,Environment Management,User Guide",
+ "title":"Deleting an Environment",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307040.html",
+ "product_code":"apig",
+ "code":"56",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Signature Key Management",
+ "title":"Signature Key Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307041.html",
+ "product_code":"apig",
+ "code":"57",
+ "des":"Signature keys are used by backend services to verify the identity of APIG.A signature key consists of a key and secret, and can be used only after being bound to an API.",
+ "doc_type":"usermanual",
+ "kw":"Creating and Using a Signature Key,Signature Key Management,User Guide",
+ "title":"Creating and Using a Signature Key",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307045.html",
+ "product_code":"apig",
+ "code":"58",
+ "des":"You can delete signature keys you no longer require.You have created a signature key.In the Operation column of the signature key you want to delete, click Delete.Click t",
+ "doc_type":"usermanual",
+ "kw":"Deleting a Signature Key,Signature Key Management,User Guide",
+ "title":"Deleting a Signature Key",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180425080.html",
+ "product_code":"apig",
+ "code":"59",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"VPC Channel Management",
+ "title":"VPC Channel Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180425081.html",
+ "product_code":"apig",
+ "code":"60",
+ "des":"VPC channels allow services deployed in VPCs to be accessed through their subnets, lowering latency and balancing loads of backend services.After creating a VPC channel, ",
+ "doc_type":"usermanual",
+ "kw":"Creating a VPC Channel,VPC Channel Management,User Guide",
+ "title":"Creating a VPC Channel",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180425083.html",
+ "product_code":"apig",
+ "code":"61",
+ "des":"You can delete VPC channels you no longer require.VPC channels that are currently in use by published APIs cannot be deleted.You have created a VPC channel.In the Operati",
+ "doc_type":"usermanual",
+ "kw":"Deleting a VPC Channel,VPC Channel Management,User Guide",
+ "title":"Deleting a VPC Channel",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180425084.html",
+ "product_code":"apig",
+ "code":"62",
+ "des":"You can modify the health check configurations of a VPC channel to meet service requirements.You have created a VPC channel.Health check configurationsParameterDescriptio",
+ "doc_type":"usermanual",
+ "kw":"Editing Health Check Configurations,VPC Channel Management,User Guide",
+ "title":"Editing Health Check Configurations",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180502087.html",
+ "product_code":"apig",
+ "code":"63",
+ "des":"You can add or remove cloud servers and edit cloud server weights for VPC channels to meet service requirements.You have created a VPC channel.Adding cloud serversClick S",
+ "doc_type":"usermanual",
+ "kw":"Editing Cloud Server Configurations of a VPC Channel,VPC Channel Management,User Guide",
+ "title":"Editing Cloud Server Configurations of a VPC Channel",
+ "githuburl":""
+ },
+ {
+ "uri":"apic-ug-190430104.html",
+ "product_code":"apig",
+ "code":"64",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Custom Authorizers",
+ "title":"Custom Authorizers",
+ "githuburl":""
+ },
+ {
+ "uri":"apic-ug-190430105.html",
+ "product_code":"apig",
+ "code":"65",
+ "des":"This feature is currently unavailable because FunctionGraph has not been launched.APIG supports custom authentication of both frontend and backend requests.Frontend custo",
+ "doc_type":"usermanual",
+ "kw":"Creating a Custom Authorizer,Custom Authorizers,User Guide",
+ "title":"Creating a Custom Authorizer",
+ "githuburl":""
+ },
+ {
+ "uri":"apic-ug-190430106.html",
+ "product_code":"apig",
+ "code":"66",
+ "des":"You can delete custom authorizers you no longer require.Custom authentication is implemented using FunctionGraph and not supported if FunctionGraph is unavailable in the ",
+ "doc_type":"usermanual",
+ "kw":"Deleting a Custom Authorizer,Custom Authorizers,User Guide",
+ "title":"Deleting a Custom Authorizer",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0001.html",
+ "product_code":"apig",
+ "code":"67",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Plug-ins",
+ "title":"Plug-ins",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0004.html",
+ "product_code":"apig",
+ "code":"68",
+ "des":"APIG provides flexible extension capabilities for APIs through plug-ins.Plug-in parameters will be stored as plaintext. To prevent information leakage, do not contain sen",
+ "doc_type":"usermanual",
+ "kw":"Creating a Plug-in,Plug-ins,User Guide",
+ "title":"Creating a Plug-in",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0002.html",
+ "product_code":"apig",
+ "code":"69",
+ "des":"For security purposes, the browser restricts cross-domain requests from being initiated from a page script. In this case, the page can access only the resources from the ",
+ "doc_type":"usermanual",
+ "kw":"CORS Plug-in,Plug-ins,User Guide",
+ "title":"CORS Plug-in",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0005.html",
+ "product_code":"apig",
+ "code":"70",
+ "des":"HTTP response headers are part of the response returned by APIG to a client that calls an API. You can customize HTTP response headers that will be contained in an API re",
+ "doc_type":"usermanual",
+ "kw":"HTTP Response Header Management Plug-in,Plug-ins,User Guide",
+ "title":"HTTP Response Header Management Plug-in",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0015.html",
+ "product_code":"",
+ "code":"71",
+ "des":"The request throttling plug-in limits the number of times an API can be called within a specific time period. It supports parameter-based, basic, and excluded throttling.",
+ "doc_type":"",
+ "kw":"Request Throttling Plug-in,Plug-ins,User Guide",
+ "title":"Request Throttling Plug-in",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0003.html",
+ "product_code":"apig",
+ "code":"72",
+ "des":"You can delete plug-ins you no longer require. To delete a plug-in that has been bound to APIs, unbind the plug-in from the APIs and then delete it.You have created a plu",
+ "doc_type":"usermanual",
+ "kw":"Deleting a Plug-in,Plug-ins,User Guide",
+ "title":"Deleting a Plug-in",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180413077.html",
+ "product_code":"apig",
+ "code":"73",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Monitoring",
+ "title":"Monitoring",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180427085.html",
+ "product_code":"apig",
+ "code":"74",
+ "des":"This section describes the metrics that APIG reports to the Cloud Eye service. You can view metrics and alarms by using the Cloud Eye console.Dedicated gateway: SYS.APIC",
+ "doc_type":"usermanual",
+ "kw":"APIG Metrics,Monitoring,User Guide",
+ "title":"APIG Metrics",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180524089.html",
+ "product_code":"apig",
+ "code":"75",
+ "des":"You can create alarm rules to monitor the status of your APIs.An alarm rule consists of a rule name, monitored objects, metrics, alarm thresholds, monitoring interval, an",
+ "doc_type":"usermanual",
+ "kw":"Creating Alarm Rules,Monitoring,User Guide",
+ "title":"Creating Alarm Rules",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180427086.html",
+ "product_code":"apig",
+ "code":"76",
+ "des":"Cloud Eye monitors the status of your APIs and allows you to view their metrics.You have created an API group and API.API metrics are displayed on the Dashboard tab page.",
+ "doc_type":"usermanual",
+ "kw":"Viewing Metrics,Monitoring,User Guide",
+ "title":"Viewing Metrics",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0009.html",
+ "product_code":"apig",
+ "code":"77",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"API Calling",
+ "title":"API Calling",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307048.html",
+ "product_code":"apig",
+ "code":"78",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"App Management",
+ "title":"App Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307049.html",
+ "product_code":"apig",
+ "code":"79",
+ "des":"For an API that uses app authentication, you can create an app and use the app and its ID and key pair (AppKey and AppSecret) to call the API. You can use an app to call ",
+ "doc_type":"usermanual",
+ "kw":"Creating an App and Obtaining Authorization,App Management,User Guide",
+ "title":"Creating an App and Obtaining Authorization",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307051.html",
+ "product_code":"apig",
+ "code":"80",
+ "des":"You can delete apps you no longer require.You have created an app.In the Operation column of the app you want to delete, click Delete.Click the name of the target app, an",
+ "doc_type":"usermanual",
+ "kw":"Deleting an App,App Management,User Guide",
+ "title":"Deleting an App",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307053.html",
+ "product_code":"apig",
+ "code":"81",
+ "des":"You can reset the AppSecret of an app. The AppKey is unique and cannot be reset. When you reset the AppSecret, it becomes invalid and APIs bound to the app cannot be call",
+ "doc_type":"usermanual",
+ "kw":"Resetting the AppSecret of an App,App Management,User Guide",
+ "title":"Resetting the AppSecret of an App",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-lgug-200227001.html",
+ "product_code":"apig",
+ "code":"82",
+ "des":"AppCodes are identity credentials of an app used to call APIs in simple authentication mode. In this mode, the X-Apig-AppCode parameter (whose value is an AppCode on the ",
+ "doc_type":"usermanual",
+ "kw":"Adding an AppCode for Simple Authentication,App Management,User Guide",
+ "title":"Adding an AppCode for Simple Authentication",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307054.html",
+ "product_code":"apig",
+ "code":"83",
+ "des":"You can view the details of an API to which an app has been bound.You have created an app.The app has been bound to an API.",
+ "doc_type":"usermanual",
+ "kw":"Viewing API Details,App Management,User Guide",
+ "title":"Viewing API Details",
+ "githuburl":""
+ },
+ {
+ "uri":"en-us_topic_0000001174497029.html",
+ "product_code":"apig",
+ "code":"84",
+ "des":"This section describes how to obtain and analyze the API calling logs of dedicated gateways.APIs have been called.Fields in access logs are separated using spaces. The fo",
+ "doc_type":"usermanual",
+ "kw":"Log Analysis,API Calling,User Guide",
+ "title":"Log Analysis",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0010.html",
+ "product_code":"apig",
+ "code":"85",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Calling Published APIs",
+ "title":"Calling Published APIs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0011.html",
+ "product_code":"apig",
+ "code":"86",
+ "des":"Before calling APIs, obtain the request information from the API provider, including the access domain name, protocol, method, path, and request parameters.Obtain APIs: f",
+ "doc_type":"usermanual",
+ "kw":"Calling APIs,Calling Published APIs,User Guide",
+ "title":"Calling APIs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180830102.html",
+ "product_code":"apig",
+ "code":"87",
+ "des":"The following table describes the response headers that APIG adds to the response returned when an API is called.X-Apig-Mode: debug indicates API debugging information.",
+ "doc_type":"usermanual",
+ "kw":"Response Headers,Calling Published APIs,User Guide",
+ "title":"Response Headers",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180530090.html",
+ "product_code":"apig",
+ "code":"88",
+ "des":"Table 1 lists the error codes that you may encounter when calling APIs.For details about the error codes that may occur when you manage APIs, see section \"Error Codes\" in",
+ "doc_type":"usermanual",
+ "kw":"Error Codes,Calling Published APIs,User Guide",
+ "title":"Error Codes",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-190529107.html",
+ "product_code":"apig",
+ "code":"89",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Permissions Management",
+ "title":"Permissions Management",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-190529109.html",
+ "product_code":"apig",
+ "code":"90",
+ "des":"This topic describes how to use Identity and Access Management (IAM) to implement permissions control for your APIG resources. With IAM, you can:Create IAM users for empl",
+ "doc_type":"usermanual",
+ "kw":"Creating a User and Granting APIG Permissions,Permissions Management,User Guide",
+ "title":"Creating a User and Granting APIG Permissions",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-custom-policy.html",
+ "product_code":"apig",
+ "code":"91",
+ "des":"Custom policies can be created to supplement the system-defined policies of APIG. For the actions that can be added to custom policies, see section \"Permissions Policies ",
+ "doc_type":"usermanual",
+ "kw":"APIG Custom Policies,Permissions Management,User Guide",
+ "title":"APIG Custom Policies",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0020.html",
+ "product_code":"",
+ "code":"92",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"Key Operations Recorded by CTS",
+ "title":"Key Operations Recorded by CTS",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307058.html",
+ "product_code":"apig",
+ "code":"93",
+ "des":"If you want to collect, record, or query operation logs for APIG in common scenarios such as security analysis, audit, and problem locating, enable Cloud Trace Service (C",
+ "doc_type":"usermanual",
+ "kw":"APIG operations that can be recorded by CTS,Key Operations Recorded by CTS,User Guide",
+ "title":"APIG operations that can be recorded by CTS",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-0021.html",
+ "product_code":"",
+ "code":"94",
+ "des":"Query audit logs by following the procedure in section \"Querying Real-Time Traces\" in the Cloud Trace Service User Guide.",
+ "doc_type":"",
+ "kw":"Querying Audit Logs,Key Operations Recorded by CTS,User Guide",
+ "title":"Querying Audit Logs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-ug-cmccfaq.html",
+ "product_code":"apig",
+ "code":"95",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"FAQs",
+ "title":"FAQs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190803.html",
+ "product_code":"",
+ "code":"96",
+ "des":"How Do I Set the Backend Address If I Will Not Use a VPC Channel (or Load Balance Channel)?How Can I Configure the Backend Service Address?Can I Specify a Private Network",
+ "doc_type":"",
+ "kw":"Common FAQs,FAQs,User Guide",
+ "title":"Common FAQs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-create.html",
+ "product_code":"",
+ "code":"97",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"API Creation",
+ "title":"API Creation",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005007.html",
+ "product_code":"apig",
+ "code":"98",
+ "des":"The creation of APIs is free of charge. If you cannot create APIs, your account must be in arrears.",
+ "doc_type":"usermanual",
+ "kw":"Why Can't I Create APIs?,API Creation,User Guide",
+ "title":"Why Can't I Create APIs?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005001.html",
+ "product_code":"apig",
+ "code":"99",
+ "des":"API responses are defined by backend services (API providers). API Gateway (APIG) only transparently transmits responses to API callers.",
+ "doc_type":"usermanual",
+ "kw":"How Do I Define Response Codes for an API?,API Creation,User Guide",
+ "title":"How Do I Define Response Codes for an API?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005002.html",
+ "product_code":"apig",
+ "code":"100",
+ "des":"Use the port of the API backend service.",
+ "doc_type":"usermanual",
+ "kw":"How Do I Specify the Host Port for a VPC Channel (or Load Balance Channel)?,API Creation,User Guide",
+ "title":"How Do I Specify the Host Port for a VPC Channel (or Load Balance Channel)?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005004.html",
+ "product_code":"apig",
+ "code":"101",
+ "des":"You can specify the backend address as a public domain name or a public IP address, such as the Elastic IP (EIP) of an Elastic Cloud Server (ECS).",
+ "doc_type":"usermanual",
+ "kw":"How Do I Set the Backend Address If I Will Not Use a VPC Channel (or Load Balance Channel)?,API Crea",
+ "title":"How Do I Set the Backend Address If I Will Not Use a VPC Channel (or Load Balance Channel)?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190627028.html",
+ "product_code":"",
+ "code":"102",
+ "des":"Configure the backend service address as an ECS EIP, or the public IP address or domain name of your own server.",
+ "doc_type":"",
+ "kw":"How Can I Configure the Backend Service Address?,API Creation,User Guide",
+ "title":"How Can I Configure the Backend Service Address?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005003.html",
+ "product_code":"apig",
+ "code":"103",
+ "des":"For dedicated gateways, you can use private network load balancer addresses.Alternatively, you can use the EIP bound to a public network load balancer.",
+ "doc_type":"usermanual",
+ "kw":"Can I Specify a Private Network Load Balancer Address for the Backend Service?,API Creation,User Gui",
+ "title":"Can I Specify a Private Network Load Balancer Address for the Backend Service?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005006.html",
+ "product_code":"apig",
+ "code":"104",
+ "des":"If you use a dedicated gateway, you can specify either an IP address that belongs to the same subnet where the gateway is deployed, or the private address of a local data",
+ "doc_type":"usermanual",
+ "kw":"Can I Specify the Backend Address as a Subnet IP Address?,API Creation,User Guide",
+ "title":"Can I Specify the Backend Address as a Subnet IP Address?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180606012.html",
+ "product_code":"",
+ "code":"105",
+ "des":"Yes. APIG supports the configuration of multiple backend endpoints through a VPC channel (also called \"load balance channel\"). You can add multiple cloud servers to each ",
+ "doc_type":"",
+ "kw":"Does APIG Support Multiple Backend Endpoints?,API Creation,User Guide",
+ "title":"Does APIG Support Multiple Backend Endpoints?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005009.html",
+ "product_code":"apig",
+ "code":"106",
+ "des":"If you are using a dedicated gateway, add an A record that points the independent domain name to the inbound access address of the gateway. You can bind five independent ",
+ "doc_type":"usermanual",
+ "kw":"What Should I Do After Applying for an Independent Domain Name?,API Creation,User Guide",
+ "title":"What Should I Do After Applying for an Independent Domain Name?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005021.html",
+ "product_code":"apig",
+ "code":"107",
+ "des":"In a dedicated gateway, you can add a private domain name, and add an A record to point the domain name to the inbound access address of the gateway.",
+ "doc_type":"usermanual",
+ "kw":"Can I Bind Private Domain Names for API Access?,API Creation,User Guide",
+ "title":"Can I Bind Private Domain Names for API Access?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190627027.html",
+ "product_code":"",
+ "code":"108",
+ "des":"Ensure that CORS has been enabled for the API.Go to the API details page, click Edit, and check whether CORS is enabled. If it is not, enable it.Go to the API details pag",
+ "doc_type":"",
+ "kw":"Why Does an API Failed to Be Called Across Domains?,API Creation,User Guide",
+ "title":"Why Does an API Failed to Be Called Across Domains?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180919017.html",
+ "product_code":"",
+ "code":"109",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"API Calling",
+ "title":"API Calling",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005010.html",
+ "product_code":"apig",
+ "code":"110",
+ "des":"API calling failures may occur in three scenarios: within a VPC, between VPCs, and on a public network.Within a VPC: Check whether the domain name is the same as that aut",
+ "doc_type":"usermanual",
+ "kw":"What Are the Possible Causes for an API Calling Failure?,API Calling,User Guide",
+ "title":"What Are the Possible Causes for an API Calling Failure?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005012.html",
+ "product_code":"apig",
+ "code":"111",
+ "des":"If an error code is returned when you call your own APIs, see User Guide > Calling Published APIs > Error Codes.If an error code is returned when you manage your APIs, se",
+ "doc_type":"usermanual",
+ "kw":"What Should I Do If an Error Code Is Returned During API Calling?,API Calling,User Guide",
+ "title":"What Should I Do If an Error Code Is Returned During API Calling?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005022.html",
+ "product_code":"apig",
+ "code":"112",
+ "des":"The request URL (including request parameters) is too long. Place the request parameters in the request body and try again.",
+ "doc_type":"usermanual",
+ "kw":"Why Am I Seeing the Error Message \"414 Request-URI Too Large\" When I Call an API?,API Calling,User G",
+ "title":"Why Am I Seeing the Error Message \"414 Request-URI Too Large\" When I Call an API?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-19123002.html",
+ "product_code":"",
+ "code":"113",
+ "des":"If an open API in APIG failed to be called, troubleshoot the failure by performing the following operations:The domain name, request method, or path used for calling the ",
+ "doc_type":"",
+ "kw":"What Should I Do If \"The API does not exist or has not been published in the environment.\" Is Displa",
+ "title":"What Should I Do If \"The API does not exist or has not been published in the environment.\" Is Displayed?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-181016018.html",
+ "product_code":"",
+ "code":"114",
+ "des":"Check whether the backend service is accessible, and modify the backend service if it is inaccessible.Check the ECS security group configurations of the backend service a",
+ "doc_type":"",
+ "kw":"Why Am I Seeing the Message \"No backend available\"?,API Calling,User Guide",
+ "title":"Why Am I Seeing the Message \"No backend available\"?",
+ "githuburl":""
+ },
+ {
+ "uri":"en-us_topic_0087908599.html",
+ "product_code":"",
+ "code":"115",
+ "des":"The following table lists the possible causes if a backend service fails to be invoked or the invocation times out.",
+ "doc_type":"",
+ "kw":"What Are the Possible Causes If the Message \"Backend unavailable\" or \"Backend timeout\" Is Displayed?",
+ "title":"What Are the Possible Causes If the Message \"Backend unavailable\" or \"Backend timeout\" Is Displayed?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-0004.html",
+ "product_code":"",
+ "code":"116",
+ "des":"An error message indicating a domain name resolution failure is displayed when the backend service is called, although private domain name resolution is completed for the",
+ "doc_type":"",
+ "kw":"Why Am I Seeing the Message \"Backend domain name resolution failed\" When a Backend Service Is Called",
+ "title":"Why Am I Seeing the Message \"Backend domain name resolution failed\" When a Backend Service Is Called?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-19122004.html",
+ "product_code":"",
+ "code":"117",
+ "des":"Modification of the backend_timeout parameter in a dedicated gateway does not take effect.The Timeout (ms) parameter on the Define Backend Request page is not modified.Lo",
+ "doc_type":"",
+ "kw":"Why Doesn't Modification of the backend_timeout Parameter Take Effect?,API Calling,User Guide",
+ "title":"Why Doesn't Modification of the backend_timeout Parameter Take Effect?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005011.html",
+ "product_code":"apig",
+ "code":"118",
+ "des":"By default, the API in the RELEASE environment is called. If you want to call the same API in another environment, add the request header X-Stage to specify the environme",
+ "doc_type":"usermanual",
+ "kw":"How Do I Switch the Environment for API Calling?,API Calling,User Guide",
+ "title":"How Do I Switch the Environment for API Calling?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180606013.html",
+ "product_code":"",
+ "code":"119",
+ "des":"Dedicated gateway: APIG forwards only API requests whose body is no larger than 12 MB. If your gateway will receive requests with a body larger than 12 MB, modify the req",
+ "doc_type":"",
+ "kw":"What Is the Maximum Size of an API Request Package?,API Calling,User Guide",
+ "title":"What Is the Maximum Size of an API Request Package?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190515025.html",
+ "product_code":"",
+ "code":"120",
+ "des":"APIG provides SDKs and demos in multiple languages, such as Java, Python, C, PHP, and Go, for app authentication. To use Objective-C (for iOS) or other languages, see Dev",
+ "doc_type":"",
+ "kw":"How Do I Perform App Authentication in iOS System?,API Calling,User Guide",
+ "title":"How Do I Perform App Authentication in iOS System?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190627029.html",
+ "product_code":"",
+ "code":"121",
+ "des":"The header parameter x-auth-token has already been defined in APIG. To use this parameter to call an API, add the parameter and its value to the request header.",
+ "doc_type":"",
+ "kw":"Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authenticatio",
+ "title":"Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authentication?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190627030.html",
+ "product_code":"",
+ "code":"122",
+ "des":"How many apps can I create?You can create a maximum of 50 apps.How do I isolate the calling information among the third parties that call the same API through app authent",
+ "doc_type":"",
+ "kw":"App FAQs,API Calling,User Guide",
+ "title":"App FAQs",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180307004.html",
+ "product_code":"",
+ "code":"123",
+ "des":"Yes, mobile apps can call APIs. In app authentication mode, the AppKey and AppSecret of a mobile app are replaced with those in the relevant SDK to sign the app.",
+ "doc_type":"",
+ "kw":"Can Mobile Apps Call APIs?,API Calling,User Guide",
+ "title":"Can Mobile Apps Call APIs?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180307008.html",
+ "product_code":"",
+ "code":"124",
+ "des":"Yes, applications deployed in a VPC can call APIs by default. If domain name resolution fails, configure a DNS server on the current endpoint by following the instruction",
+ "doc_type":"",
+ "kw":"Can Applications Deployed in a VPC Call APIs?,API Calling,User Guide",
+ "title":"Can Applications Deployed in a VPC Call APIs?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190627033.html",
+ "product_code":"",
+ "code":"125",
+ "des":"APIG supports WebSocket data transmission. When creating an API, you can select HTTP, HTTPS, or HTTP&HTTPS. HTTP is equivalent to WebSocket (ws), and HTTPS is equivalent ",
+ "doc_type":"",
+ "kw":"How Do I Implement WebSocket Data Transmission?,API Calling,User Guide",
+ "title":"How Do I Implement WebSocket Data Transmission?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-19122001.html",
+ "product_code":"",
+ "code":"126",
+ "des":"Yes. But you should use persistent connections properly to avoid occupying too many resources.",
+ "doc_type":"",
+ "kw":"Does APIG Support Persistent Connections?,API Calling,User Guide",
+ "title":"Does APIG Support Persistent Connections?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-19123001.html",
+ "product_code":"",
+ "code":"127",
+ "des":"If multiple backend policies are configured for an API, APIG will match the backend policies in sequence. If an API request matches one of the backend policies, APIG imme",
+ "doc_type":"",
+ "kw":"How Will the Requests for an API with Multiple Backend Policies Be Matched and Executed?,API Calling",
+ "title":"How Will the Requests for an API with Multiple Backend Policies Be Matched and Executed?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-19122003.html",
+ "product_code":"",
+ "code":"128",
+ "des":"No.",
+ "doc_type":"",
+ "kw":"Is There a Limit on the Size of the Response to an API Request?,API Calling,User Guide",
+ "title":"Is There a Limit on the Size of the Response to an API Request?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-0007.html",
+ "product_code":"",
+ "code":"129",
+ "des":"Enable public access for the relevant gateway to allow external services to call APIs.If you encounter a network problem when calling APIs, see What Are the Possible Caus",
+ "doc_type":"",
+ "kw":"How Can I Access Backend Services over Public Networks Through APIG?,API Calling,User Guide",
+ "title":"How Can I Access Backend Services over Public Networks Through APIG?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-auth.html",
+ "product_code":"",
+ "code":"130",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"API Authentication",
+ "title":"API Authentication",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005013.html",
+ "product_code":"apig",
+ "code":"131",
+ "des":"Dedicated gateway: Yes.Backend two-way authentication: When creating an API, enable two-way authentication for the backend service. For details, see the description about",
+ "doc_type":"usermanual",
+ "kw":"Does APIG Support HTTPS Two-Way Authentication?,API Authentication,User Guide",
+ "title":"Does APIG Support HTTPS Two-Way Authentication?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005020.html",
+ "product_code":"apig",
+ "code":"132",
+ "des":"To call APIs that do not require authentication, construct standard HTTP requests and send them to APIG.APIG transparently transmits requests to call an API that does not",
+ "doc_type":"usermanual",
+ "kw":"How Do I Call an API That Does Not Require Authentication?,API Authentication,User Guide",
+ "title":"How Do I Call an API That Does Not Require Authentication?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005015.html",
+ "product_code":"apig",
+ "code":"133",
+ "des":"APIG supports TLS 1.1 and TLS 1.2, but does not support TLS 1.0 or TLS 1.3.",
+ "doc_type":"usermanual",
+ "kw":"Which TLS Versions Does APIG Support?,API Authentication,User Guide",
+ "title":"Which TLS Versions Does APIG Support?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005016.html",
+ "product_code":"apig",
+ "code":"134",
+ "des":"Yes. For details, see \"Custom Authorizers\" in the User Guide.",
+ "doc_type":"usermanual",
+ "kw":"Does APIG Support Custom Authentication?,API Authentication,User Guide",
+ "title":"Does APIG Support Custom Authentication?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005018.html",
+ "product_code":"apig",
+ "code":"135",
+ "des":"Yes. The request body is another element that needs to be signed in addition to the mandatory request header parameters. For example, when an API used to upload a file us",
+ "doc_type":"usermanual",
+ "kw":"Will the Request Body Be Signed for Security Authentication?,API Authentication,User Guide",
+ "title":"Will the Request Body Be Signed for Security Authentication?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-0003.html",
+ "product_code":"",
+ "code":"136",
+ "des":"You may encounter the following errors related to IAM authentication information:Incorrect IAM authentication information: verify aksk signature failIncorrect IAM authent",
+ "doc_type":"",
+ "kw":"Common Errors Related to IAM Authentication Information,API Authentication,User Guide",
+ "title":"Common Errors Related to IAM Authentication Information",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-0002.html",
+ "product_code":"",
+ "code":"137",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"API Control Policies",
+ "title":"API Control Policies",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005032.html",
+ "product_code":"apig",
+ "code":"138",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Request Throttling",
+ "title":"Request Throttling",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005026.html",
+ "product_code":"apig",
+ "code":"139",
+ "des":"No, but you can limit the maximum number of API calls allowed within a specific period of time.",
+ "doc_type":"usermanual",
+ "kw":"Can I Configure the Maximum Number of Concurrent Requests?,Request Throttling,User Guide",
+ "title":"Can I Configure the Maximum Number of Concurrent Requests?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-190627032.html",
+ "product_code":"",
+ "code":"140",
+ "des":"Yes.",
+ "doc_type":"",
+ "kw":"Is the Restriction of 1000 Requests to a Subdomain Name Applied to Enterprise Accounts?,Request Thro",
+ "title":"Is the Restriction of 1000 Requests to a Subdomain Name Applied to Enterprise Accounts?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-19122002.html",
+ "product_code":"",
+ "code":"141",
+ "des":"Dedicated gateways have bandwidth limits. When you create a dedicated gateway, you can set the bandwidth for public inbound and outbound access.",
+ "doc_type":"",
+ "kw":"Does APIG Has Bandwidth Limits?,Request Throttling,User Guide",
+ "title":"Does APIG Has Bandwidth Limits?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-0001.html",
+ "product_code":"",
+ "code":"142",
+ "des":"API call limit or source IP address request limit of the policy does not take effect.Check whether the policy has been bound to an API.Check whether the policy has been b",
+ "doc_type":"",
+ "kw":"Why Doesn't a Request Throttling Policy Take Effect?,Request Throttling,User Guide",
+ "title":"Why Doesn't a Request Throttling Policy Take Effect?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005033.html",
+ "product_code":"apig",
+ "code":"143",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Access Control",
+ "title":"Access Control",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005008.html",
+ "product_code":"apig",
+ "code":"144",
+ "des":"You can provide an open API to specific users in either of the following ways:Select app authentication when you create the API, and share the AppKey and AppSecret with t",
+ "doc_type":"usermanual",
+ "kw":"How Do I Provide an Open API to Specific Users?,Access Control,User Guide",
+ "title":"How Do I Provide an Open API to Specific Users?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005023.html",
+ "product_code":"apig",
+ "code":"145",
+ "des":"You can choose either of the following solutions:Solution 1: Create an API that does not require authentication, and configure an access control policy to whitelist the I",
+ "doc_type":"usermanual",
+ "kw":"How Do I Exclude a Specific IP Address for Identity Authentication of an API?,Access Control,User Gu",
+ "title":"How Do I Exclude a Specific IP Address for Identity Authentication of an API?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180919016.html",
+ "product_code":"",
+ "code":"146",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"API Publishing",
+ "title":"API Publishing",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180307002.html",
+ "product_code":"",
+ "code":"147",
+ "des":"Yes. After you modify the parameters of a published API, you must publish the API again to synchronize the modifications to the environment.",
+ "doc_type":"",
+ "kw":"Do I Need to Publish an API Again After Modification?,API Publishing,User Guide",
+ "title":"Do I Need to Publish an API Again After Modification?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180606011.html",
+ "product_code":"",
+ "code":"148",
+ "des":"To make an API published in a non-RELEASE environment accessible, add the x-stage header to the API request.Example:",
+ "doc_type":"",
+ "kw":"Why Can't APIs Published in a Non-RELEASE Environment Be Accessed?,API Publishing,User Guide",
+ "title":"Why Can't APIs Published in a Non-RELEASE Environment Be Accessed?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-181016019.html",
+ "product_code":"",
+ "code":"149",
+ "des":"Yes, you can invoke different backend services by publishing an API in different environments while specifying environment variables and backend parameters.",
+ "doc_type":"",
+ "kw":"Can I Invoke Different Backend Services by Publishing an API in Different Environments?,API Publishi",
+ "title":"Can I Invoke Different Backend Services by Publishing an API in Different Environments?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005027.html",
+ "product_code":"apig",
+ "code":"150",
+ "des":"APIG debugs APIs in a specific debugging environment. After debugging is completed, you need to publish your API in an environment, and use code or postman to add the X-S",
+ "doc_type":"usermanual",
+ "kw":"How Do I Specify an Environment for API Debugging?,API Publishing,User Guide",
+ "title":"How Do I Specify an Environment for API Debugging?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005035.html",
+ "product_code":"apig",
+ "code":"151",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"API Import and Export",
+ "title":"API Import and Export",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005024.html",
+ "product_code":"apig",
+ "code":"152",
+ "des":"Possible cause 1: The number of APIs exceeds the maximum allowed limit for a single import. For more APIs (300), import them in batches or submit a service ticket to incr",
+ "doc_type":"usermanual",
+ "kw":"Why Does API Import Fail?,API Import and Export,User Guide",
+ "title":"Why Does API Import Fail?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-2005025.html",
+ "product_code":"apig",
+ "code":"153",
+ "des":"The template is being developed.Currently, you can configure one or two APIs in APIG, and then export them to use as templates.",
+ "doc_type":"usermanual",
+ "kw":"Does APIG Provide a Template for Importing APIs from Swagger Files?,API Import and Export,User Guide",
+ "title":"Does APIG Provide a Template for Importing APIs from Swagger Files?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180919015.html",
+ "product_code":"",
+ "code":"154",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"API Security",
+ "title":"API Security",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180307003.html",
+ "product_code":"",
+ "code":"155",
+ "des":"Identity authenticationConfigure IAM or App authentication for APIs to prevent malicious calling.Configure IAM or App authentication for APIs to prevent malicious calling",
+ "doc_type":"",
+ "kw":"How Can I Protect My APIs?,API Security,User Guide",
+ "title":"How Can I Protect My APIs?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180307009.html",
+ "product_code":"",
+ "code":"156",
+ "des":"You can ensure the security of backend services invoked by APIG by using the following methods:Bind signature keys to APIsAfter a signature key is bound to an API, APIG a",
+ "doc_type":"",
+ "kw":"How Do I Ensure the Security of Backend Services Invoked by APIG?,API Security,User Guide",
+ "title":"How Do I Ensure the Security of Backend Services Invoked by APIG?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-191201.html",
+ "product_code":"",
+ "code":"157",
+ "des":"No.",
+ "doc_type":"",
+ "kw":"Can I Control Access to the Private IP Addresses of the ECSs in a VPC Channel (or Load Balance Chann",
+ "title":"Can I Control Access to the Private IP Addresses of the ECSs in a VPC Channel (or Load Balance Channel)?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180919014.html",
+ "product_code":"",
+ "code":"158",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"",
+ "kw":"Other FAQs",
+ "title":"Other FAQs",
+ "githuburl":""
+ },
+ {
+ "uri":"en-us_topic_0084464485.html",
+ "product_code":"",
+ "code":"159",
+ "des":"An API can be published in different environments, such as RELEASE (online environment) and BETA (test environment).An app refers to the identity of an API caller. After ",
+ "doc_type":"",
+ "kw":"What Are the Relationships Between an API, Environment, and App?,Other FAQs,User Guide",
+ "title":"What Are the Relationships Between an API, Environment, and App?",
+ "githuburl":""
+ },
+ {
+ "uri":"en-us_topic_0084464486.html",
+ "product_code":"",
+ "code":"160",
+ "des":"You can use APIG to manage and call APIs in the following ways:Management console, a web-based service management platformIf you have already registered an account, log i",
+ "doc_type":"",
+ "kw":"How Can I Use APIG?,Other FAQs,User Guide",
+ "title":"How Can I Use APIG?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180606010.html",
+ "product_code":"",
+ "code":"161",
+ "des":"APIG supports Java, Go, Python, C#, JavaScript, PHP, C++, C, and Android SDKs.",
+ "doc_type":"",
+ "kw":"What SDK Languages Does APIG Support?,Other FAQs,User Guide",
+ "title":"What SDK Languages Does APIG Support?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180307006.html",
+ "product_code":"",
+ "code":"162",
+ "des":"Yes.If you are using dedicated gateways, configure the maximum request body size allowed by setting the request_body_size parameter. The value ranges from 1 MB to 9536 MB",
+ "doc_type":"",
+ "kw":"Can I Upload Files Using the POST Method?,Other FAQs,User Guide",
+ "title":"Can I Upload Files Using the POST Method?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-faq-180307001.html",
+ "product_code":"",
+ "code":"163",
+ "des":"When receiving an API request, APIG returns a response. A similar response body is as follows:\"error_code\": error code\"error_msg\": description of the error",
+ "doc_type":"",
+ "kw":"What Are the Error Messages Returned by APIG Like?,Other FAQs,User Guide",
+ "title":"What Are the Error Messages Returned by APIG Like?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-faq-20210414.html",
+ "product_code":"",
+ "code":"164",
+ "des":"No. APIG cannot be deployed in a local data center.",
+ "doc_type":"",
+ "kw":"Can APIG Be Deployed in a Local Data Center?,Other FAQs,User Guide",
+ "title":"Can APIG Be Deployed in a Local Data Center?",
+ "githuburl":""
+ },
+ {
+ "uri":"apig-en-ug-180307075.html",
+ "product_code":"apig",
+ "code":"165",
+ "des":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "doc_type":"usermanual",
+ "kw":"Change History,User Guide",
+ "title":"Change History",
+ "githuburl":""
+ }
+]
\ No newline at end of file
diff --git a/docs/apig/umn/CLASS.TXT.json b/docs/apig/umn/CLASS.TXT.json
new file mode 100644
index 000000000..f79ffa95b
--- /dev/null
+++ b/docs/apig/umn/CLASS.TXT.json
@@ -0,0 +1,1487 @@
+[
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Service Overview",
+ "uri":"apig-ug-0016.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"1"
+ },
+ {
+ "desc":"API Gateway (APIG) is a high-performance, high-availability, and high-security API hosting service that helps you build, manage, and deploy APIs at any scale. With just a",
+ "product_code":"apig",
+ "title":"What Is APIG?",
+ "uri":"apig-ug-0017.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"2"
+ },
+ {
+ "desc":"You can quickly create APIs by configuring the required settings on the API Gateway console. API Gateway provides an inline debugging tool to simplify API development, an",
+ "product_code":"apig",
+ "title":"Product Advantages",
+ "uri":"apig-zh-pd-180307002.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"3"
+ },
+ {
+ "desc":"As enterprises develop rapidly with quick business changes, internal systems of enterprises need to keep pace with the development. However, it is difficult to ensure sys",
+ "product_code":"apig",
+ "title":"Application Scenarios",
+ "uri":"apig-zh-pd-180307003.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"4"
+ },
+ {
+ "desc":"Table 1 lists the specifications of dedicated API gateways.For dedicated gateways, you can adjust the maximum number of requests per second for each API.The specification",
+ "product_code":"apig",
+ "title":"Specifications",
+ "uri":"apig-specifications.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"5"
+ },
+ {
+ "desc":"To change the default restrictions, increase the quota by referring to Help Center > Others > FAQs > How Do I Apply for a Higher Quota?",
+ "product_code":"apig",
+ "title":"Notes and Constraints",
+ "uri":"apig-zh-pd-180307005.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"6"
+ },
+ {
+ "desc":"If you need to assign different permissions to employees in your enterprise to access your APIG resources, Identity and Access Management (IAM) is a good choice for fine-",
+ "product_code":"apig",
+ "title":"Permissions Management",
+ "uri":"apig-pd-190529006.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"7"
+ },
+ {
+ "desc":"A set of predefined functions that encapsulates application capabilities. You can create APIs and make them accessible to users.When creating an API, you need to configur",
+ "product_code":"apig",
+ "title":"Basic Concepts",
+ "uri":"apig-zh-pd-180307004.html",
+ "doc_type":"usermanual",
+ "p_code":"1",
+ "code":"8"
+ },
+ {
+ "desc":"API Gateway (APIG) is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With APIG, ",
+ "product_code":"apig",
+ "title":"Using APIG",
+ "uri":"en-us_topic_0080101651.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"9"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Getting Started",
+ "uri":"apig-ug-0012.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"10"
+ },
+ {
+ "desc":"API Gateway (APIG) is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With APIG, ",
+ "product_code":"apig",
+ "title":"Introduction",
+ "uri":"apig-ug-0013.html",
+ "doc_type":"usermanual",
+ "p_code":"10",
+ "code":"11"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Opening APIs",
+ "uri":"apig-en-ug-180307001.html",
+ "doc_type":"usermanual",
+ "p_code":"10",
+ "code":"12"
+ },
+ {
+ "desc":"The following figure shows the process of exposing an API.Creating a GatewayBuy a dedicated gateway. For details, see Buying a Dedicated Gateway.Buy a dedicated gateway. ",
+ "product_code":"apig",
+ "title":"Process Flow",
+ "uri":"apig-en-ug-180307002.html",
+ "doc_type":"usermanual",
+ "p_code":"12",
+ "code":"13"
+ },
+ {
+ "desc":"API group informationParameterDescriptionNameAPI group name. It is recommended that you enter a name based on naming rules to facilitate search.DescriptionDescription of ",
+ "product_code":"apig",
+ "title":"Creating an API Group",
+ "uri":"apig-en-ug-180307003.html",
+ "doc_type":"usermanual",
+ "p_code":"12",
+ "code":"14"
+ },
+ {
+ "desc":"The independent domain name must be registered and resolved. For details, see \"Prerequisites\" in Binding a Domain Name.",
+ "product_code":"apig",
+ "title":"Binding a Domain Name",
+ "uri":"apig-ug-190419107.html",
+ "doc_type":"usermanual",
+ "p_code":"12",
+ "code":"15"
+ },
+ {
+ "desc":"Create an API with the following steps:Setting Basic InformationDefining API RequestDefining Backend ServiceDefining ResponsesSetting basic informationParameterDescriptio",
+ "product_code":"apig",
+ "title":"Creating an API",
+ "uri":"en-us_topic_0080101678.html",
+ "doc_type":"usermanual",
+ "p_code":"12",
+ "code":"16"
+ },
+ {
+ "desc":"If the API is called successfully, the status code 200 is displayed.",
+ "product_code":"apig",
+ "title":"Debugging an API",
+ "uri":"apig-ug-190419108.html",
+ "doc_type":"usermanual",
+ "p_code":"12",
+ "code":"17"
+ },
+ {
+ "desc":"Environment informationParameterDescriptionNameEnvironment name. It is recommended that you enter a name based on naming rules to facilitate search.DescriptionDescription",
+ "product_code":"apig",
+ "title":"(Optional) Creating an Environment",
+ "uri":"apig-en-ug-180307004.html",
+ "doc_type":"usermanual",
+ "p_code":"12",
+ "code":"18"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Publishing an API",
+ "uri":"apig-en-ug-180307005.html",
+ "doc_type":"usermanual",
+ "p_code":"12",
+ "code":"19"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Calling APIs",
+ "uri":"apig-en-ug-180307007.html",
+ "doc_type":"usermanual",
+ "p_code":"10",
+ "code":"20"
+ },
+ {
+ "desc":"The following figure shows the process of calling an API.Obtaining an APIObtain an API and its documentation from an API provider.Obtain an API and its documentation from",
+ "product_code":"apig",
+ "title":"Process Flow",
+ "uri":"apig-en-ug-180307008.html",
+ "doc_type":"usermanual",
+ "p_code":"20",
+ "code":"21"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Creating an App and Getting Authorized",
+ "uri":"apig-en-ug-180307010.html",
+ "doc_type":"usermanual",
+ "p_code":"20",
+ "code":"22"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Adding an AppCode for Simple Authentication",
+ "uri":"apig-en-ug-180307009.html",
+ "doc_type":"usermanual",
+ "p_code":"20",
+ "code":"23"
+ },
+ {
+ "desc":"Use an API test tool to configure the API calling information.For illustration purposes, an API and its documentation are obtained through offline channels. You can also ",
+ "product_code":"apig",
+ "title":"Calling an API",
+ "uri":"apig-en-ug-180307011.html",
+ "doc_type":"usermanual",
+ "p_code":"20",
+ "code":"24"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Gateway Management",
+ "uri":"apig-ug-0006.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"25"
+ },
+ {
+ "desc":"This section describes how to buy a dedicated gateway. You can create APIs and use them to provide services only after a dedicated gateway is created.There are some limit",
+ "product_code":"apig",
+ "title":"Buying a Dedicated Gateway",
+ "uri":"apig-ug-191004.html",
+ "doc_type":"usermanual",
+ "p_code":"25",
+ "code":"26"
+ },
+ {
+ "desc":"You can modify the basic information and configuration parameters of dedicated gateways.To modify the basic information about a dedicated gateway, do as follows:",
+ "product_code":"apig",
+ "title":"Modifying a Dedicated Gateway",
+ "uri":"apig-ug-200801.html",
+ "doc_type":"usermanual",
+ "p_code":"25",
+ "code":"27"
+ },
+ {
+ "desc":"VPC endpoints are secure and private channels for connecting VPCs to VPC endpoint services.APIs can be exposed and accessed across VPCs in the same region of the same clo",
+ "product_code":"apig",
+ "title":"Managing VPC Endpoints",
+ "uri":"apig-ug-0019.html",
+ "doc_type":"usermanual",
+ "p_code":"25",
+ "code":"28"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Opening",
+ "uri":"apig-ug-0008.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"29"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Group Management",
+ "uri":"apig-en-ug-180307014.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"30"
+ },
+ {
+ "desc":"Before creating an API, you must create an API group. An API group contains different APIs used for the same service.Each API can only belong to one API group.After the A",
+ "product_code":"apig",
+ "title":"Creating an API Group",
+ "uri":"apig-en-ug-180307015.html",
+ "doc_type":"usermanual",
+ "p_code":"30",
+ "code":"31"
+ },
+ {
+ "desc":"Before you open an API, you must bind one or more independent domain names to the group to which the API belongs.In a dedicated gateway, you cannot bind the same independ",
+ "product_code":"apig",
+ "title":"Binding a Domain Name",
+ "uri":"apig-en-ug-180327076.html",
+ "doc_type":"usermanual",
+ "p_code":"30",
+ "code":"32"
+ },
+ {
+ "desc":"You can delete an API group if you do not require it.API groups that contain APIs cannot be deleted.You have created an API group.In the Operation column of the target AP",
+ "product_code":"apig",
+ "title":"Deleting an API Group",
+ "uri":"apig-en-ug-180307018.html",
+ "doc_type":"usermanual",
+ "p_code":"30",
+ "code":"33"
+ },
+ {
+ "desc":"A gateway response is displayed if APIG fails to process an API request. APIG provides a set of default responses and also allows you to create gateway responses with cus",
+ "product_code":"apig",
+ "title":"Adding a Gateway Response",
+ "uri":"apig-lgug-200226001.html",
+ "doc_type":"usermanual",
+ "p_code":"30",
+ "code":"34"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Management",
+ "uri":"apig-en-ug-180307019.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"35"
+ },
+ {
+ "desc":"You can selectively expose your services by configuring their APIs in APIG.To create an API, set the basic information and define the API request, backend service, and re",
+ "product_code":"apig",
+ "title":"Creating an API",
+ "uri":"apig-en-ug-180307020.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"36"
+ },
+ {
+ "desc":"For security reasons, browsers restrict cross-origin requests initiated from within scripts. This means that a web application can only request resources from its origin.",
+ "product_code":"apig",
+ "title":"CORS",
+ "uri":"apig-en-ug-180621094.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"37"
+ },
+ {
+ "desc":"After creating an API, debug it on the APIG console by setting HTTP headers and body parameters to verify whether the API is running normally.APIs with backend request pa",
+ "product_code":"apig",
+ "title":"Debugging an API",
+ "uri":"apig-en-ug-180307025.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"38"
+ },
+ {
+ "desc":"APIs using app authentication can only be called by apps that have been authorized to call them.You can only authorize apps to call published APIs.You can authorize apps ",
+ "product_code":"apig",
+ "title":"Authorizing Apps to Call an API",
+ "uri":"apig-en-ug-180307021.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"39"
+ },
+ {
+ "desc":"APIs can be called only after they have been published in an environment. You can publish APIs in different environments. APIG allows you to view the publication history ",
+ "product_code":"apig",
+ "title":"Publishing an API",
+ "uri":"apig-en-ug-180307023.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"40"
+ },
+ {
+ "desc":"You can remove APIs that you do not need from the environments where the APIs have been published.This operation will cause the APIs to be inaccessible in the environment",
+ "product_code":"apig",
+ "title":"Taking an API Offline",
+ "uri":"apig-en-ug-180307024.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"41"
+ },
+ {
+ "desc":"You can delete published APIs you no longer require.Deleted APIs cannot be accessed by apps or users who were using the APIs, so make sure you notify users before the del",
+ "product_code":"apig",
+ "title":"Deleting an API",
+ "uri":"apig-en-ug-180307027.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"42"
+ },
+ {
+ "desc":"APIG allows you to import Swagger 2.0 APIs to existing or new API groups. Swagger is an open-source tool built based on OpenAPI specifications to design, build, record, a",
+ "product_code":"apig",
+ "title":"Importing APIs",
+ "uri":"apig-en-ug-181025104.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"43"
+ },
+ {
+ "desc":"You can export APIs one by one or in batches as JSON or YAML files.You have created an API group and API.The export result is displayed on the right.",
+ "product_code":"apig",
+ "title":"Exporting APIs",
+ "uri":"apig-en-ug-181204105.html",
+ "doc_type":"usermanual",
+ "p_code":"35",
+ "code":"44"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Request Throttling",
+ "uri":"apig-en-ug-180307028.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"45"
+ },
+ {
+ "desc":"Request throttling controls the number of times an API can be called within a time period to protect backend services.To provide stable, uninterrupted services, you can c",
+ "product_code":"apig",
+ "title":"Creating a Request Throttling Policy",
+ "uri":"apig-en-ug-180307029.html",
+ "doc_type":"usermanual",
+ "p_code":"45",
+ "code":"46"
+ },
+ {
+ "desc":"You can delete request throttling policies you no longer require.You have created a request throttling policy.In the Operation column of the request throttling policy you",
+ "product_code":"apig",
+ "title":"Deleting a Request Throttling Policy",
+ "uri":"apig-en-ug-180307032.html",
+ "doc_type":"usermanual",
+ "p_code":"45",
+ "code":"47"
+ },
+ {
+ "desc":"If you want to control the number of API calls received from a specific app or tenant, add an excluded app or tenant to a request throttling policy.You have created an ap",
+ "product_code":"apig",
+ "title":"Adding an Excluded App or Tenant",
+ "uri":"apig-en-ug-180307033.html",
+ "doc_type":"usermanual",
+ "p_code":"45",
+ "code":"48"
+ },
+ {
+ "desc":"You can remove excluded apps or tenants from a request throttling policy. This section takes an excluded app as an example.You have created a request throttling policy.Yo",
+ "product_code":"apig",
+ "title":"Removing an Excluded App or Tenant",
+ "uri":"apig-en-ug-180307035.html",
+ "doc_type":"usermanual",
+ "p_code":"45",
+ "code":"49"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Access Control",
+ "uri":"apig-en-ug-180712096.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"50"
+ },
+ {
+ "desc":"Access control policies are a type of security measures provided by APIG. You can use them to allow or deny API access from specific IP addresses or accounts.Access contr",
+ "product_code":"apig",
+ "title":"Creating an Access Control Policy",
+ "uri":"apig-en-ug-180712097.html",
+ "doc_type":"usermanual",
+ "p_code":"50",
+ "code":"51"
+ },
+ {
+ "desc":"You can delete access control policies you no longer require.You have created an access control policy.In the Operation column of the access control policy you want to de",
+ "product_code":"apig",
+ "title":"Deleting an Access Control Policy",
+ "uri":"apig-en-ug-180712100.html",
+ "doc_type":"usermanual",
+ "p_code":"50",
+ "code":"52"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Environment Management",
+ "uri":"apig-en-ug-180307036.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"53"
+ },
+ {
+ "desc":"An API can be called in different environments, such as production, testing, and development environments. RELEASE is the default environment provided by APIG. You can de",
+ "product_code":"apig",
+ "title":"Creating an Environment and Environment Variable",
+ "uri":"apig-en-ug-180307037.html",
+ "doc_type":"usermanual",
+ "p_code":"53",
+ "code":"54"
+ },
+ {
+ "desc":"You can delete environments you no longer require.You have created an environment.You can delete an environment only if no APIs have been published in the environment.",
+ "product_code":"apig",
+ "title":"Deleting an Environment",
+ "uri":"apig-en-ug-180307039.html",
+ "doc_type":"usermanual",
+ "p_code":"53",
+ "code":"55"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Signature Key Management",
+ "uri":"apig-en-ug-180307040.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"56"
+ },
+ {
+ "desc":"Signature keys are used by backend services to verify the identity of APIG.A signature key consists of a key and secret, and can be used only after being bound to an API.",
+ "product_code":"apig",
+ "title":"Creating and Using a Signature Key",
+ "uri":"apig-en-ug-180307041.html",
+ "doc_type":"usermanual",
+ "p_code":"56",
+ "code":"57"
+ },
+ {
+ "desc":"You can delete signature keys you no longer require.You have created a signature key.In the Operation column of the signature key you want to delete, click Delete.Click t",
+ "product_code":"apig",
+ "title":"Deleting a Signature Key",
+ "uri":"apig-en-ug-180307045.html",
+ "doc_type":"usermanual",
+ "p_code":"56",
+ "code":"58"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"VPC Channel Management",
+ "uri":"apig-en-ug-180425080.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"59"
+ },
+ {
+ "desc":"VPC channels allow services deployed in VPCs to be accessed through their subnets, lowering latency and balancing loads of backend services.After creating a VPC channel, ",
+ "product_code":"apig",
+ "title":"Creating a VPC Channel",
+ "uri":"apig-en-ug-180425081.html",
+ "doc_type":"usermanual",
+ "p_code":"59",
+ "code":"60"
+ },
+ {
+ "desc":"You can delete VPC channels you no longer require.VPC channels that are currently in use by published APIs cannot be deleted.You have created a VPC channel.In the Operati",
+ "product_code":"apig",
+ "title":"Deleting a VPC Channel",
+ "uri":"apig-en-ug-180425083.html",
+ "doc_type":"usermanual",
+ "p_code":"59",
+ "code":"61"
+ },
+ {
+ "desc":"You can modify the health check configurations of a VPC channel to meet service requirements.You have created a VPC channel.Health check configurationsParameterDescriptio",
+ "product_code":"apig",
+ "title":"Editing Health Check Configurations",
+ "uri":"apig-en-ug-180425084.html",
+ "doc_type":"usermanual",
+ "p_code":"59",
+ "code":"62"
+ },
+ {
+ "desc":"You can add or remove cloud servers and edit cloud server weights for VPC channels to meet service requirements.You have created a VPC channel.Adding cloud serversClick S",
+ "product_code":"apig",
+ "title":"Editing Cloud Server Configurations of a VPC Channel",
+ "uri":"apig-en-ug-180502087.html",
+ "doc_type":"usermanual",
+ "p_code":"59",
+ "code":"63"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Custom Authorizers",
+ "uri":"apic-ug-190430104.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"64"
+ },
+ {
+ "desc":"This feature is currently unavailable because FunctionGraph has not been launched.APIG supports custom authentication of both frontend and backend requests.Frontend custo",
+ "product_code":"apig",
+ "title":"Creating a Custom Authorizer",
+ "uri":"apic-ug-190430105.html",
+ "doc_type":"usermanual",
+ "p_code":"64",
+ "code":"65"
+ },
+ {
+ "desc":"You can delete custom authorizers you no longer require.Custom authentication is implemented using FunctionGraph and not supported if FunctionGraph is unavailable in the ",
+ "product_code":"apig",
+ "title":"Deleting a Custom Authorizer",
+ "uri":"apic-ug-190430106.html",
+ "doc_type":"usermanual",
+ "p_code":"64",
+ "code":"66"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Plug-ins",
+ "uri":"apig-ug-0001.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"67"
+ },
+ {
+ "desc":"APIG provides flexible extension capabilities for APIs through plug-ins.Plug-in parameters will be stored as plaintext. To prevent information leakage, do not contain sen",
+ "product_code":"apig",
+ "title":"Creating a Plug-in",
+ "uri":"apig-ug-0004.html",
+ "doc_type":"usermanual",
+ "p_code":"67",
+ "code":"68"
+ },
+ {
+ "desc":"For security purposes, the browser restricts cross-domain requests from being initiated from a page script. In this case, the page can access only the resources from the ",
+ "product_code":"apig",
+ "title":"CORS Plug-in",
+ "uri":"apig-ug-0002.html",
+ "doc_type":"usermanual",
+ "p_code":"67",
+ "code":"69"
+ },
+ {
+ "desc":"HTTP response headers are part of the response returned by APIG to a client that calls an API. You can customize HTTP response headers that will be contained in an API re",
+ "product_code":"apig",
+ "title":"HTTP Response Header Management Plug-in",
+ "uri":"apig-ug-0005.html",
+ "doc_type":"usermanual",
+ "p_code":"67",
+ "code":"70"
+ },
+ {
+ "desc":"The request throttling plug-in limits the number of times an API can be called within a specific time period. It supports parameter-based, basic, and excluded throttling.",
+ "product_code":"apig",
+ "title":"Request Throttling Plug-in",
+ "uri":"apig-ug-0015.html",
+ "doc_type":"usermanual",
+ "p_code":"67",
+ "code":"71"
+ },
+ {
+ "desc":"You can delete plug-ins you no longer require. To delete a plug-in that has been bound to APIs, unbind the plug-in from the APIs and then delete it.You have created a plu",
+ "product_code":"apig",
+ "title":"Deleting a Plug-in",
+ "uri":"apig-ug-0003.html",
+ "doc_type":"usermanual",
+ "p_code":"67",
+ "code":"72"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Monitoring",
+ "uri":"apig-en-ug-180413077.html",
+ "doc_type":"usermanual",
+ "p_code":"29",
+ "code":"73"
+ },
+ {
+ "desc":"This section describes the metrics that APIG reports to the Cloud Eye service. You can view metrics and alarms by using the Cloud Eye console.Dedicated gateway: SYS.APIC",
+ "product_code":"apig",
+ "title":"APIG Metrics",
+ "uri":"apig-en-ug-180427085.html",
+ "doc_type":"usermanual",
+ "p_code":"73",
+ "code":"74"
+ },
+ {
+ "desc":"You can create alarm rules to monitor the status of your APIs.An alarm rule consists of a rule name, monitored objects, metrics, alarm thresholds, monitoring interval, an",
+ "product_code":"apig",
+ "title":"Creating Alarm Rules",
+ "uri":"apig-en-ug-180524089.html",
+ "doc_type":"usermanual",
+ "p_code":"73",
+ "code":"75"
+ },
+ {
+ "desc":"Cloud Eye monitors the status of your APIs and allows you to view their metrics.You have created an API group and API.API metrics are displayed on the Dashboard tab page.",
+ "product_code":"apig",
+ "title":"Viewing Metrics",
+ "uri":"apig-en-ug-180427086.html",
+ "doc_type":"usermanual",
+ "p_code":"73",
+ "code":"76"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Calling",
+ "uri":"apig-ug-0009.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"77"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"App Management",
+ "uri":"apig-en-ug-180307048.html",
+ "doc_type":"usermanual",
+ "p_code":"77",
+ "code":"78"
+ },
+ {
+ "desc":"For an API that uses app authentication, you can create an app and use the app and its ID and key pair (AppKey and AppSecret) to call the API. You can use an app to call ",
+ "product_code":"apig",
+ "title":"Creating an App and Obtaining Authorization",
+ "uri":"apig-en-ug-180307049.html",
+ "doc_type":"usermanual",
+ "p_code":"78",
+ "code":"79"
+ },
+ {
+ "desc":"You can delete apps you no longer require.You have created an app.In the Operation column of the app you want to delete, click Delete.Click the name of the target app, an",
+ "product_code":"apig",
+ "title":"Deleting an App",
+ "uri":"apig-en-ug-180307051.html",
+ "doc_type":"usermanual",
+ "p_code":"78",
+ "code":"80"
+ },
+ {
+ "desc":"You can reset the AppSecret of an app. The AppKey is unique and cannot be reset. When you reset the AppSecret, it becomes invalid and APIs bound to the app cannot be call",
+ "product_code":"apig",
+ "title":"Resetting the AppSecret of an App",
+ "uri":"apig-en-ug-180307053.html",
+ "doc_type":"usermanual",
+ "p_code":"78",
+ "code":"81"
+ },
+ {
+ "desc":"AppCodes are identity credentials of an app used to call APIs in simple authentication mode. In this mode, the X-Apig-AppCode parameter (whose value is an AppCode on the ",
+ "product_code":"apig",
+ "title":"Adding an AppCode for Simple Authentication",
+ "uri":"apig-lgug-200227001.html",
+ "doc_type":"usermanual",
+ "p_code":"78",
+ "code":"82"
+ },
+ {
+ "desc":"You can view the details of an API to which an app has been bound.You have created an app.The app has been bound to an API.",
+ "product_code":"apig",
+ "title":"Viewing API Details",
+ "uri":"apig-en-ug-180307054.html",
+ "doc_type":"usermanual",
+ "p_code":"78",
+ "code":"83"
+ },
+ {
+ "desc":"This section describes how to obtain and analyze the API calling logs of dedicated gateways.APIs have been called.Fields in access logs are separated using spaces. The fo",
+ "product_code":"apig",
+ "title":"Log Analysis",
+ "uri":"en-us_topic_0000001174497029.html",
+ "doc_type":"usermanual",
+ "p_code":"77",
+ "code":"84"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Calling Published APIs",
+ "uri":"apig-ug-0010.html",
+ "doc_type":"usermanual",
+ "p_code":"77",
+ "code":"85"
+ },
+ {
+ "desc":"Before calling APIs, obtain the request information from the API provider, including the access domain name, protocol, method, path, and request parameters.Obtain APIs: f",
+ "product_code":"apig",
+ "title":"Calling APIs",
+ "uri":"apig-ug-0011.html",
+ "doc_type":"usermanual",
+ "p_code":"85",
+ "code":"86"
+ },
+ {
+ "desc":"The following table describes the response headers that APIG adds to the response returned when an API is called.X-Apig-Mode: debug indicates API debugging information.",
+ "product_code":"apig",
+ "title":"Response Headers",
+ "uri":"apig-en-ug-180830102.html",
+ "doc_type":"usermanual",
+ "p_code":"85",
+ "code":"87"
+ },
+ {
+ "desc":"Table 1 lists the error codes that you may encounter when calling APIs.For details about the error codes that may occur when you manage APIs, see section \"Error Codes\" in",
+ "product_code":"apig",
+ "title":"Error Codes",
+ "uri":"apig-en-ug-180530090.html",
+ "doc_type":"usermanual",
+ "p_code":"85",
+ "code":"88"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Permissions Management",
+ "uri":"apig-ug-190529107.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"89"
+ },
+ {
+ "desc":"This topic describes how to use Identity and Access Management (IAM) to implement permissions control for your APIG resources. With IAM, you can:Create IAM users for empl",
+ "product_code":"apig",
+ "title":"Creating a User and Granting APIG Permissions",
+ "uri":"apig-ug-190529109.html",
+ "doc_type":"usermanual",
+ "p_code":"89",
+ "code":"90"
+ },
+ {
+ "desc":"Custom policies can be created to supplement the system-defined policies of APIG. For the actions that can be added to custom policies, see section \"Permissions Policies ",
+ "product_code":"apig",
+ "title":"APIG Custom Policies",
+ "uri":"apig-custom-policy.html",
+ "doc_type":"usermanual",
+ "p_code":"89",
+ "code":"91"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Key Operations Recorded by CTS",
+ "uri":"apig-ug-0020.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"92"
+ },
+ {
+ "desc":"If you want to collect, record, or query operation logs for APIG in common scenarios such as security analysis, audit, and problem locating, enable Cloud Trace Service (C",
+ "product_code":"apig",
+ "title":"APIG operations that can be recorded by CTS",
+ "uri":"apig-en-ug-180307058.html",
+ "doc_type":"usermanual",
+ "p_code":"92",
+ "code":"93"
+ },
+ {
+ "desc":"Query audit logs by following the procedure in section \"Querying Real-Time Traces\" in the Cloud Trace Service User Guide.",
+ "product_code":"apig",
+ "title":"Querying Audit Logs",
+ "uri":"apig-ug-0021.html",
+ "doc_type":"usermanual",
+ "p_code":"92",
+ "code":"94"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"FAQs",
+ "uri":"apig-ug-cmccfaq.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"95"
+ },
+ {
+ "desc":"How Do I Set the Backend Address If I Will Not Use a VPC Channel (or Load Balance Channel)?How Can I Configure the Backend Service Address?Can I Specify a Private Network",
+ "product_code":"apig",
+ "title":"Common FAQs",
+ "uri":"apig-faq-190803.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"96"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Creation",
+ "uri":"apig-faq-create.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"97"
+ },
+ {
+ "desc":"The creation of APIs is free of charge. If you cannot create APIs, your account must be in arrears.",
+ "product_code":"apig",
+ "title":"Why Can't I Create APIs?",
+ "uri":"apig-faq-2005007.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"98"
+ },
+ {
+ "desc":"API responses are defined by backend services (API providers). API Gateway (APIG) only transparently transmits responses to API callers.",
+ "product_code":"apig",
+ "title":"How Do I Define Response Codes for an API?",
+ "uri":"apig-faq-2005001.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"99"
+ },
+ {
+ "desc":"Use the port of the API backend service.",
+ "product_code":"apig",
+ "title":"How Do I Specify the Host Port for a VPC Channel (or Load Balance Channel)?",
+ "uri":"apig-faq-2005002.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"100"
+ },
+ {
+ "desc":"You can specify the backend address as a public domain name or a public IP address, such as the Elastic IP (EIP) of an Elastic Cloud Server (ECS).",
+ "product_code":"apig",
+ "title":"How Do I Set the Backend Address If I Will Not Use a VPC Channel (or Load Balance Channel)?",
+ "uri":"apig-faq-2005004.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"101"
+ },
+ {
+ "desc":"Configure the backend service address as an ECS EIP, or the public IP address or domain name of your own server.",
+ "product_code":"apig",
+ "title":"How Can I Configure the Backend Service Address?",
+ "uri":"apig-faq-190627028.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"102"
+ },
+ {
+ "desc":"For dedicated gateways, you can use private network load balancer addresses.Alternatively, you can use the EIP bound to a public network load balancer.",
+ "product_code":"apig",
+ "title":"Can I Specify a Private Network Load Balancer Address for the Backend Service?",
+ "uri":"apig-faq-2005003.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"103"
+ },
+ {
+ "desc":"If you use a dedicated gateway, you can specify either an IP address that belongs to the same subnet where the gateway is deployed, or the private address of a local data",
+ "product_code":"apig",
+ "title":"Can I Specify the Backend Address as a Subnet IP Address?",
+ "uri":"apig-faq-2005006.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"104"
+ },
+ {
+ "desc":"Yes. APIG supports the configuration of multiple backend endpoints through a VPC channel (also called \"load balance channel\"). You can add multiple cloud servers to each ",
+ "product_code":"apig",
+ "title":"Does APIG Support Multiple Backend Endpoints?",
+ "uri":"apig-en-faq-180606012.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"105"
+ },
+ {
+ "desc":"If you are using a dedicated gateway, add an A record that points the independent domain name to the inbound access address of the gateway. You can bind five independent ",
+ "product_code":"apig",
+ "title":"What Should I Do After Applying for an Independent Domain Name?",
+ "uri":"apig-faq-2005009.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"106"
+ },
+ {
+ "desc":"In a dedicated gateway, you can add a private domain name, and add an A record to point the domain name to the inbound access address of the gateway.",
+ "product_code":"apig",
+ "title":"Can I Bind Private Domain Names for API Access?",
+ "uri":"apig-faq-2005021.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"107"
+ },
+ {
+ "desc":"Ensure that CORS has been enabled for the API.Go to the API details page, click Edit, and check whether CORS is enabled. If it is not, enable it.Go to the API details pag",
+ "product_code":"apig",
+ "title":"Why Does an API Failed to Be Called Across Domains?",
+ "uri":"apig-faq-190627027.html",
+ "doc_type":"usermanual",
+ "p_code":"97",
+ "code":"108"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Calling",
+ "uri":"apig-en-faq-180919017.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"109"
+ },
+ {
+ "desc":"API calling failures may occur in three scenarios: within a VPC, between VPCs, and on a public network.Within a VPC: Check whether the domain name is the same as that aut",
+ "product_code":"apig",
+ "title":"What Are the Possible Causes for an API Calling Failure?",
+ "uri":"apig-faq-2005010.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"110"
+ },
+ {
+ "desc":"If an error code is returned when you call your own APIs, see User Guide > Calling Published APIs > Error Codes.If an error code is returned when you manage your APIs, se",
+ "product_code":"apig",
+ "title":"What Should I Do If an Error Code Is Returned During API Calling?",
+ "uri":"apig-faq-2005012.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"111"
+ },
+ {
+ "desc":"The request URL (including request parameters) is too long. Place the request parameters in the request body and try again.",
+ "product_code":"apig",
+ "title":"Why Am I Seeing the Error Message \"414 Request-URI Too Large\" When I Call an API?",
+ "uri":"apig-faq-2005022.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"112"
+ },
+ {
+ "desc":"If an open API in APIG failed to be called, troubleshoot the failure by performing the following operations:The domain name, request method, or path used for calling the ",
+ "product_code":"apig",
+ "title":"What Should I Do If \"The API does not exist or has not been published in the environment.\" Is Displayed?",
+ "uri":"apig-faq-19123002.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"113"
+ },
+ {
+ "desc":"Check whether the backend service is accessible, and modify the backend service if it is inaccessible.Check the ECS security group configurations of the backend service a",
+ "product_code":"apig",
+ "title":"Why Am I Seeing the Message \"No backend available\"?",
+ "uri":"apig-en-faq-181016018.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"114"
+ },
+ {
+ "desc":"The following table lists the possible causes if a backend service fails to be invoked or the invocation times out.",
+ "product_code":"apig",
+ "title":"What Are the Possible Causes If the Message \"Backend unavailable\" or \"Backend timeout\" Is Displayed?",
+ "uri":"en-us_topic_0087908599.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"115"
+ },
+ {
+ "desc":"An error message indicating a domain name resolution failure is displayed when the backend service is called, although private domain name resolution is completed for the",
+ "product_code":"apig",
+ "title":"Why Am I Seeing the Message \"Backend domain name resolution failed\" When a Backend Service Is Called?",
+ "uri":"apig-faq-0004.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"116"
+ },
+ {
+ "desc":"Modification of the backend_timeout parameter in a dedicated gateway does not take effect.The Timeout (ms) parameter on the Define Backend Request page is not modified.Lo",
+ "product_code":"apig",
+ "title":"Why Doesn't Modification of the backend_timeout Parameter Take Effect?",
+ "uri":"apig-faq-19122004.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"117"
+ },
+ {
+ "desc":"By default, the API in the RELEASE environment is called. If you want to call the same API in another environment, add the request header X-Stage to specify the environme",
+ "product_code":"apig",
+ "title":"How Do I Switch the Environment for API Calling?",
+ "uri":"apig-faq-2005011.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"118"
+ },
+ {
+ "desc":"Dedicated gateway: APIG forwards only API requests whose body is no larger than 12 MB. If your gateway will receive requests with a body larger than 12 MB, modify the req",
+ "product_code":"apig",
+ "title":"What Is the Maximum Size of an API Request Package?",
+ "uri":"apig-en-faq-180606013.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"119"
+ },
+ {
+ "desc":"APIG provides SDKs and demos in multiple languages, such as Java, Python, C, PHP, and Go, for app authentication. To use Objective-C (for iOS) or other languages, see Dev",
+ "product_code":"apig",
+ "title":"How Do I Perform App Authentication in iOS System?",
+ "uri":"apig-faq-190515025.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"120"
+ },
+ {
+ "desc":"The header parameter x-auth-token has already been defined in APIG. To use this parameter to call an API, add the parameter and its value to the request header.",
+ "product_code":"apig",
+ "title":"Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authentication?",
+ "uri":"apig-faq-190627029.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"121"
+ },
+ {
+ "desc":"How many apps can I create?You can create a maximum of 50 apps.How do I isolate the calling information among the third parties that call the same API through app authent",
+ "product_code":"apig",
+ "title":"App FAQs",
+ "uri":"apig-faq-190627030.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"122"
+ },
+ {
+ "desc":"Yes, mobile apps can call APIs. In app authentication mode, the AppKey and AppSecret of a mobile app are replaced with those in the relevant SDK to sign the app.",
+ "product_code":"apig",
+ "title":"Can Mobile Apps Call APIs?",
+ "uri":"apig-en-faq-180307004.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"123"
+ },
+ {
+ "desc":"Yes, applications deployed in a VPC can call APIs by default. If domain name resolution fails, configure a DNS server on the current endpoint by following the instruction",
+ "product_code":"apig",
+ "title":"Can Applications Deployed in a VPC Call APIs?",
+ "uri":"apig-en-faq-180307008.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"124"
+ },
+ {
+ "desc":"APIG supports WebSocket data transmission. When creating an API, you can select HTTP, HTTPS, or HTTP&HTTPS. HTTP is equivalent to WebSocket (ws), and HTTPS is equivalent ",
+ "product_code":"apig",
+ "title":"How Do I Implement WebSocket Data Transmission?",
+ "uri":"apig-faq-190627033.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"125"
+ },
+ {
+ "desc":"Yes. But you should use persistent connections properly to avoid occupying too many resources.",
+ "product_code":"apig",
+ "title":"Does APIG Support Persistent Connections?",
+ "uri":"apig-faq-19122001.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"126"
+ },
+ {
+ "desc":"If multiple backend policies are configured for an API, APIG will match the backend policies in sequence. If an API request matches one of the backend policies, APIG imme",
+ "product_code":"apig",
+ "title":"How Will the Requests for an API with Multiple Backend Policies Be Matched and Executed?",
+ "uri":"apig-faq-19123001.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"127"
+ },
+ {
+ "desc":"No.",
+ "product_code":"apig",
+ "title":"Is There a Limit on the Size of the Response to an API Request?",
+ "uri":"apig-faq-19122003.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"128"
+ },
+ {
+ "desc":"Enable public access for the relevant gateway to allow external services to call APIs.If you encounter a network problem when calling APIs, see What Are the Possible Caus",
+ "product_code":"apig",
+ "title":"How Can I Access Backend Services over Public Networks Through APIG?",
+ "uri":"apig-faq-0007.html",
+ "doc_type":"usermanual",
+ "p_code":"109",
+ "code":"129"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Authentication",
+ "uri":"apig-faq-auth.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"130"
+ },
+ {
+ "desc":"Dedicated gateway: Yes.Backend two-way authentication: When creating an API, enable two-way authentication for the backend service. For details, see the description about",
+ "product_code":"apig",
+ "title":"Does APIG Support HTTPS Two-Way Authentication?",
+ "uri":"apig-faq-2005013.html",
+ "doc_type":"usermanual",
+ "p_code":"130",
+ "code":"131"
+ },
+ {
+ "desc":"To call APIs that do not require authentication, construct standard HTTP requests and send them to APIG.APIG transparently transmits requests to call an API that does not",
+ "product_code":"apig",
+ "title":"How Do I Call an API That Does Not Require Authentication?",
+ "uri":"apig-faq-2005020.html",
+ "doc_type":"usermanual",
+ "p_code":"130",
+ "code":"132"
+ },
+ {
+ "desc":"APIG supports TLS 1.1 and TLS 1.2, but does not support TLS 1.0 or TLS 1.3.",
+ "product_code":"apig",
+ "title":"Which TLS Versions Does APIG Support?",
+ "uri":"apig-faq-2005015.html",
+ "doc_type":"usermanual",
+ "p_code":"130",
+ "code":"133"
+ },
+ {
+ "desc":"Yes. For details, see \"Custom Authorizers\" in the User Guide.",
+ "product_code":"apig",
+ "title":"Does APIG Support Custom Authentication?",
+ "uri":"apig-faq-2005016.html",
+ "doc_type":"usermanual",
+ "p_code":"130",
+ "code":"134"
+ },
+ {
+ "desc":"Yes. The request body is another element that needs to be signed in addition to the mandatory request header parameters. For example, when an API used to upload a file us",
+ "product_code":"apig",
+ "title":"Will the Request Body Be Signed for Security Authentication?",
+ "uri":"apig-faq-2005018.html",
+ "doc_type":"usermanual",
+ "p_code":"130",
+ "code":"135"
+ },
+ {
+ "desc":"You may encounter the following errors related to IAM authentication information:Incorrect IAM authentication information: verify aksk signature failIncorrect IAM authent",
+ "product_code":"apig",
+ "title":"Common Errors Related to IAM Authentication Information",
+ "uri":"apig-faq-0003.html",
+ "doc_type":"usermanual",
+ "p_code":"130",
+ "code":"136"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Control Policies",
+ "uri":"apig-faq-0002.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"137"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Request Throttling",
+ "uri":"apig-faq-2005032.html",
+ "doc_type":"usermanual",
+ "p_code":"137",
+ "code":"138"
+ },
+ {
+ "desc":"No, but you can limit the maximum number of API calls allowed within a specific period of time.",
+ "product_code":"apig",
+ "title":"Can I Configure the Maximum Number of Concurrent Requests?",
+ "uri":"apig-faq-2005026.html",
+ "doc_type":"usermanual",
+ "p_code":"138",
+ "code":"139"
+ },
+ {
+ "desc":"Yes.",
+ "product_code":"apig",
+ "title":"Is the Restriction of 1000 Requests to a Subdomain Name Applied to Enterprise Accounts?",
+ "uri":"apig-faq-190627032.html",
+ "doc_type":"usermanual",
+ "p_code":"138",
+ "code":"140"
+ },
+ {
+ "desc":"Dedicated gateways have bandwidth limits. When you create a dedicated gateway, you can set the bandwidth for public inbound and outbound access.",
+ "product_code":"apig",
+ "title":"Does APIG Has Bandwidth Limits?",
+ "uri":"apig-faq-19122002.html",
+ "doc_type":"usermanual",
+ "p_code":"138",
+ "code":"141"
+ },
+ {
+ "desc":"API call limit or source IP address request limit of the policy does not take effect.Check whether the policy has been bound to an API.Check whether the policy has been b",
+ "product_code":"apig",
+ "title":"Why Doesn't a Request Throttling Policy Take Effect?",
+ "uri":"apig-faq-0001.html",
+ "doc_type":"usermanual",
+ "p_code":"138",
+ "code":"142"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Access Control",
+ "uri":"apig-faq-2005033.html",
+ "doc_type":"usermanual",
+ "p_code":"137",
+ "code":"143"
+ },
+ {
+ "desc":"You can provide an open API to specific users in either of the following ways:Select app authentication when you create the API, and share the AppKey and AppSecret with t",
+ "product_code":"apig",
+ "title":"How Do I Provide an Open API to Specific Users?",
+ "uri":"apig-faq-2005008.html",
+ "doc_type":"usermanual",
+ "p_code":"143",
+ "code":"144"
+ },
+ {
+ "desc":"You can choose either of the following solutions:Solution 1: Create an API that does not require authentication, and configure an access control policy to whitelist the I",
+ "product_code":"apig",
+ "title":"How Do I Exclude a Specific IP Address for Identity Authentication of an API?",
+ "uri":"apig-faq-2005023.html",
+ "doc_type":"usermanual",
+ "p_code":"143",
+ "code":"145"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Publishing",
+ "uri":"apig-en-faq-180919016.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"146"
+ },
+ {
+ "desc":"Yes. After you modify the parameters of a published API, you must publish the API again to synchronize the modifications to the environment.",
+ "product_code":"apig",
+ "title":"Do I Need to Publish an API Again After Modification?",
+ "uri":"apig-en-faq-180307002.html",
+ "doc_type":"usermanual",
+ "p_code":"146",
+ "code":"147"
+ },
+ {
+ "desc":"To make an API published in a non-RELEASE environment accessible, add the x-stage header to the API request.Example:",
+ "product_code":"apig",
+ "title":"Why Can't APIs Published in a Non-RELEASE Environment Be Accessed?",
+ "uri":"apig-en-faq-180606011.html",
+ "doc_type":"usermanual",
+ "p_code":"146",
+ "code":"148"
+ },
+ {
+ "desc":"Yes, you can invoke different backend services by publishing an API in different environments while specifying environment variables and backend parameters.",
+ "product_code":"apig",
+ "title":"Can I Invoke Different Backend Services by Publishing an API in Different Environments?",
+ "uri":"apig-en-faq-181016019.html",
+ "doc_type":"usermanual",
+ "p_code":"146",
+ "code":"149"
+ },
+ {
+ "desc":"APIG debugs APIs in a specific debugging environment. After debugging is completed, you need to publish your API in an environment, and use code or postman to add the X-S",
+ "product_code":"apig",
+ "title":"How Do I Specify an Environment for API Debugging?",
+ "uri":"apig-faq-2005027.html",
+ "doc_type":"usermanual",
+ "p_code":"146",
+ "code":"150"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Import and Export",
+ "uri":"apig-faq-2005035.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"151"
+ },
+ {
+ "desc":"Possible cause 1: The number of APIs exceeds the maximum allowed limit for a single import. For more APIs (300), import them in batches or submit a service ticket to incr",
+ "product_code":"apig",
+ "title":"Why Does API Import Fail?",
+ "uri":"apig-faq-2005024.html",
+ "doc_type":"usermanual",
+ "p_code":"151",
+ "code":"152"
+ },
+ {
+ "desc":"The template is being developed.Currently, you can configure one or two APIs in APIG, and then export them to use as templates.",
+ "product_code":"apig",
+ "title":"Does APIG Provide a Template for Importing APIs from Swagger Files?",
+ "uri":"apig-faq-2005025.html",
+ "doc_type":"usermanual",
+ "p_code":"151",
+ "code":"153"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"API Security",
+ "uri":"apig-en-faq-180919015.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"154"
+ },
+ {
+ "desc":"Identity authenticationConfigure IAM or App authentication for APIs to prevent malicious calling.Configure IAM or App authentication for APIs to prevent malicious calling",
+ "product_code":"apig",
+ "title":"How Can I Protect My APIs?",
+ "uri":"apig-en-faq-180307003.html",
+ "doc_type":"usermanual",
+ "p_code":"154",
+ "code":"155"
+ },
+ {
+ "desc":"You can ensure the security of backend services invoked by APIG by using the following methods:Bind signature keys to APIsAfter a signature key is bound to an API, APIG a",
+ "product_code":"apig",
+ "title":"How Do I Ensure the Security of Backend Services Invoked by APIG?",
+ "uri":"apig-en-faq-180307009.html",
+ "doc_type":"usermanual",
+ "p_code":"154",
+ "code":"156"
+ },
+ {
+ "desc":"No.",
+ "product_code":"apig",
+ "title":"Can I Control Access to the Private IP Addresses of the ECSs in a VPC Channel (or Load Balance Channel)?",
+ "uri":"apig-faq-191201.html",
+ "doc_type":"usermanual",
+ "p_code":"154",
+ "code":"157"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Other FAQs",
+ "uri":"apig-en-faq-180919014.html",
+ "doc_type":"usermanual",
+ "p_code":"95",
+ "code":"158"
+ },
+ {
+ "desc":"An API can be published in different environments, such as RELEASE (online environment) and BETA (test environment).An app refers to the identity of an API caller. After ",
+ "product_code":"apig",
+ "title":"What Are the Relationships Between an API, Environment, and App?",
+ "uri":"en-us_topic_0084464485.html",
+ "doc_type":"usermanual",
+ "p_code":"158",
+ "code":"159"
+ },
+ {
+ "desc":"You can use APIG to manage and call APIs in the following ways:Management console, a web-based service management platformIf you have already registered an account, log i",
+ "product_code":"apig",
+ "title":"How Can I Use APIG?",
+ "uri":"en-us_topic_0084464486.html",
+ "doc_type":"usermanual",
+ "p_code":"158",
+ "code":"160"
+ },
+ {
+ "desc":"APIG supports Java, Go, Python, C#, JavaScript, PHP, C++, C, and Android SDKs.",
+ "product_code":"apig",
+ "title":"What SDK Languages Does APIG Support?",
+ "uri":"apig-en-faq-180606010.html",
+ "doc_type":"usermanual",
+ "p_code":"158",
+ "code":"161"
+ },
+ {
+ "desc":"Yes.If you are using dedicated gateways, configure the maximum request body size allowed by setting the request_body_size parameter. The value ranges from 1 MB to 9536 MB",
+ "product_code":"apig",
+ "title":"Can I Upload Files Using the POST Method?",
+ "uri":"apig-en-faq-180307006.html",
+ "doc_type":"usermanual",
+ "p_code":"158",
+ "code":"162"
+ },
+ {
+ "desc":"When receiving an API request, APIG returns a response. A similar response body is as follows:\"error_code\": error code\"error_msg\": description of the error",
+ "product_code":"apig",
+ "title":"What Are the Error Messages Returned by APIG Like?",
+ "uri":"apig-en-faq-180307001.html",
+ "doc_type":"usermanual",
+ "p_code":"158",
+ "code":"163"
+ },
+ {
+ "desc":"No. APIG cannot be deployed in a local data center.",
+ "product_code":"apig",
+ "title":"Can APIG Be Deployed in a Local Data Center?",
+ "uri":"apig-faq-20210414.html",
+ "doc_type":"usermanual",
+ "p_code":"158",
+ "code":"164"
+ },
+ {
+ "desc":"HUAWEI CLOUD Help Center presents technical documents to help you quickly get started with HUAWEI CLOUD services. The technical documents include Service Overview, Price Details, Purchase Guide, User Guide, API Reference, Best Practices, FAQs, and Videos.",
+ "product_code":"apig",
+ "title":"Change History",
+ "uri":"apig-en-ug-180307075.html",
+ "doc_type":"usermanual",
+ "p_code":"",
+ "code":"165"
+ }
+]
\ No newline at end of file
diff --git a/docs/apig/umn/PARAMETERS.txt b/docs/apig/umn/PARAMETERS.txt
new file mode 100644
index 000000000..6da8d5f07
--- /dev/null
+++ b/docs/apig/umn/PARAMETERS.txt
@@ -0,0 +1,3 @@
+version=""
+language="en-us"
+type=""
\ No newline at end of file
diff --git a/docs/apig/umn/apic-ug-190430104.html b/docs/apig/umn/apic-ug-190430104.html
new file mode 100644
index 000000000..e146eaae4
--- /dev/null
+++ b/docs/apig/umn/apic-ug-190430104.html
@@ -0,0 +1,21 @@
+
+
+
+ Custom Authorizers
+
+
+
+
+
diff --git a/docs/apig/umn/apic-ug-190430105.html b/docs/apig/umn/apic-ug-190430105.html
new file mode 100644
index 000000000..a6d9f879e
--- /dev/null
+++ b/docs/apig/umn/apic-ug-190430105.html
@@ -0,0 +1,74 @@
+
+
+Creating a Custom Authorizer
+
This feature is currently unavailable because FunctionGraph has not been launched.
+
+
Scenario
APIG supports custom authentication of both frontend and backend requests.
+
- Frontend custom authentication: If you already have an authentication system, you can configure it in a function and then create a custom authorizer by using the function to authenticate API requests.
- Backend custom authentication: You can create a custom authorizer to authenticate requests for different backend services, eliminating the need to customize APIs for different authentication systems and simplifying API development. You only need to create a function-based custom authorizer in APIG to connect to the backend authentication system.
+
Custom authentication is implemented using FunctionGraph and not supported if FunctionGraph is unavailable in the selected region.
+
For details about custom authentication, see Developer Guide.
+
+
The following figure shows the process of calling APIs through custom authentication.
+
Figure 1 Calling APIs through custom authentication
+
+
Prerequisites
- You have created a function in FunctionGraph.
- You have the FunctionGraph Administrator permission.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- Choose API Publishing > Custom Authorizers, and click Create Custom Authorizer.
- Set the parameters listed in Table 1.
+
Table 1 Parameters for creating a custom authorizerParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Authorizer name.
+ |
+
+Type
+ |
+- Frontend: Authenticates access to APIs.
- Backend: Authenticates access to backend services.
+ |
+
+Function URN
+ |
+Select a FunctionGraph function.
+ |
+
+Identity Sources
+ |
+Request parameters for authentication. You can add headers and query strings. Header names are case-insensitive.
+This parameter is mandatory only if you set Type to Frontend, and Max. Cache Age (s) is greater than 0. When the cache is used, this parameter is used as a search criterion to query authentication results.
+ |
+
+Max. Cache Age (s)
+ |
+The time for caching authentication results.
+Value 0 means that authentication results will not be cached. The maximum value is 3600.
+ |
+
+Send Request Body
+ |
+Determine whether to send the body of each API request to the authentication function. If you enable this option, the request body will be sent to the authentication function in the same way as the headers and query strings.
+ NOTE: This option is available only for dedicated API gateways.
+
+ |
+
+User Data
+ |
+Customized request parameters to be used together with Identity Sources when APIG invokes a function.
+ |
+
+
+
+
+
- Click OK.
+
+
Deleting a Custom Authorizer
+Scenario
You can delete custom authorizers you no longer require.
+
- Custom authentication is implemented using FunctionGraph and not supported if FunctionGraph is unavailable in the selected region.
- Custom authorizers that have been configured for APIs cannot be deleted.
+
+
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- Choose API Publishing > Custom Authorizers, and click Delete in the row containing the custom authorizer you want to delete.
- Click Yes.
+
+
APIG Custom Policies
+Custom policies can be created to supplement the system-defined policies of APIG. For the actions that can be added to custom policies, see section "Permissions Policies and Supported Actions" in the API Gateway API Reference.
+
You can create custom policies using one of the following methods:
+
- Visual editor: Select cloud services, actions, resources, and request conditions. This does not require knowledge of policy syntax.
- JSON: Edit JSON policies from scratch or based on an existing policy.
+
For details, see section "Creating a Custom Policy" in the Identity and Access Management User Guide. The following section contains examples of common APIG custom policies.
+
Only dedicated API gateways support system-defined policies and custom policies.
+
+
Example Custom Policies
- Example 1: Allow users to create and debug APIs
{
+ "Version": "1.1",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Action": [
+ "
+ apig:apis:create
+ apig:apis:debug
+ "
+ ]
+ }
+ ]
+}
+ - Example 2: Deny API group creation
A policy with only "Deny" permissions must be used in conjunction with other policies to take effect. If the permissions assigned to a user contain both "Allow" and "Deny", the "Deny" permissions take precedence over the "Allow" permissions.
+The following method can be used if you need to assign permissions of the APIG FullAccess policy to a user but you want to prevent the user from creating API groups. Create a custom policy for denying API group creation, and attach both policies to the group to which the user belongs. Then, the user can perform all operations on API gateways except creating API groups. The following is an example of a deny policy:
+{
+ "Version": "1.1",
+ "Statement": [
+ {
+ "Effect": "Deny",
+ "Action": [
+ "apig:groups:create"
+ ]
+ }
+ ]
+}
+
+
+
What Are the Error Messages Returned by APIG Like?
+When receiving an API request, APIG returns a response. A similar response body is as follows:
+
{
+ "error_code": "APIG.0101",
+ "error_msg": "API does not exist or is not published in the environment.",
+ "request_id": "acbc548ac6f2a0dbdb9e3518a7c0ff84"
+}
+
- "error_code": error code
- "error_msg": description of the error
+
Do I Need to Publish an API Again After Modification?
+Yes. After you modify the parameters of a published API, you must publish the API again to synchronize the modifications to the environment.
+
How Can I Protect My APIs?
+- Identity authentication
Configure IAM or App authentication for APIs to prevent malicious calling.
+ - Access control policies
Configure a whitelist or blacklist of IP addresses/IP address ranges or accounts for APIs to secure access.
+ - Request throttling policies
By default, an API can be called up to 200 times per second. If your backend service does not support this access rate, decrease the quota accordingly.
+
+
Can Mobile Apps Call APIs?
+Yes, mobile apps can call APIs. In app authentication mode, the AppKey and AppSecret of a mobile app are replaced with those in the relevant SDK to sign the app.
+
Can I Upload Files Using the POST Method?
+Yes.
+
If you are using dedicated gateways, configure the maximum request body size allowed by setting the request_body_size parameter. The value ranges from 1 MB to 9536 MB.
+
Currently, only the request body can be transparently transmitted.
+
+
Can Applications Deployed in a VPC Call APIs?
+Yes, applications deployed in a VPC can call APIs by default. If domain name resolution fails, configure a DNS server on the current endpoint by following the instructions in Configuring an Intranet DNS Server. After the configuration, applications deployed in the VPC can call APIs.
+
Configuring an Intranet DNS Server
To configure a DNS server, specify its IP address in the /etc/resolv.conf file.
+
The IP address of the intranet DNS server depends on which region you are located in. Find the IP address of the intranet DNS server in your region from the private DNS server addresses mentioned in the Domain Name Service FAQs.
+
Add an intranet DNS server with either of the following two methods:
+
- Method 1: Modify the subnet information of the VPC.
- Method 2: Edit the /etc/resolv.conf file.
The intranet DNS server configurations become invalid after the ECS restarts, and the intranet DNS server must be configured again. Therefore, method 1 is recommended.
+
+
+
+
Method 1
Perform the following procedure to add a DNS server IP address to the subnet configurations of the ECS in the VPC.
+
- Log in to the management console.
- Click
in the upper left corner to select a region. - In the service list, choose Compute > Elastic Cloud Server.
- Click the name of the ECS you want to use.
- On the ECS details page, view the NIC information, and click
to view the subnet name of the ECS. - On the ECS basic information page, view the VPC name of the ECS.
- Click the VPC name to visit the VPC console.
- Choose Subnets in the left navigation pane.
- Locate the subnet mentioned in 5 and click the subnet name.
- Change the DNS server address of the subnet and click OK.
For example, change the address to 100.125.1.250.
+ - Restart the ECS. Check that the /etc/resolv.conf file contains the IP address of the DNS server to be configured, and the IP address is less than those of all other DNS servers.
The following figure shows the IP address 100.125.1.250 of the DNS server to be configured.
+
+ Modifying the subnet information of a VPC will affect all ECSs created using the subnet.
+
+
+
+
Method 2
Add the IP address of the intranet DNS server to the /etc/resolv.conf file.
+
For example, if you are located in region01, add an intranet DNS server of IP address 100.125.1.250 to the /etc/resolv.conf file.
+
- The IP address of the new DNS server must be less than those of all other DNS servers.
- The DNS configurations take effect immediately after the /etc/resolv.conf file is saved.
+
+
+
How Do I Ensure the Security of Backend Services Invoked by APIG?
+You can ensure the security of backend services invoked by APIG by using the following methods:
+
- Bind signature keys to APIs
After a signature key is bound to an API, APIG adds signature information to each request sent to the backend service. The backend service calculates the signature information in each request and checks whether the signature information is consistent with that on APIG.
+ - Encrypt requests using HTTPS
Ensure that the required SSL certificate exists.
+ - Perform backend authentication
Enable security authentication for backend services of the desired APIs to process only API requests that carry correct authentication information.
+
+
What SDK Languages Does APIG Support?
+APIG supports Java, Go, Python, C#, JavaScript, PHP, C++, C, and Android SDKs.
+
Why Can't APIs Published in a Non-RELEASE Environment Be Accessed?
+To make an API published in a non-RELEASE environment accessible, add the x-stage header to the API request.
+
Example:
+
r.Header.Add("x-stage", "RELEASE")
+
Does APIG Support Multiple Backend Endpoints?
+Yes. APIG supports the configuration of multiple backend endpoints through a VPC channel (also called "load balance channel"). You can add multiple cloud servers to each VPC channel.
+
What Is the Maximum Size of an API Request Package?
+Dedicated gateway: APIG forwards only API requests whose body is no larger than 12 MB. If your gateway will receive requests with a body larger than 12 MB, modify the request_body_size parameter on the gateway details page. This parameter indicates the maximum request body size allowed. The value ranges from 1 MB to 9536 MB.
+
Other FAQs
+
+
+
+
+
diff --git a/docs/apig/umn/apig-en-faq-180919015.html b/docs/apig/umn/apig-en-faq-180919015.html
new file mode 100644
index 000000000..4056e1510
--- /dev/null
+++ b/docs/apig/umn/apig-en-faq-180919015.html
@@ -0,0 +1,19 @@
+
+
+API Security
+
+
+
diff --git a/docs/apig/umn/apig-en-faq-180919016.html b/docs/apig/umn/apig-en-faq-180919016.html
new file mode 100644
index 000000000..3020d2657
--- /dev/null
+++ b/docs/apig/umn/apig-en-faq-180919016.html
@@ -0,0 +1,25 @@
+
+
+
+ API Publishing
+
+
+
+
+
diff --git a/docs/apig/umn/apig-en-faq-180919017.html b/docs/apig/umn/apig-en-faq-180919017.html
new file mode 100644
index 000000000..f55096406
--- /dev/null
+++ b/docs/apig/umn/apig-en-faq-180919017.html
@@ -0,0 +1,53 @@
+
+
+API Calling
+
+
+
diff --git a/docs/apig/umn/apig-en-faq-181016018.html b/docs/apig/umn/apig-en-faq-181016018.html
new file mode 100644
index 000000000..3d3ca5cca
--- /dev/null
+++ b/docs/apig/umn/apig-en-faq-181016018.html
@@ -0,0 +1,11 @@
+
+
+Why Am I Seeing the Message "No backend available"?
+- Check whether the backend service is accessible, and modify the backend service if it is inaccessible.
- Check the ECS security group configurations of the backend service and verify that the required port has been enabled.
- Check whether ACL configurations of the VPC restrict the communication between the API gateway and the subnet where the backend service is located.
- If you use a VPC channel, check whether the service port, health check port, and backend servers of the VPC channel have been correctly configured.
+
Can I Invoke Different Backend Services by Publishing an API in Different Environments?
+Yes, you can invoke different backend services by publishing an API in different environments while specifying environment variables and backend parameters.
+
Opening APIs
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307002.html b/docs/apig/umn/apig-en-ug-180307002.html
new file mode 100644
index 000000000..e59b22e09
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307002.html
@@ -0,0 +1,28 @@
+
+
+Process Flow
+The following figure shows the process of exposing an API.
+
+
- Creating a Gateway
Buy a dedicated gateway. For details, see Buying a Dedicated Gateway.
+
+ - Creating an API Group
An API group facilitates management of APIs used for the same service. Create an API group and then create APIs.
+ - Binding a Domain Name
Before making the API available for users to access, bind an independent domain name (custom domain name) to the group to which the API belongs. Then API callers can use these domain names to call the API.
+ - Creating an API
When creating an API, configure the frontend and backend request paths, parameters, and protocols.
+ - Debugging an API
Debug the API to check whether it works normally.
+ - (Optional) Creating an Environment
An API can be called in different scenarios, such as the production environment (RELEASE) or other custom environments. RELEASE is the default environment defined in APIG.
+ - Publishing an API
Publish the API so that it can be called.
+
+
Creating an API Group
+- Log in to the APIG console.
- Access the dedicated gateway you purchased.
- In the navigation pane, choose API Publishing > API Groups.
- Click Create API Group and configure group information.
+
Table 1 API group informationParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+API group name. It is recommended that you enter a name based on naming rules to facilitate search.
+ |
+
+Description
+ |
+Description of the API group.
+ |
+
+
+
+
+
- Click OK. The system automatically allocates a subdomain name to the API group. APIs in the group can be debugged using the domain name.
+
(Optional) Creating an Environment
+- In the navigation pane, choose API Publishing > Environments.
- Click Create Environment and set the environment information.
+
Table 1 Environment informationParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Environment name. It is recommended that you enter a name based on naming rules to facilitate search.
+ |
+
+Description
+ |
+Description of the environment.
+ |
+
+
+
+
+
- Click OK.
+
Publishing an API
+- In the navigation pane, choose API Publishing > APIs.
- Locate the API created in Creating an API, and click Publish.
- Select the environment where the API will be published.
+
- Click Publish.
+
Calling APIs
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307008.html b/docs/apig/umn/apig-en-ug-180307008.html
new file mode 100644
index 000000000..935d05f76
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307008.html
@@ -0,0 +1,18 @@
+
+
+Process Flow
+The following figure shows the process of calling an API.
+
+
+
- Obtaining an API
Obtain an API and its documentation from an API provider.
+ - Creating an App and Getting Authorized
APIs that use app authentication can only be called using apps bound to them.
+ - Adding an AppCode for Simple Authentication
APIG only verifies the AppCode during simple authentication.
+ - Calling the API
Use an API test tool to call the API with app authentication credentials.
+
+
Adding an AppCode for Simple Authentication
+- In the app list, click the app created in Creating an App and Getting Authorized to go to the app details page.
- Click the AppCodes tab.
- Click Add AppCode.
- Select Automatically generated.
+
- Click OK.
+
Creating an App and Getting Authorized
+Creating an App
- In the navigation pane, choose API Calling > Apps.
- Click Create App and set basic app information.
+
Table 1 App informationParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+App name. It is recommended that you enter a name based on naming rules to facilitate search.
+ |
+
+Description
+ |
+Description of the app.
+ |
+
+
+
+
- Click OK.
+
+
Binding an App to an API
- In the Operation column of the created app, click Bind to API, and then click Select API.
- At the top of the API list, click Select API.
- Select the environment, API group, and API created in Opening APIs, and click OK.
+
+
+
Calling an API
+Use an API test tool to configure the API calling information.
+
- Obtain the API request information.
For illustration purposes, an API and its documentation are obtained through offline channels. You can also obtain the authentication mode, request method, request path, and other information about the API.
+ - Add the header parameter X-Apig-AppCode and set the parameter value to the generated AppCode.
- Add the header parameter x-stage and set the parameter value to the running environment. Skip this step if the API has been published in the RELEASE environment.
- Click Send to send a request.
If the API is called successfully, the message 200 OK is displayed.
+
+
+
API Group Management
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307015.html b/docs/apig/umn/apig-en-ug-180307015.html
new file mode 100644
index 000000000..ad9696419
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307015.html
@@ -0,0 +1,41 @@
+
+
+Creating an API Group
+Scenario
Before creating an API, you must create an API group. An API group contains different APIs used for the same service.
+
Each API can only belong to one API group.
+
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > API Groups.
- Click Create API Group, and set the parameters described in Table 1.
+
Table 1 Parameters for creating an API groupParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+API group name.
+ |
+
+Description
+ |
+Description of the API group.
+ |
+
+
+
+
- Click OK.
After the API group is created, it is displayed in the API group list.
- The system automatically allocates a subdomain name to the API group for internal testing. The subdomain name can be accessed 1000 times a day.
- A default API group is automatically generated for each dedicated gateway. APIs in the default group can be called using the IP address of the VPC where the dedicated gateway is deployed.
- To make your APIs available for users to access, bind independent domain names to the API group to which the APIs belong.
+
+
+
+
Follow-Up Operations
After the API group is created, bind independent domain names to it so that API callers can use the domain names to call APIs in the group. For more information, see Binding a Domain Name.
+
+
Deleting an API Group
+Scenario
You can delete an API group if you do not require it.
+
API groups that contain APIs cannot be deleted.
+
+
+
Prerequisites
You have created an API group.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > API Groups.
- Delete an API group. You can use one of the following methods:
- In the Operation column of the target API group, choose More > Delete.
- Click the name of the target API group, and click Delete Group in the upper right corner of the displayed API group details page.
+ - Enter DELETE and click Yes.
+
+
API Management
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307020.html b/docs/apig/umn/apig-en-ug-180307020.html
new file mode 100644
index 000000000..0b7b3d4fc
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307020.html
@@ -0,0 +1,517 @@
+
+
+Creating an API
+Scenario
You can selectively expose your services by configuring their APIs in APIG.
+
To create an API, set the basic information and define the API request, backend service, and responses.
+
APIG uses a REST-based API architecture, so API opening and calling must comply with related RESTful API specifications.
+
+
+
Prerequisites
- You have created an API group. If no API group is available, create one during API creation.
- If the backend service of the API is deployed in a VPC, you have created a VPC channel to access the service by following the procedure in Creating a VPC Channel. You can also create a VPC channel during API creation.
+
+
Setting Basic Information
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Click Create API, and set the parameters listed in Table 1.
+
Table 1 Basic informationParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+API name. It is recommended that you enter a name based on naming rules to facilitate search.
+ |
+
+API Group
+ |
+The group to which the API belongs.
+If no API group is available, click Create API Group to create one.
+ |
+
+Gateway Response
+ |
+Displayed if APIG fails to process an API request.
+APIG provides a set of default responses and also allows you to create gateway responses with custom status codes and content, on the API Groups page. The response content must be in JSON format.
+ |
+
+Visibility
+ |
+Determine whether the API is available to the public. Options:
+
+ |
+
+Security Authentication
+ |
+The following authentication modes are available:
+- App: Requests for the API will be authenticated by APIG.
- IAM: Requests for the API will be authenticated by Identity and Access Management (IAM).
- Custom: Requests for the API will be authenticated by using your own authentication system or service (for example, an OAuth-based authentication system).
- None: No authentication will be required.
+The API calling method varies depending on the authentication mode. For details, see Developer Guide.
+App authentication is recommended.
+ NOTICE: - If you set the authentication mode of an API to IAM, any APIG user can access the API, which can result in excessive charges if the API is bombarded with malicious requests.
- If you set the authentication mode of an API to None, any user can access the API over public networks, which can result in excessive charges if the API is bombarded with malicious requests.
- If you set the authentication mode of an API to Custom, you can create a function in FunctionGraph to interconnect with your own authentication system or service. This authentication mode is not supported in regions where FunctionGraph is unavailable.
+
+ |
+
+Simple Authentication
+ |
+This parameter is available only if you set Security Authentication to App.
+If you select app authentication, you can configure whether to enable simple authentication. In simple authentication, the X-Apig-AppCode parameter is added to the HTTP request header for quick response. APIG verifies only the AppCode and the request content does not need to be signed.
+Simple authentication only supports HTTPS requests and does not support HTTP requests. For details, see Adding an AppCode for Simple Authentication.
+ NOTE: After you enable simple authentication for an existing API, you need to publish the API again. For details, see Publishing an API.
+
+ |
+
+Custom Authorizer
+ |
+This parameter is mandatory if Security Authentication is set to Custom.
+Select a custom authorizer if you set Security Authentication to Custom. If no custom authorizer is available, click Create Custom Authorizer to create one.
+ |
+
+Tag Name
+ |
+Classification attribute used to quickly identify the API from other APIs.
+ |
+
+Description
+ |
+Description of the API.
+ |
+
+
+
+
+
- Click Next.
+
+
Defining API Request
- On the Define API Request page, set the parameters listed in Table 2.
+
Table 2 Parameters for defining API requestsParameter
+ |
+Description
+ |
+
|---|
+
+Domain Name
+ |
+The subdomain automatically allocated to the API group.
+ |
+
+Protocol
+ |
+The protocol used for calling the API. Options:
+
+HTTPS is recommended for transmitting important or sensitive data.
+ |
+
+Path
+ |
+The path for requesting the API.
+Enter a path in the format of "/users/{userId}/projects".
+- The variable in braces ({}) is a request parameter. Ensure that it is an entire segment between a pair of slashes (/). A segment that is not marked by a pair of slashes, for example, /abc{userId}, is not supported. If you set the matching mode to Exact match, you can add a plus sign (+) to the end of the request parameter, for example, /users/{p+}. The variable p matches the segments between one or multiple pairs of slashes (/).
- Ensure that you define the parameters contained in the request path as input parameters.
- The content is case-sensitive.
+ |
+
+Matching
+ |
+Options:
+
+ NOTE: - Exact match takes precedence over prefix match. Prefix match with a short prefix has a lower priority.
For example, for request path /a/b/c (exact match), /a (prefix match), and /a/b (prefix match), the matching order is /a/b/c > /a/b > /a.
+ - If you set the matching mode to Prefix match, the characters of the API request path excluding the prefix are transparently transmitted to the backend service.
For example, if you define the frontend and backend request paths of an API as /test/ and /test2/, respectively, and the API is called using /test/AA/CC, the characters AA/CC will be transparently transmitted to the backend service. The request URL received by the backend service is /test2/AA/CC/.
+
+
+ |
+
+Method
+ |
+The API calling method. The options are GET, POST, DELETE, PUT, PATCH, HEAD, OPTIONS, and ANY.
+- ANY indicates that the API can be called using any request method.
- If you set Method to POST, PUT, PATCH, or ANY, set the request body.
+ |
+
+CORS
+ |
+Determine whether to enable cross-origin resource sharing (CORS).
+CORS allows browsers to send XMLHttpRequest to servers in other domains, overcoming the limitation that Asynchronous JavaScript and XML (AJAX) can be used only within the same domain.
+There are two types of CORS requests:
+- Simple requests: requests that have the Origin field in the header.
- Not-so-simple requests: HTTP requests sent before the actual request.
+If you enable CORS, you need to create another API that uses the OPTIONS method. For details, see CORS.
+ |
+
+
+
+
+
- (Optional) Set input parameters.
Input parameters are transmitted together with the request when the API is called.
- Click Add Input Parameter.
- Set the parameters listed in Table 3.
+
Table 3 Input parameter definitionParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Name of the input parameter. If you set the parameter location to PATH, ensure that the parameter name is the same as that defined in the request path.
+ NOTE: - The parameter name is not case-sensitive. It cannot start with x-apig- or x-sdk-.
- The parameter name cannot be x-stage.
- If you set the parameter location to HEADER, ensure that the parameter name is not Authorization or X-Auth-Token and does not contain underscores (_).
+
+ |
+
+Location
+ |
+Position of the parameter in requests. The options are PATH, HEADER, and QUERY.
+ NOTE: If you set the parameter location to PATH, you must include the parameter in the request path.
+
+ |
+
+Type
+ |
+Type of the parameter value. Options: STRING and NUMBER.
+ NOTE: Set the type of Boolean parameters to STRING.
+
+ |
+
+Mandatory
+ |
+Determine whether the input parameter is required in each request sent to call the API. If you select Yes, API requests that do not contain the input parameter will be rejected.
+ |
+
+Passthrough
+ |
+Determine whether to transparently transmit the input parameter to the backend service.
+ |
+
+Default Value
+ |
+The value that will be used if no value is specified for the input parameter when the API is called. If the input parameter is not specified in a request, APIG will automatically send the default value to the backend service.
+ |
+
+Enumerated Value
+ |
+Enumerated value of the input parameter. Use commas (,) to separate multiple enumerated values. The value of this input parameter can only be one of the enumerated values.
+ |
+
+Minimum Length
+ |
+The minimum length of the parameter value. Only numbers are allowed.
+ |
+
+Maximum Length
+ |
+The maximum length of the parameter value. Only numbers are allowed.
+ |
+
+Example
+ |
+Example value for the parameter.
+ |
+
+Description
+ |
+Description of the parameter.
+ |
+
+
+
+
- Click OK.
+
- Click Next.
+
+
Defining Backend Service
APIG allows you to define multiple backend policies for different scenarios. Requests that meet specified conditions will be forwarded to the corresponding backend. For example, you can have certain requests to an API forwarded to a specific backend by specifying the source IP address in the policy conditions of the backend.
+
You can define a maximum of five backend policies for an API in addition to the default backend.
+
- Define the default backend.
API requests that do not meet the conditions of any backend will be forwarded to the default backend.
+On the Define Backend Request page, select a backend type.
+Table 4 and Table 5 describe the backend service parameters.
+
+Table 4 Parameters for defining an HTTP/HTTPS backend serviceParameter
+ |
+Description
+ |
+
|---|
+
+Protocol
+ |
+HTTP or HTTPS. This protocol must be the one used by the backend service.
+ NOTE: - WebSocket is supported for HTTP and HTTPS.
- HTTPS is recommended for transmitting important or sensitive data.
+
+ |
+
+Method
+ |
+The API calling method. The options are GET, POST, DELETE, PUT, PATCH, HEAD, OPTIONS, and ANY.
+ANY indicates that the API can be called using any request method.
+ |
+
+VPC Channel
+ |
+Determine whether the backend service will be accessed using a VPC channel.
+- If yes, select a VPC channel.
To ensure a successful health check and service availability, configure the security groups of cloud servers in each VPC channel to allow access from 100.125.0.0/16.
+ - If no, configure the backend service address.
Enter a backend address in the format of "backend service IP address or domain name":"port number". The default port (80 for HTTP and 443 for HTTPS) will be used if no port is specified.
+To use environment variables in the backend address, enclose the variables with number signs (#), for example, #ipaddress#. You can use multiple environment variables, for example, #ipaddress##test#.
+
+ |
+
+Host Header (if applicable)
+ |
+This parameter is available only if you set VPC Channel to Configure.
+Define a host header for requests to be sent to cloud servers associated with the VPC channel. By default, the original host header in each request will be used.
+ |
+
+Path
+ |
+The request path (URI) of the backend service. Ensure that any parameters in the path are enclosed in braces ({}). For example, /getUserInfo/{userId}.
+If the path contains an environment variable, enclose the environment variable in number signs (#), for example, /#path#. You can use multiple environment variables, for example, /#path##request#.
+ |
+
+Timeout (ms)
+ |
+Backend request timeout.
+If a backend timeout error occurs during API debugging, increase the timeout to locate the reason.
+ NOTE: For dedicated gateways, you can modify the maximum timeout by referring to Configuration Parameters. The value range is 1 ms to 600,000 ms.
+
+ |
+
+Two-way Authentication
+ |
+Determine whether to allow APIG to authenticate the API backend service through HTTPS. For details about how to configure the certificate for two-way authentication, see Configuration Parameters.
+ |
+
+Backend Authentication
+ |
+Determine whether your backend service needs to authenticate API requests.
+If you enable this option, select a custom authorizer for backend authentication. Custom authorizers are functions that are created in FunctionGraph to implement an authentication logic or to invoke an authentication service.
+ NOTE: Backend authentication relies on FunctionGraph and is only available in certain regions.
+
+ |
+
+
+
+
Table 5 Parameters for defining a Mock backend serviceParameter
+ |
+Description
+ |
+
|---|
+
+Status Code
+ |
+This parameter is available only after you upgrade the Shubao component.
+ |
+
+Response
+ |
+You can use Mock for API development, debugging, and verification. It enables APIG to return a response without sending the request to the backend. This is useful if you need to test APIs when the backend is unavailable.
+ |
+
+Backend Authentication
+ |
+For details, see the description about backend authentication in Table 4.
+ |
+
+Header Parameters
+ |
+API response headers.
+Click Add Header, and enter the parameter name, value, and description.
+ |
+
+
+
+
- If you have defined an environment variable in the backend request path, the API cannot be debugged on the API debugging page.
- For variables defined in the backend request path of an API, corresponding environment variables and their values must be configured. Otherwise, the API cannot be published because there will be no values that can be assigned to the variables.
- Environment variable names are case-sensitive.
+
+ - (Optional) Add a backend policy.
You can add backend policies to forward requests to different backend services.
+- Click Add Backend Policy.
- Set parameters by referring to Table 6 and Table 4.
+
Table 6 Backend policy parametersParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+The backend policy name.
+ |
+
+Effective Mode
+ |
+- Any condition met: The backend policy takes effect if any of the policy conditions has been met.
- All conditions met: The backend policy takes effect only when all the policy conditions have been met.
+ |
+
+Policy Conditions
+ |
+Conditions that must be met for the backend policy to take effect. Set conditions by referring to Table 7.
+ |
+
+
+
+
+
+
Table 7 Policy conditionsParameter
+ |
+Description
+ |
+
|---|
+
+Source
+ |
+- Source IP address
- Input parameter
+ NOTICE: Input parameters (for example, headers) set as policy conditions must have already been defined in the API request settings.
+
+ |
+
+Parameter Name
+ |
+- When setting Source to Input parameter, select an input parameter.
+ |
+
+Parameter Location
+ |
+The parameter location is displayed only if you set Source to Input parameter.
+ |
+
+Condition Type
+ |
+This parameter is required only if you set Source to Input parameter.
+- Equal: The request parameter must be equal to the specified value.
- Enumerated: The request parameter must be equal to any of the enumerated values.
- Matching: The request parameter must be equal to any value of the regular expression.
+ |
+
+Condition Value
+ |
+Set a condition value according to the condition type. - Equal: Enter a value.
- Enumerated: Enter multiple values and separate them using commas.
- Matching: Enter a range, for example, [0-5].
+ If you have set Source to Source IP address, enter one or more IP addresses and separate them using commas.
+ |
+
+
+
+
+
+ - (Optional) Set backend parameters.
Input parameters of the API are mapped to corresponding backend parameters in backend requests.
+- Click
next to Backend Parameters, and define backend parameters. You can use one of the following methods:- Click Import Input Parameter. All the defined input parameters are automatically displayed.
- Click Add Backend Parameter Mapping, and add required backend parameters.
+ - Modify the mappings based on the parameters and their locations in backend requests. Figure 1 highlights the backend parameters.
Figure 1 Configuring backend parameters
+- If you set the parameter location to PATH, ensure that the parameter name is the same as that defined in the backend request path.
- The name and location of an input parameter can be different from those of the mapped backend request parameter.
- The parameter name is not case-sensitive. It cannot start with x-apig- or x-sdk-.
- The parameter name cannot be x-stage.
- If you set the parameter location to HEADER, ensure that the parameter name does not contain underscores (_).
+
+ - In the preceding figure, parameters test01 and test03 are located in the path and query positions of API requests, and their values will be received in the header of backend requests. test02 is located in the header of API requests, and its value will be received through test05 in the path of backend requests.
For example, test01 is abc, test02 is def, and test03 is xyz.
+API request:
+curl -ik -H 'test02:def' -X GET https://www.example01.com/v1.0/abc?test03=xyz
+Backend request:
+curl -ik -H 'test01:abc' -H 'test03:xyz' -X GET https://www.example02.com/v1.0/def
+
+
+ - (Optional) Set constant parameters.
You can define constant parameters for the backend service to receive constants that are invisible to API callers. APIG adds constant parameters to specified positions in the request sent to the backend service.
+ Constant parameters will be stored as plaintext. To prevent information leakage, do not contain sensitive information in these parameters.
+
+- Click next to Constant Parameters.
- Click Add Constant Parameter, and set the parameters listed in Table 8.
+
Table 8 Setting constant parametersParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Constant parameter name. If you set the parameter location to PATH, ensure that the parameter name is the same as that defined in the backend request path.
+ NOTE: - The parameter name is not case-sensitive. It cannot start with x-apig- or x-sdk-.
- The parameter name cannot be x-stage.
- If you set the parameter location to HEADER, ensure that the parameter name does not contain underscores (_).
+
+ |
+
+Location
+ |
+Position of the parameter in requests.
+The options are PATH, QUERY, and HEADER.
+ |
+
+Value
+ |
+Value of the parameter.
+ |
+
+Description
+ |
+Description of the constant parameter.
+ |
+
+
+
+
- APIG sends requests containing constant parameters to backend services after percent-encoding of special parameter values. Ensure that the backend services support percent-encoding. For example, parameter value [apig] becomes %5Bapig%5D after percent-encoding.
- For values of path parameters, the following characters will be percent-encoded: ASCII codes 0–31, blank symbols, ASCII codes 127–255, and special characters ?></%#"[\]^`{|}
- For values of query strings, the following characters will be percent-encoded: ASCII codes 0–31, blank symbols, ASCII codes 127–255, and special characters >=<+&%#"[\]^`{|}
+
+
+ - (Optional) Set system parameters.
System parameters refer to runtime parameters regarding gateway running and frontend and backend authentications. The parameters are transferred to the API backend service for access control and custom authentication.
- Click next to System Parameters.
- Click Add System Parameter, and set the parameters listed in Table 9.
+
Table 9 System parametersParameter
+ |
+Description
+ |
+
|---|
+
+System Parameter Type
+ |
+- Default gateway parameter: Default parameters supported by APIG.
- Frontend authentication parameter: Parameters to be displayed in the frontend custom authentication result. This option is available only if you select Custom for Security Authentication on the Set Basic Information page.
- Backend authentication parameter: Parameters to be displayed in the backend custom authentication result. This option is available only if you enable Backend Authentication on the Define Backend Request page.
+ |
+
+System Parameter Name
+ |
+
+ |
+
+Backend Parameter Name
+ |
+Name of the backend parameter to which the system parameter will be mapped.
+ NOTE: - The parameter name is not case-sensitive. It cannot start with x-apig- or x-sdk-.
- The parameter name cannot be x-stage.
- If you set the parameter location to HEADER, ensure that the parameter name does not contain underscores (_).
+
+ |
+
+Backend Parameter Location
+ |
+Position of the backend parameter in requests.
+ |
+
+Description
+ |
+Description of the system parameter.
+ |
+
+
+
+
+
+
- Click Next.
+
+
Defining Responses
- On the Define Response page, set the parameters listed in Table 10.
+
Table 10 Defining responsesParameter
+ |
+Description
+ |
+
|---|
+
+Example Success Response
+ |
+An example of a response returned when the API is called successfully.
+ |
+
+Example Failure Response
+ |
+An example of a response returned when the API fails to be called.
+ |
+
+
+
+
- Click Finish.
After the API is created, click its name in the API list to view details.
+
+
+
Follow-Up Operations
After creating an API, verify it by following the procedure in Debugging an API.
+
+
Authorizing Apps to Call an API
+Scenario
APIs using app authentication can only be called by apps that have been authorized to call them.
+
- You can only authorize apps to call published APIs.
- You can authorize apps only to call APIs that use app authentication.
+
+
+
Prerequisites
- You have created an API group and API.
- (Optional) You have created an environment.
- You have created an app.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Authorize apps to call an API. You can use one of the following methods:
- In the Operation column of the target API, choose More > Authorize App, and then click Select App.
- Select the target API, click Authorize App over the API list, and then click Select App.
- Authorize apps through the API details page.
- Click the name of the target API.
- Click the Authorization tab.
- Click Select App.
+
+ To authorize an app to access multiple APIs, select the APIs, and click Authorize App. Click Select App, select the app you wish to authorize, and click OK. You can grant access to a maximum of 1000 APIs at a time.
+
+ - Select an environment, search for and select desired apps, and click OK.
+
- After the authorization is complete, view the authorized apps on the Authorization tab page or the Authorize App page.
If an app does not need to call the API, click Cancel Authorization in the row containing the app to unbind it.
+
+
+
+
Follow-Up Operations
After you authorize an app to call an API, the API can be called using SDKs of different programming languages.
+
+
Publishing an API
+Scenario
APIs can be called only after they have been published in an environment. You can publish APIs in different environments. APIG allows you to view the publication history (such as the version, description, time, and environment) of each API, and supports rollback of APIs to different historical versions.
+
- If you modify a published API, you must publish it again for the modifications to take effect in the environment in which the API has been published.
- A maximum of 10 publication records of an API are retained in an environment.
+
+
+
Prerequisites
- You have created an API group and API.
- You have created an environment.
+
+
Publishing an API
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Publish an API. You can use one of the following methods:
- Click Publish in the row containing the API you want to publish.
- Click the name of the target API, and click Publish in the upper right corner of the displayed API details page.
+ To publish multiple APIs, select the APIs, and click Publish. You can publish a maximum of 1000 APIs at a time.
+
+ - Select the environment where the API will be published, and enter a description.
- If the API has already been published in the environment, publishing it again will overwrite its definition in that environment.
- If there is no environment that meets your requirements, create a new one.
+
+ - Click Publish.
+
+
Viewing Publication History
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Click the name of the target API.
- Click the Publication History tab.
The publication history of the API is displayed.
+ - Click View Details in the Operation column of a version.
The View Details dialog box displays the basic information, frontend and backend request information, input and constant parameters, parameter mappings, and example responses of the API.
+ - To roll back the API to a historical version, click Switch Version in the row containing the target version, and click Yes.
If "current version" is displayed next to the target version, the rollback was successful.
+When the API is called, configuration of the current version is used instead of the previously saved configuration.
+For example, an API was published in the RELEASE environment on August 1, 2018. On August 20, 2018, the API was published in the same environment after modification. If the version published on August 1 is set as the current version, configuration of this version will be used when the API is called.
+
+
+
+
Taking an API Offline
+Scenario
You can remove APIs that you do not need from the environments where the APIs have been published.
+
This operation will cause the APIs to be inaccessible in the environments. Ensure that you have notified users before this operation.
+
+
+
Prerequisites
- You have created an API group and API.
- You have published the API.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Take the API offline. You can use one of the following methods:
- In the Operation column of the target API, choose More > Take Offline.
- Click the name of the target API, and click Take Offline in the upper right corner of the API details page.
+ To take multiple APIs offline, select the APIs, and click Take Offline. You can take a maximum of 1000 APIs offline at a time.
+
+ - Select the environment from which you want to take the API offline, and click Yes.
+
+
Follow-Up Operations
After taking an API offline, delete it based on the instructions provided in Deleting an API.
+
+
Debugging an API
+Scenario
After creating an API, debug it on the APIG console by setting HTTP headers and body parameters to verify whether the API is running normally.
+
- APIs with backend request paths containing variables cannot be debugged.
- If an API has been bound with a request throttling policy, the policy will not work during debugging of the API.
+
+
+
Prerequisites
- You have created an API group and API.
- You have set up the backend service of the API.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Debug an API. You can use one of the following methods:
- In the Operation column of the API you want to debug, choose More > Debug.
- Click the name of the target API, and click Debug in the upper right corner of the displayed API details page.
+On the left side, set the API request parameters listed in Table 1. On the right side, view the API request and response information after you click Send Request.
+
+Table 1 Parameters for debugging an APIParameter
+ |
+Description
+ |
+
|---|
+
+Protocol
+ |
+This parameter can be modified only if you set Protocol to HTTP&HTTPS for the API.
+ |
+
+Method
+ |
+This parameter can be modified only if you set Method to ANY for the API.
+ |
+
+Suffix
+ |
+You can define a path only if you have set Matching to Prefix match for the API.
+ |
+
+Path
+ |
+Request path of the API.
+ |
+
+Path Parameters
+ |
+This parameter can be modified only if you have defined path parameters (such as {test}) for the API.
+ |
+
+Query Strings
+ |
+Query string parameters and values.
+ |
+
+Headers
+ |
+HTTP headers and values.
+ |
+
+Body
+ |
+This parameter can be modified only if you set Method to PATCH, POST, or PUT for the API.
+ |
+
+
+
+
The fields displayed on the debugging page vary according to the request type.
+
+ - After setting request parameters, click Send Request.
The box on the lower right displays the response of the API request.
+- If the debugging is successful, the HTTP status code 200 and response details are displayed.
- If the request fails to be sent, an HTTP status code 4xx or 5xx is displayed. For details, see Error Codes.
+ - You can send more requests with different parameters and values to verify the API.
To modify the API configurations, click Edit in the upper right corner, and modify the parameters on the Edit API page.
+
+
+
+
+
Deleting an API
+Scenario
You can delete published APIs you no longer require.
+
- Deleted APIs cannot be accessed by apps or users who were using the APIs, so make sure you notify users before the deletion.
- Published APIs must be first taken offline and then deleted.
+
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Delete the API. You can use one of the following methods:
- In the Operation column of the API you want to delete, choose More > Delete.
- Click the name of the target API, and click Delete in the upper right corner of the displayed API details page.
+ To delete multiple APIs, select the APIs, and click Delete. You can delete a maximum of 1000 APIs at a time.
+
+ - Enter DELETE and click Yes.
+
+
Request Throttling
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307029.html b/docs/apig/umn/apig-en-ug-180307029.html
new file mode 100644
index 000000000..971739817
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307029.html
@@ -0,0 +1,86 @@
+
+
+Creating a Request Throttling Policy
+Scenario
Request throttling controls the number of times an API can be called within a time period to protect backend services.
+
To provide stable, uninterrupted services, you can create request throttling policies to control the number of calls made to your APIs.
+
Request throttling policies take effect for an API only if they have been bound to the API.
+
- An API can be bound with only one request throttling policy for a given environment, but each request throttling policy can be bound to multiple APIs.
- For a dedicated gateway, the limit is the value of ratelimit_api_limits you have configured on the Configuration Parameters page.
+
+
+
Prerequisites
You have published the API to which you want to bind a request throttling policy.
+
+
Creating a Request Throttling Policy
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Request Throttling.
- Click Create Request Throttling Policy, and set the parameters listed in Table 1.
+
+
Table 1 Parameters for creating a request throttling policyParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Request throttling policy name.
+ |
+
+Type
+ |
+API-based or API-shared request throttling.
+- API-based: Request throttling is based on every API to which the policy is bound.
- API-shared: Request throttling is based on all APIs as a whole to which the policy is bound.
+ |
+
+Period
+ |
+For how long you want to limit the number of API calls. This parameter can be used together with the following parameters:
+- Max. API Requests: Limit the maximum number of times an API can be called within a specific period.
- Max. User Requests: Limit the maximum number of times an API can be called by a user within a specific period.
- Max. App Requests: Limit the maximum number of times an API can be called by an app within a specific period.
- Max. IP Address Requests: Limit the maximum number of times an API can be called by an IP address within a specific period.
+ |
+
+Max. API Requests
+ |
+The maximum number of times each bound API can be called within the specified period.
+This parameter must be used together with Period.
+ |
+
+Max. User Requests
+ |
+The maximum number of times each bound API can be called by a user within the specified period. This limit only applies to APIs that are accessed through app or IAM authentication.
+- The value of this parameter cannot exceed that of Max. API Requests.
- This parameter must be used together with Period.
- If there are many users under your account that access an API, the request throttling limits of the API will apply to all these users.
+ |
+
+Max. App Requests
+ |
+The maximum number of times each bound API can be called by an app within the specified period. This limit only applies to APIs that are accessed through app authentication.
+- The value of this parameter cannot exceed that of Max. User Requests.
- This parameter must be used together with Period.
+ |
+
+Max. IP Address Requests
+ |
+The maximum number of times each bound API can be called by an IP address within the specified period.
+- The value of this parameter cannot exceed that of Max. API Requests.
- This parameter must be used together with Period.
+ |
+
+Description
+ |
+Description of the request throttling policy.
+ |
+
+
+
+
+
- Click OK.
After the policy is created, it is displayed on the Request Throttling page. You can bind this policy to APIs to throttle API requests.
+
+
+
Binding a Request Throttling Policy to an API
- Go to the page for binding a request throttling policy to an API. You can use one of the following methods:
- In the Operation column of the request throttling policy to be bound, click Bind to API, and then click Select API.
- Click the name of the target request throttling policy, and click Select API on the APIs tab page.
+ - Specify an API group, environment, and API name keyword to search for the desired API.
- Select the API and click OK.
If a request throttling policy is no longer needed for an API, you can unbind it. To unbind a request throttling policy from multiple APIs, select the APIs, and click Unbind. You can unbind a request throttling policy from a maximum of 1000 APIs at a time.
+
+
+
+
Follow-Up Operations
To control the maximum number of API calls received from a specific app or tenant, specify the app or tenant to exclude by referring to Adding an Excluded App or Tenant. If an app is excluded in a request throttling policy, any threshold configured for that app takes precedence over the request throttling policy. The API and user request limits of this policy are still valid. If a tenant is excluded in a request throttling policy, any threshold configured for that tenant will be applied. The API and app request limits of this policy are still valid.
+
+
Deleting a Request Throttling Policy
+Scenario
You can delete request throttling policies you no longer require.
+
+
Prerequisites
You have created a request throttling policy.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Request Throttling.
- Delete a request throttling policy. You can use one of the following methods:
- In the Operation column of the request throttling policy you want to delete, click Delete.
- Click the name of the target request throttling policy, and click Delete in the upper right corner of the displayed request throttling policy details page.
+ - If a request throttling policy has been bound to an API, unbind the policy and then delete it. To unbind a request throttling policy, go to the policy details page, click Unbind in the row that contains the API from which you want to unbind the policy, and click Yes.
- To delete multiple request throttling policies, select the policies, and click Delete. You can delete a maximum of 1000 request throttling policies at a time.
+
+ - Click Yes.
+
+
Adding an Excluded App or Tenant
+Scenario
If you want to control the number of API calls received from a specific app or tenant, add an excluded app or tenant to a request throttling policy.
+
+
Prerequisites
You have created an app or obtained an app ID of another account or an account ID.
+
+
Adding an Excluded App
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Request Throttling.
- Click the name of the target request throttling policy.
- On the displayed request throttling policy details page, click the Excluded Apps tab.
- Click Select Excluded App.
- Select an app to exclude. You can use one of the following methods:
- To select an existing app, click Existing, select an app, and enter a threshold.
- To select an app of other tenants, click Cross-tenant, and enter the app ID and a threshold.
Excluded app thresholds take precedence over the value of Max. App Requests.
+
For example, a request throttling policy has been configured, with Max. API Requests being 10, Max. App Requests being 3, Period being 1 minute, and two excluded apps (max. 2 API requests for app A and max. 4 API requests for app B). If the request throttling policy is bound to an API, apps A and B can access the API 2 and 4 times within 1 minute, respectively.
+
+
+
+
+
Adding an Excluded Tenant
- Log in to the management console.
- Hover the mouse pointer over the username, click the username, and choose My Credentials from the drop-down list.
- On the My Credentials page, view the account ID and project ID.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Request Throttling.
- Click the name of the target request throttling policy.
- Click the Excluded Tenants tab.
- Click Select Excluded Tenant.
- In the Select Excluded Tenant dialog box, set the parameters listed in Table 1.
+
Table 1 Excluded tenant configurationParameter
+ |
+Description
+ |
+
|---|
+
+Account ID
+ |
+Account ID or project ID obtained in 3.
+- Enter a project ID if you will bind or have bound this policy to an API that uses app authentication.
- Enter an account ID if you will bind or have bound this policy to an API that uses IAM authentication.
+ |
+
+Threshold
+ |
+The maximum number of times an API can be called by the tenant within a specified period.
+The value of this parameter cannot exceed that of Max. API Requests.
+ |
+
+
+
+
- Click OK.
Excluded tenant thresholds take precedence over the value of Max. User Requests.
+
For example, suppose a request throttling policy is configured, with Max. API Requests being 10, Max. User Requests being 3, Period being 1 minute, and two excluded tenants (max. 2 API requests for tenant A and max. 4 API requests for tenant B). If the request throttling policy is bound to an API, tenants A and B can access the API 2 and 4 times within 1 minute, respectively.
+
+
+
+
Removing an Excluded App or Tenant
+Scenario
You can remove excluded apps or tenants from a request throttling policy. This section takes an excluded app as an example.
+
+
Prerequisites
- You have created a request throttling policy.
- You have already added an excluded app or tenant to the request throttling policy.
+
+
Removing an Excluded App
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Request Throttling.
- Click the name of the target request throttling policy.
- Click the Excluded Apps tab on the displayed request throttling policy details page.
- In the Operation column of the app you want to remove, click Remove.
- Click Yes.
+
+
Removing an Excluded Tenant
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Request Throttling.
- Click the name of the target request throttling policy.
- Click the Excluded Tenants tab.
- In the Operation column of the tenant you want to remove, click Remove.
- Click Yes.
+
+
Environment Management
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307037.html b/docs/apig/umn/apig-en-ug-180307037.html
new file mode 100644
index 000000000..7e10b0963
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307037.html
@@ -0,0 +1,81 @@
+
+
+Creating an Environment and Environment Variable
+Scenario
An API can be called in different environments, such as production, testing, and development environments. RELEASE is the default environment provided by APIG. You can define environment variables to allow an API to be called in different environments.
+
Environment variables are manageable and specific to environments. You can create variables in different environments to call different backend services using the same API.
+
For variables you define during API creation, you must create corresponding variables and values. For example, variable Path is defined for an API, and two variables with the same name are created and assigned values /Stage/test and /Stage/AA in environments 1 and 2, respectively. If the API is published and called in environment 1, the path /Stage/test is used. If the API is published and called in environment 2, the path /Stage/AA is used.
+
Figure 1 Use of environment variables
+
You can create a maximum of 50 variables for an API group in each environment.
+
+
+
+
Creating an Environment
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Environments.
- Click Create Environment, and set the parameters listed in Table 1.
+
Table 1 Environment informationParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Environment name.
+ |
+
+Description
+ |
+Description of the environment.
+ |
+
+
+
+
- Click OK.
After the environment is created, it is displayed in the environment list.
+
+
+
Accessing an Environment
You can call an API in the RELEASE environment by using a RESTful API. To access the API in other environments, add the X-Stage header to the request to specify an environment name. For example, add X-Stage:DEVELOP to the request header to access an API in the DEVELOP environment.
+
APIG does not support API debugging using environment variables.
+
+
+
Creating an Environment Variable
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > API Groups.
- Create a variable. You can use one of the following methods:
- Click the name of the target API group, and click the Variables tab on the displayed API group details page.
- In the Operation column of the target API group, choose More > Manage Variable.
+ - Select an environment from the Environment drop-down list, and click Create Variable.
- Set the parameters listed in Table 2.
+
Table 2 Parameters for creating an environment variableParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Name of the variable you want to create. Ensure that the name is the same as the name of the variable defined for the API.
+ |
+
+Value
+ |
+The path to be used in the selected environment.
+ |
+
+
+
+
- Click OK.
If a variable is not needed, click Delete in the row containing the variable to delete it.
+
Environment variable names and values will be displayed in plain text in API requests. Do not include sensitive information in the variable names and values.
+
+
+
+
Follow-Up Operations
After creating an environment and variable, publish APIs in the environment so that they can be called by API callers.
+
+
Deleting an Environment
+Scenario
You can delete environments you no longer require.
+
+
Prerequisites
You have created an environment.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Environments.
- In the Operation column of the environment you want to delete, click Delete.
You can delete an environment only if no APIs have been published in the environment.
+
+ - Click Yes.
+
+
Signature Key Management
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307041.html b/docs/apig/umn/apig-en-ug-180307041.html
new file mode 100644
index 000000000..4252a796c
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307041.html
@@ -0,0 +1,72 @@
+
+
+Creating and Using a Signature Key
+Scenario
Signature keys are used by backend services to verify the identity of APIG.
+
A signature key consists of a key and secret, and can be used only after being bound to an API. When an API bound with a signature key is called, APIG adds signature details to the API request. The backend service of the API signs the request in the same way, and verifies the identity of APIG by checking whether the signature is consistent with that in the Authorization header sent by APIG.
+
Each API can only be bound with one signature key in a given environment, but each signature key can be bound to multiple APIs.
+
+
+
Procedure
- Create a signature key on the APIG console.
- Bind the signature key to an API.
- APIG sends signed requests containing a signature in the Authorization header to the backend service. The backend service can use different programming languages (such as Java, Go, Python, JavaScript, C#, PHP, C++, C, and Android) to sign each request, and check whether the two signatures are consistent.
+
Figure 1 Signature key process flow
+
+
Creating a Signature Key
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Signature Keys.
- Click Create Signature Key.
- In the Create Signature Key dialog box, set the parameters listed in Table 1.
+
Table 1 Parameters for creating a signature keyParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Signature key name.
+ |
+
+Type
+ |
+Type of the signature key. Select HMAC or Basic. This parameter is available only for dedicated gateways.
+ |
+
+Key
+ |
+Combined with Secret to form a signature key pair.
+- If you set Type to HMAC, enter the key of the key pair used for hash-based message authentication code (HMAC) authentication.
- If you set Type to Basic, enter the username used for basic authentication.
+ |
+
+Secret
+ |
+Combined with Key to form a signature key pair.
+- If you set Type to HMAC, enter the secret of the key pair used for HMAC authentication.
- If you set Type to Basic, enter the password used for basic authentication.
+ |
+
+Confirm Secret
+ |
+Enter the secret again.
+ |
+
+
+
+
+
- Click OK.
+
+
Binding a Signature Key to an API
- In the navigation pane, choose API Publishing > Signature Keys.
- Bind a signature key to an API. You can use one of the following methods:
- In the Operation column of the signature key to be bound to an API, click Bind to API.
- Click the name of the target signature key.
+ - Click Select API.
- Specify an API group, environment, and API name keyword to search for the desired API.
- Select the API and click OK.
If a signature key is no longer needed for an API, unbind it from the API.
+
+
+
+
Verifying the Signing Result
Sign each backend request by following the instructions in section "Creating Signatures for Backend Requests" of the API Gateway Developer Guide, and check whether the backend signature is consistent with the signature in the Authorization header of the API request.
+
+
Deleting a Signature Key
+Scenario
You can delete signature keys you no longer require.
+
+
Prerequisites
You have created a signature key.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Signature Keys.
- Delete a signature key. You can use one of the following methods:
- In the Operation column of the signature key you want to delete, click Delete.
- Click the name of the target signature key, and click Delete in the upper right corner of the displayed signature key details page.
+ If the signature key has been bound to any APIs, unbind it and then delete it.
+
+ - Click Yes.
+
+
App Management
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180307049.html b/docs/apig/umn/apig-en-ug-180307049.html
new file mode 100644
index 000000000..7988431c2
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180307049.html
@@ -0,0 +1,47 @@
+
+
+Creating an App and Obtaining Authorization
+Scenario
For an API that uses app authentication, you can create an app and use the app and its ID and key pair (AppKey and AppSecret) to call the API. You can use an app to call an API only after you bind the app to the API. When you call the API, replace the key pair in the SDK with your own key pair so that APIG can authenticate your identity. For details about app authentication, see
Developer Guide.
- If the authentication mode of the target API has been set to None or IAM, you do not need to create apps to call this API.
+
+
+
+
Creating an App
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Calling > Apps.
- Click Create App, and configure the app information.
+
Table 1 App informationParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+App name.
+ |
+
+Description
+ |
+Description of the app.
+ |
+
+
+
+
You can customize AppKeys and AppSecrets on dedicated gateways. An AppKey is an identifier and must be globally unique. It is automatically generated. You are not advised to customize one unless it is necessary.
+
+ - Click OK.
After the app is created, its name and ID are displayed in the app list.
+ - Click the app name, and view the AppKey and AppSecret on the app details page.
+
+
Binding an App to an API
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Calling > Apps.
- Bind an app to an API. You can use one of the following methods:
- In the Operation column of the app, click Bind to API, and then click Select API.
- Click the name of the target app, and click Select API.
+ - Select an environment, select an API, and click OK.
After the binding is complete, you can view the API on the app details page.
- Only APIs using app authentication can be bound with apps.
- An app can be bound to multiple APIs that use app authentication, and each such API can be bound with multiple apps.
- To debug an API to which the app is bound, click Debug in the row containing the API.
+
+
+
+
Follow-Up Operations
You can call APIs using different authentication methods. For details, see Calling APIs.
+
+
Deleting an App
+Scenario
You can delete apps you no longer require.
+
+
Prerequisites
You have created an app.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Calling > Apps.
- Delete an app. You can use one of the following methods:
- In the Operation column of the app you want to delete, click Delete.
- Click the name of the target app, and click Delete App in the upper right corner of the displayed app details page.
+ If the app has been bound to any APIs, you must unbind the app and then delete it.
+
+ - Click Yes.
+
+
Resetting the AppSecret of an App
+Scenario
You can reset the AppSecret of an app. The AppKey is unique and cannot be reset. When you reset the AppSecret, it becomes invalid and APIs bound to the app cannot be called. To enable API calls for that app again, you will need to update the AppSecret of the app you use.
+
+
Prerequisites
You have created an app.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Calling > Apps.
- Click the name of the target app.
- In the upper right corner of the displayed app details page, click Reset AppSecret.
- Click Yes.
+
+
Viewing API Details
+Scenario
You can view the details of an API to which an app has been bound.
+
+
Prerequisites
- You have created an app.
- The app has been bound to an API.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Calling > Apps.
- Click the name of the target app.
- Click the name of the target API to view its details.
+
+
APIG operations that can be recorded by CTS
+Enabling CTS
If you want to collect, record, or query operation logs for APIG in common scenarios such as security analysis, audit, and problem locating, enable Cloud Trace Service (CTS). For details, see section "Enabling CTS" in the Cloud Trace Service User Guide.
+
CTS provides the following functions:
+
- Recording audit logs
- Querying audit logs
- Dumping audit logs
- Encrypting trace files
- Enabling notifications of key operations
+
+
Viewing Key Operations
With CTS, you can record operations associated with APIG for future query, audit, and backtracking.
+
+
Table 1 APIG operations that can be recorded by CTSOperation
+ |
+Resource Type
+ |
+Trace Name
+ |
+
|---|
+
+Creating an API group
+ |
+ApiGroup
+ |
+createApiGroup
+ |
+
+Deleting an API group
+ |
+ApiGroup
+ |
+deleteApiGroup
+ |
+
+Updating an API group
+ |
+ApiGroup
+ |
+updateApiGroup
+ |
+
+Binding a domain name
+ |
+ApiGroup
+ |
+createDomainBinding
+ |
+
+Change minimum TLS version
+ |
+ApiGroup
+ |
+modifySecureTransmission
+ |
+
+Unbinding a domain name
+ |
+ApiGroup
+ |
+relieveDomainBinding
+ |
+
+Adding a domain certificate
+ |
+ApiGroup
+ |
+addDomainCertificate
+ |
+
+Deleting a domain certificate
+ |
+ApiGroup
+ |
+deleteDomainCertificate
+ |
+
+Creating an API
+ |
+Api
+ |
+createApi
+ |
+
+Deleting an API
+ |
+Api
+ |
+deleteApi
+ |
+
+Deleting multiple APIs
+ |
+Api
+ |
+batchDeleteApi
+ |
+
+Updating an API
+ |
+Api
+ |
+updateApi
+ |
+
+Publishing an API
+ |
+Api
+ |
+publishApi
+ |
+
+Taking an API offline
+ |
+Api
+ |
+offlineApi
+ |
+
+Publishing multiple APIs or taking APIs offline
+ |
+Api
+ |
+batchPublishOrOfflineApi
+ |
+
+Switching API versions
+ |
+Api
+ |
+switchApiVersion
+ |
+
+Taking an API version offline
+ |
+Api
+ |
+offlineApiByVersion
+ |
+
+Debugging an API
+ |
+Api
+ |
+debugApi
+ |
+
+Creating an environment
+ |
+Environment
+ |
+createEnvironment
+ |
+
+Deleting an environment
+ |
+Environment
+ |
+deleteEnvironment
+ |
+
+Updating an environment
+ |
+Environment
+ |
+updateEnvironment
+ |
+
+Creating an environment variable
+ |
+EnvVariable
+ |
+createEnvVariable
+ |
+
+Updating an environment variable
+ |
+EnvVariable
+ |
+updateEnvVariable
+ |
+
+Deleting an environment variable
+ |
+EnvVariable
+ |
+deleteEnvVariable
+ |
+
+Creating an app
+ |
+App
+ |
+createApp
+ |
+
+Deleting an app
+ |
+App
+ |
+deleteApp
+ |
+
+Updating an application
+ |
+App
+ |
+updateApp
+ |
+
+Resetting AppSecret
+ |
+App
+ |
+resetAppSecret
+ |
+
+Binding a client to an API
+ |
+AppAuth
+ |
+grantAuth
+ |
+
+Unbinding a client from an API
+ |
+AppAuth
+ |
+relieveAuth
+ |
+
+Creating a signature key
+ |
+Signature
+ |
+createSignature
+ |
+
+Deleting a signature key
+ |
+Signature
+ |
+deleteSignature
+ |
+
+Updating a signature key
+ |
+Signature
+ |
+updateSignature
+ |
+
+Binding a signature key
+ |
+SignatureBinding
+ |
+createSignatureBinding
+ |
+
+Unbinding a signature key
+ |
+SignatureBinding
+ |
+relieveSignatureBinding
+ |
+
+Creating an access control policy
+ |
+Acl
+ |
+createAcl
+ |
+
+Deleting an access control policy
+ |
+Acl
+ |
+deleteAcl
+ |
+
+Deleting access control policies
+ |
+Acl
+ |
+batchDeleteAcl
+ |
+
+Updating an access control policy
+ |
+Acl
+ |
+updateAcl
+ |
+
+Creating an access control blacklist
+ |
+Acl
+ |
+addAclValue
+ |
+
+Deleting an access control blacklist
+ |
+Acl
+ |
+deleteAclValue
+ |
+
+Binding an access control policy to an API
+ |
+AclBinding
+ |
+createAclBinding
+ |
+
+Unbinding an access control policy from an API
+ |
+AclBinding
+ |
+relieveAclBinding
+ |
+
+Unbinding multiple access control policies from APIs
+ |
+AclBinding
+ |
+batchRelieveAclBinding
+ |
+
+Creating a request throttling policy
+ |
+Throttle
+ |
+createThrottle
+ |
+
+Deleting a request throttling policy
+ |
+Throttle
+ |
+deleteThrottle
+ |
+
+Deleting multiple request throttling policies
+ |
+Throttle
+ |
+batchDeleteThrottle
+ |
+
+Updating a requesting throttling policy
+ |
+Throttle
+ |
+updateThrottle
+ |
+
+Binding a request throttling policy
+ |
+ThrottleBinding
+ |
+createThrottleBinding
+ |
+
+Unbinding a request throttling policy
+ |
+ThrottleBinding
+ |
+relieveThrottleBinding
+ |
+
+Unbinding multiple request throttling policies
+ |
+ThrottleBinding
+ |
+batchRelieveThrottleBinding
+ |
+
+Creating an excluded request throttling configuration
+ |
+ThrottleSpecial
+ |
+createSpecialThrottle
+ |
+
+Deleting an excluded request throttling configuration
+ |
+ThrottleSpecial
+ |
+deleteSpecialThrottle
+ |
+
+Updating an excluded request throttling configuration
+ |
+ThrottleSpecial
+ |
+updateSpecialThrottle
+ |
+
+Creating a load balance channel
+ |
+Vpc
+ |
+createVpc
+ |
+
+Deleting a load balance channel
+ |
+Vpc
+ |
+deleteVpc
+ |
+
+Updating a load balance channel
+ |
+Vpc
+ |
+updateVpc
+ |
+
+Adding members to a load balance channel
+ |
+Vpc
+ |
+addVpcMember
+ |
+
+Deleting members from a load balance channel
+ |
+Vpc
+ |
+deleteVpcMember
+ |
+
+Exporting an API
+ |
+Swagger
+ |
+swaggerExportApi
+ |
+
+Exporting multiple APIs
+ |
+Swagger
+ |
+swaggerExportApiList
+ |
+
+Exporting all APIs in a group
+ |
+Swagger
+ |
+swaggerExportApiByGroup
+ |
+
+Importing APIs to a new group
+ |
+Swagger
+ |
+swaggerImportApiToNewGroup
+ |
+
+Importing APIs to an existing group
+ |
+Swagger
+ |
+swaggerImportApiToExistGroup
+ |
+
+Exporting all custom backends
+ |
+Swagger
+ |
+SwaggerExportLdApi
+ |
+
+Importing custom backends
+ |
+Swagger
+ |
+SwaggerImportLdApi
+ |
+
+Creating a custom authorizer
+ |
+Authorizer
+ |
+createAuthorizer
+ |
+
+Deleting a custom authorizer
+ |
+Authorizer
+ |
+deleteAuthorizer
+ |
+
+Updating a custom authorizer
+ |
+Authorizer
+ |
+updateAuthorizer
+ |
+
+Creating a plug-in
+ |
+Plugin
+ |
+createPlugin
+ |
+
+Updating a plug-in
+ |
+Plugin
+ |
+updatePlugin
+ |
+
+Deleting a plug-in
+ |
+Plugin
+ |
+deletePlugin
+ |
+
+Binding a plug-in to an API
+ |
+Plugin
+ |
+pluginAttachApi
+ |
+
+Unbinding an API from a plug-in
+ |
+Plugin
+ |
+pluginDetachApi
+ |
+
+Binding a plug-in to an API
+ |
+Plugin
+ |
+apiAttachPlugin
+ |
+
+Unbinding a plug-in from an API
+ |
+Plugin
+ |
+apiDetachPlugin
+ |
+
+
+
+
+
+
Disabling CTS
Disable CTS by following the procedure in section "Deleting a Tracker" in the Cloud Trace Service User Guide.
+
+
Change History
+
+
Table 1 Change historyDate
+ |
+Description
+ |
+
|---|
+
+2022-12-30
+ |
+This issue is the first official release.
+ |
+
+
+
+
+
Binding a Domain Name
+Scenario
Before you open an API, you must bind one or more independent domain names to the group to which the API belongs.
+
- In a dedicated gateway, you cannot bind the same independent domain name to different API groups.
+
+
Note the following points before you bind a domain name:
+
- Subdomain name: After an API group is created, the system automatically allocates a unique subdomain name to it for internal testing. The subdomain name can be accessed 1000 times a day, but it cannot be modified.
- Independent domain name: You can add five custom domain names for API callers to call your open APIs. There is no limit on the number of times these domain names can be accessed.
+
+
Prerequisites
- There is an independent domain name available.
Dedicated gateway: An A record points the independent domain name to the address of the gateway. For details, see section "Adding an A Record Set" in the Domain Name Service User Guide.
+- If the API group contains APIs that are called through HTTPS, there needs to be SSL certificates configured for the independent domain name. SSL certificates can only be added manually with a custom name, content, and a key.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > API Groups.
- Go to the Domain Names tab page using one of the following methods:
- Click the name of the target API group, and click the Domain Names tab on the displayed API group details page.
- In the Operation column of the target API group, choose More > Manage Domain Name.
+ - Click Bind Independent Domain Name and enter a domain name.
For API groups created under dedicated gateways, specify the minimum TLS version (TLS 1.1 or TLS 1.2) supported by domain names that you bind to the API groups. TLS 1.2 is recommended.
+ - Click OK.
If the domain name is not needed, click Unbind to unbind it from the API group.
+ - (Optional) If the API group contains APIs that are accessed through HTTPS, add an SSL certificate.
- Click Add SSL Certificate.
- Enter the name, content, and key of the obtained SSL certificate, and click OK.
+ - Currently, you can only add SSL certificates in the PEM format. To add SSL certificates of other formats, convert the certificates into the PEM format first.
- To replace or edit an SSL certificate, click
next to the certificate name. The certificate content and key will not be visible after you click OK to add the certificate. If the content has been updated, add the entire content or key again. - If you do not require an SSL certificate, click Delete SSL Certificate in the row containing the certificate to delete it.
+
+
+
+
Troubleshooting
- Failure in binding an independent domain name: The independent domain name is not CNAMEd to the subdomain name of the API group, or the independent domain name already exists.
- Failure in adding an SSL certificate: The domain name of the SSL certificate is different from the domain name for which you add the SSL certificate.
+
+
Follow-Up Operations
After binding independent domain names to the API group, create APIs in the group to selectively expose backend capabilities. For details, see Creating an API.
+
+
Monitoring
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180425080.html b/docs/apig/umn/apig-en-ug-180425080.html
new file mode 100644
index 000000000..582be2e6c
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180425080.html
@@ -0,0 +1,21 @@
+
+
+VPC Channel Management
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180425081.html b/docs/apig/umn/apig-en-ug-180425081.html
new file mode 100644
index 000000000..fea3e7569
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180425081.html
@@ -0,0 +1,114 @@
+
+
+Creating a VPC Channel
+Scenario
VPC channels allow services deployed in VPCs to be accessed through their subnets, lowering latency and balancing loads of backend services.
+
After creating a VPC channel, you can configure it for an API with an HTTP/HTTPS backend service. For example, six ECSs have been deployed in a VPC, and a VPC channel has been created to reach ECS 01 and ECS 04. APIG can access these two ECSs through the VPC channel.
+
Figure 1 Accessing ECSs in a VPC channel through APIG
+
Dedicated gateways support VPC channels with a private network load balancer.
+
+
+
Prerequisites
- You have created a cloud server.
- You have the VPC Administrator permission.
+
+
Creating a Fast Channel
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > VPC Channels.
- Click Create VPC Channel, and set the parameters listed in Table 1.
+
Table 1 Parameters for creating a VPC channelParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+VPC channel name.
+ |
+
+Port
+ |
+The host port of the VPC channel, that is, the port of the backend service.
+Range: 1–65535.
+ |
+
+Member Type
+ |
+Select a method that you want to use to specify servers for the VPC channel. The member type is a one-time configuration and cannot be changed after you create the VPC channel.
+- Instance: Select cloud servers.
- IP address: Specify cloud server IP addresses.
+ |
+
+Routing Algorithm
+ |
+The algorithm to be used to forward requests to cloud servers you select.
+The following routing algorithms are available:
+- WRR: weighted round robin
- WLC: weighted least connection
- SH: source hashing
- URI hashing
+ |
+
+Protocol
+ |
+The protocol used to perform health checks on cloud servers associated with the VPC channel. Options:
+
+Default value: TCP.
+ |
+
+Path
+ |
+The destination path for health checks.
+Set this parameter only when Protocol is not set to TCP.
+ |
+
+Check Port
+ |
+The destination port for health checks.
+By default, the port of the VPC channel will be used.
+ |
+
+Healthy Threshold
+ |
+The number of consecutive successful checks required for a cloud server to be considered healthy.
+Range: 2–10. Default value: 2.
+ |
+
+Unhealthy Threshold
+ |
+The number of consecutive failed checks required for a cloud server to be considered unhealthy.
+Range: 2–10. Default value: 5.
+ |
+
+Timeout (s)
+ |
+The timeout used to determine whether a health check has failed. Unit: s.
+Range: 2–30. Default value: 5.
+ |
+
+Interval (s)
+ |
+The interval between consecutive checks. Unit: s.
+Range: 5–300. Default value: 10.
+ |
+
+Response Codes
+ |
+The HTTP codes used to check for a successful response from a target.
+Set this parameter only when Protocol is not set to TCP.
+ |
+
+
+
+
- Click Next.
- Click Select Cloud Server.
- Select the cloud servers you want to add, and click OK.
To ensure a successful health check and service availability, configure the security groups of the cloud servers to allow access from 100.125.0.0/16.
+
+ - Click Finish.
+
+
Follow-Up Operations
Create an API for backend services deployed in a VPC to balance loads.
+
+
Deleting a VPC Channel
+Scenario
You can delete VPC channels you no longer require.
+
VPC channels that are currently in use by published APIs cannot be deleted.
+
+
+
Prerequisites
You have created a VPC channel.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > VPC Channels.
- Delete a VPC channel. You can use one of the following methods:
- In the Operation column of the VPC channel you want to delete, click Delete.
- Click the name of the target VPC channel, and click Delete in the upper right corner of the displayed VPC channel details page.
+ - Click Yes.
+
+
Editing Health Check Configurations
+Scenario
You can modify the health check configurations of a VPC channel to meet service requirements.
+
+
Prerequisites
You have created a VPC channel.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > VPC Channels.
- Click the name of the target VPC channel,
- Click the Health Check tab.
- Click Edit Health Check.
- In the Edit Health Check Configuration dialog box, modify the parameters listed in Table 1.
+
Table 1 Health check configurationsParameter
+ |
+Description
+ |
+
|---|
+
+Protocol
+ |
+The protocol used to perform health checks on cloud servers associated with the VPC channel. Options:
+
+Default value: TCP.
+ |
+
+Path
+ |
+The destination path for health checks.
+Set this parameter only when Protocol is not set to TCP.
+ |
+
+Check Port
+ |
+The destination port for health checks.
+By default, the port of the VPC channel will be used.
+ |
+
+Healthy Threshold
+ |
+The number of consecutive successful checks required for a cloud server to be considered healthy.
+Range: 2–10. Default value: 2.
+ |
+
+Unhealthy Threshold
+ |
+The number of consecutive failed checks required for a cloud server to be considered unhealthy.
+Range: 2–10. Default value: 5.
+ |
+
+Timeout (s)
+ |
+The timeout used to determine whether a health check has failed. Unit: s.
+Range: 2–30. Default value: 5.
+ |
+
+Interval (s)
+ |
+The interval between consecutive checks. Unit: s.
+Range: 5–300. Default value: 10.
+ |
+
+Response Codes
+ |
+The HTTP codes used to check for a successful response from a target.
+Set this parameter only when Protocol is not set to TCP.
+ |
+
+
+
+
+
- Click OK.
+
+
APIG Metrics
+Introduction
This section describes the metrics that APIG reports to the Cloud Eye service. You can view metrics and alarms by using the Cloud Eye console.
+
+
Namespace
Dedicated gateway: SYS.APIC
+
+
Metrics
+
Table 1 Dedicated gateway metricsID
+ |
+Name
+ |
+Description
+ |
+Value Range
+ |
+Monitored Object
+ |
+Monitoring Period (Minute)
+ |
+
|---|
+
+requests
+ |
+Requests
+ |
+Number of times that all APIs in a dedicated gateway have been called.
+ |
+≥0
+ |
+Dedicated gateway
+ |
+1
+ |
+
+error_4xx
+ |
+4xx Errors
+ |
+Number of times that all APIs in the dedicated gateway return a 4xx error.
+ |
+≥0
+ |
+Dedicated gateway
+ |
+1
+ |
+
+error_5xx
+ |
+5xx Errors
+ |
+Number of times that all APIs in the dedicated gateway return a 5xx error.
+ |
+≥0
+ |
+Dedicated gateway
+ |
+1
+ |
+
+throttled_calls
+ |
+Throttled API Calls
+ |
+Number of times that all APIs in the dedicated gateway have been throttled.
+ |
+≥0
+ |
+Dedicated gateway
+ |
+1
+ |
+
+avg_latency
+ |
+Average Latency
+ |
+Average latency of all APIs in the gateway.
+ |
+≥0
+Unit: ms
+ |
+Dedicated gateway
+ |
+1
+ |
+
+max_latency
+ |
+Maximum Latency
+ |
+Maximum latency of all APIs in the gateway.
+ |
+≥0
+Unit: ms
+ |
+Dedicated gateway
+ |
+1
+ |
+
+req_count
+ |
+Requests
+ |
+Number of times that an API has been called.
+ |
+≥ 0
+ |
+API
+ |
+1
+ |
+
+req_count_2xx
+ |
+2xx Responses
+ |
+Number of times that the API returns a 2xx response.
+ |
+≥ 0
+ |
+API
+ |
+1
+ |
+
+req_count_4xx
+ |
+4xx Errors
+ |
+Number of times that the API returns a 4xx error.
+ |
+≥ 0
+ |
+API
+ |
+1
+ |
+
+req_count_5xx
+ |
+5xx Errors
+ |
+Number of times that the API returns a 5xx error.
+ |
+≥ 0
+ |
+API
+ |
+1
+ |
+
+req_count_error
+ |
+Total Errors
+ |
+Total number of errors returned by the API.
+ |
+≥ 0
+ |
+API
+ |
+1
+ |
+
+avg_latency
+ |
+Average Latency
+ |
+Average latency of the API.
+ |
+≥ 0
+Unit: ms
+ |
+API
+ |
+1
+ |
+
+max_latency
+ |
+Maximum Latency
+ |
+Maximum latency of the API.
+ |
+≥ 0
+Unit: ms
+ |
+API
+ |
+1
+ |
+
+input_throughput
+ |
+Incoming Traffic
+ |
+Incoming traffic of the API.
+ |
+≥ 0
+Unit: Byte, KB, MB, or GB
+ |
+API
+ |
+1
+ |
+
+output_throughput
+ |
+Outgoing Traffic
+ |
+Outgoing traffic of the API.
+ |
+≥ 0
+Unit: Byte, KB, MB, or GB
+ |
+API
+ |
+1
+ |
+
+
+
+
+
+
Dimension
+
Table 2 Dedicated gateway monitoring dimensionsKey
+ |
+Value
+ |
+
|---|
+
+instance_id
+ |
+Dedicated gateway
+ |
+
+api_id
+ |
+API
+ |
+
+
+
+
+
+
Viewing Metrics
+Scenario
Cloud Eye monitors the status of your APIs and allows you to view their metrics.
+
+
Prerequisites
You have created an API group and API.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Click the name of the target API.
API metrics are displayed on the Dashboard tab page.
+ - Click View Metric to view more metrics on the Cloud Eye console.
The monitoring data is retained for two days. To retain the data for a longer period, save it to an OBS bucket.
+
+
+
+
Editing Cloud Server Configurations of a VPC Channel
+Scenario
You can add or remove cloud servers and edit cloud server weights for VPC channels to meet service requirements.
+
+
Prerequisites
You have created a VPC channel.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > VPC Channels.
- Click the name of the target VPC channel.
- Click the Cloud Servers tab.
- Add or remove cloud servers and edit cloud server weights.
- Adding cloud servers
- Click Select Cloud Server.
- Select the cloud servers you want to add, set cloud server weights, and click OK.
To ensure a successful health check and service availability, configure the security groups of the backend cloud servers to allow access from 100.125.0.0/16.
+
+
+ - Removing cloud servers
- In the Operation column of the cloud servers you want to remove, click Remove.
- Click Yes.
+ - Editing the weight of a cloud server
- In the Weight column of the target cloud server, click
. - Change the weight and click
.
+ - Editing the weights of multiple cloud servers
- Select the cloud servers to be edited, and click Edit Weight.
- Change the weights of the selected cloud servers, and click OK.
+
+
+
+
Creating Alarm Rules
+Scenario
You can create alarm rules to monitor the status of your APIs.
+
An alarm rule consists of a rule name, monitored objects, metrics, alarm thresholds, monitoring interval, and notification.
+
+
Prerequisites
An API has been called.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways.
- In the navigation pane, choose API Publishing > APIs.
- Click the name of the target API.
- On the Dashboard tab page, click View Metric to access the Cloud Eye console. Then create an alarm rule. For details, see section "Creating an Alarm Rule" in the Cloud Eye User Guide.
+
+
Error Codes
+Table 1 lists the error codes that you may encounter when calling APIs.
+
- For details about the error codes that may occur when you manage APIs, see section "Error Codes" in the API Gateway API Reference.
- If an error occurs when you use APIG, find the error message and description in the following table according to the error code, for example, APIG.0101. The error messages are subject to change without prior notice.
+
+
+
Table 1 Error codesError Code
+ |
+Error Message
+ |
+HTTP Status Code
+ |
+Description
+ |
+Solution
+ |
+
|---|
+
+APIG.0101
+ |
+The API does not exist or has not been published in the environment.
+ |
+404
+ |
+The API does not exist or has not been published in the environment.
+ |
+Check whether the domain name, method, and path are consistent with those of the registered API. Check whether the API has been published. If it has been published in a non-production environment, check whether the X-Stage header in the request is the environment name. Check whether the domain name used to call the API has been bound to the group to which the API belongs.
+ |
+
+APIG.0101
+ |
+The API does not exist.
+ |
+404
+ |
+The API request method does not exist.
+ |
+Check whether the API request method is the same as the method defined by the API.
+ |
+
+APIG.0103
+ |
+The backend does not exist.
+ |
+500
+ |
+The backend service was not found.
+ |
+Contact technical support.
+ |
+
+APIG.0104
+ |
+The plug-ins do not exist.
+ |
+500
+ |
+No plug-in configurations were found.
+ |
+Contact technical support.
+ |
+
+APIG.0105
+ |
+The backend configurations do not exist.
+ |
+500
+ |
+No backend configurations were found.
+ |
+Contact technical support.
+ |
+
+APIG.0106
+ |
+Orchestration error.
+ |
+400
+ |
+An orchestration error occurred.
+ |
+Check whether the frontend and backend parameters of the API are correct.
+ |
+
+APIG.0201
+ |
+API request error.
+ |
+400
+ |
+Invalid request parameters.
+ |
+Set valid request parameters.
+ |
+
+APIG.0201
+ |
+Request entity too large.
+ |
+413
+ |
+The request body exceeds 12 MB.
+ |
+Reduce the size of the request body.
+ |
+
+APIG.0201
+ |
+Request URI too large.
+ |
+414
+ |
+The request URI exceeds 32 KB.
+ |
+Reduce the size of the request URI.
+ |
+
+APIG.0201
+ |
+Request headers too large.
+ |
+494
+ |
+The request headers are too large because one of them exceeds 32 KB or the total length exceeds 128 KB.
+ |
+Reduce the size of the request headers.
+ |
+
+APIG.0201
+ |
+Backend unavailable.
+ |
+502
+ |
+The backend service is unavailable.
+ |
+Check whether the backend address configured for the API is accessible.
+ |
+
+APIG.0201
+ |
+Backend timeout.
+ |
+504
+ |
+The backend service has timed out.
+ |
+Increase the timeout duration of the backend service or shorten the processing time.
+ |
+
+APIG.0201
+ |
+An unexpected error occurred
+ |
+500
+ |
+An internal error occurred.
+ |
+Contact technical support.
+ |
+
+APIG.0202
+ |
+Backend unavailable
+ |
+502
+ |
+The backend is unavailable.
+ |
+Check whether the backend request protocol configured for the API is the same as the request protocol used by the backend service.
+ |
+
+APIG.0203
+ |
+Backend timeout.
+ |
+504
+ |
+The backend service has timed out.
+ |
+Increase the timeout of the backend service or shorten its processing time.
+ |
+
+APIG.0204
+ |
+SSL protocol is not supported: TLSv1.1
+ |
+400
+ |
+The SSL protocol version is not supported.
+ |
+Use a supported SSL protocol version.
+ |
+
+APIG.0301
+ |
+Incorrect IAM authentication information.
+ |
+401
+ |
+The IAM authentication details are incorrect.
+ |
+Check whether the token is correct.
+ |
+
+APIG.0302
+ |
+The IAM user is not authorized to access the API.
+ |
+403
+ |
+The IAM user is not allowed to access the API.
+ |
+Check whether the user is controlled by a blacklist or whitelist.
+ |
+
+APIG.0303
+ |
+Incorrect app authentication information.
+ |
+401
+ |
+The app authentication details are incorrect.
+ |
+Check whether the request method, path, query strings, and request body are consistent with those used for signing; check whether the date and time on the client are correct; and check whether the signing code is correct by referring to section "Calling APIs Through App Authentication" in the Developer Guide.
+ |
+
+APIG.0304
+ |
+The app is not authorized to access the API.
+ |
+403
+ |
+The app is not allowed to access the API.
+ |
+Check whether the app has been authorized to access the API.
+ |
+
+APIG.0305
+ |
+Incorrect authentication information.
+ |
+401
+ |
+The authentication information is incorrect.
+ |
+Check whether the authentication information is correct.
+ |
+
+APIG.0306
+ |
+API access denied.
+ |
+403
+ |
+Access to the API is not allowed.
+ |
+Check whether you have been authorized to access the API.
+ |
+
+APIG.0307
+ |
+The token must be updated.
+ |
+401
+ |
+The token needs to be updated.
+ |
+Obtain a new token from IAM.
+ |
+
+APIG.0308
+ |
+The throttling threshold has been reached.
+ |
+429
+ |
+The throttling threshold has been reached.
+ |
+Try again after the throttling resumes. If the number of subdomain requests per day is reached, bind an independent domain name to the API.
+ |
+
+APIG.0310
+ |
+The project is unavailable.
+ |
+403
+ |
+The project is currently unavailable.
+ |
+Select another project and try again.
+ |
+
+APIG.0311
+ |
+Incorrect debugging authentication information.
+ |
+401
+ |
+The debugging authentication details are incorrect.
+ |
+Contact technical support.
+ |
+
+APIG.0401
+ |
+Unknown client IP address.
+ |
+403
+ |
+The client IP address cannot be identified.
+ |
+Contact technical support.
+ |
+
+APIG.0402
+ |
+The IP address is not authorized to access the API.
+ |
+403
+ |
+The IP address is not allowed to access the API.
+ |
+Check whether the IP address is controlled by a blacklist or whitelist.
+ |
+
+APIG.0404
+ |
+Access to the backend IP address has been denied.
+ |
+403
+ |
+The backend IP address cannot be accessed.
+ |
+Check whether the backend IP address or the IP address corresponding to the backend domain name is accessible.
+ |
+
+APIG.0501
+ |
+The app quota has been used up.
+ |
+405
+ |
+The app quota has been reached.
+ |
+Increase the app quota.
+ |
+
+APIG.0502
+ |
+The app has been frozen.
+ |
+405
+ |
+The app has been frozen.
+ |
+Check whether your account balance is sufficient.
+ |
+
+APIG.0601
+ |
+Internal server error.
+ |
+500
+ |
+An internal error occurred.
+ |
+Contact technical support.
+ |
+
+APIG.0602
+ |
+Bad request.
+ |
+400
+ |
+Invalid request.
+ |
+Check whether the request is valid.
+ |
+
+APIG.0605
+ |
+Domain name resolution failed.
+ |
+500
+ |
+Domain name resolution failed.
+ |
+Check whether the domain name is correct and has been bound to a correct backend address.
+ |
+
+APIG.0606
+ |
+Failed to load the API configurations.
+ |
+500
+ |
+API configurations could not be loaded.
+ |
+Contact technical support.
+ |
+
+APIG.0607
+ |
+The following protocol is supported: {xxx}
+ |
+400
+ |
+The protocol is not supported. Only xxx is supported.
+xxx is subject to the actual value in the response.
+ |
+Use HTTP or HTTPS to access the API.
+ |
+
+APIG.0608
+ |
+Failed to obtain the admin token.
+ |
+500
+ |
+The tenant details cannot be obtained.
+ |
+Contact technical support.
+ |
+
+APIG.0609
+ |
+The VPC backend does not exist.
+ |
+500
+ |
+The VPC backend service cannot be found.
+ |
+Contact technical support.
+ |
+
+APIG.0610
+ |
+No backend available.
+ |
+502
+ |
+No backend services are available.
+ |
+Check whether all backend services are available. For example, check whether the API calling information is consistent with the actual configuration.
+ |
+
+APIG.0611
+ |
+The backend port does not exist.
+ |
+500
+ |
+The backend port was not found.
+ |
+Contact technical support.
+ |
+
+APIG.0612
+ |
+An API cannot call itself.
+ |
+500
+ |
+An API cannot call itself.
+ |
+Modify the backend configurations, and ensure that the number of layers the API is recursively called does not exceed 10.
+ |
+
+APIG.0613
+ |
+The IAM service is currently unavailable.
+ |
+503
+ |
+IAM is currently unavailable.
+ |
+Contact technical support.
+ |
+
+APIG.0705
+ |
+Backend signature calculation failed.
+ |
+500
+ |
+Backend signature calculation failed.
+ |
+Contact technical support.
+ |
+
+APIG.0802
+ |
+The IAM user is forbidden in the currently selected region
+ |
+403
+ |
+The IAM user is disabled in the current region.
+ |
+Contact technical support.
+ |
+
+APIG.1009
+ |
+AppKey or AppSecret is invalid
+ |
+400
+ |
+The AppKey or AppSecret is invalid.
+ |
+Check whether the AppKey or AppSecret in the request is correct.
+ |
+
+
+
+
+
CORS
+What Is CORS?
For security reasons, browsers restrict cross-origin requests initiated from within scripts. This means that a web application can only request resources from its origin. The CORS mechanism allows browsers to send XMLHttpRequest to servers in other domains and request access to the resources there.
+
Figure 1 Process flow of the CORS mechanism
+
There are two types of CORS requests:
+
- Simple requests
Simple requests must meet the following conditions:
- The request method is HEAD, GET, or POST.
- The request header contains only the following fields:
- Accept
- Accept-Language
- Content-Language
- Last-Event-ID
- Content-Type (application/x-www-form-urlencoded, multipart/form-data, or text/plain)
+
+
In the header of a simple request, browsers automatically add the Origin field to specify the origin (including the protocol, domain, and port) of the request. After receiving such a request, the target server determines whether the request is safe and can be accepted based on the origin. If the server sends a response containing the Access-Control-Allow-Origin field, the server accepts the request.
+
+
- Not-so-simple requests
Requests that do not meet the conditions for simple requests are not-so-simple requests.
+Before sending a not-so-simple request, browsers send an HTTP preflight request to the target server to confirm whether the origin the web page is loaded from is in the allowed origin list, and to confirm which HTTP request methods and header fields can be used. If the preflight request is successful, browsers send simple requests to the server.
+
+
+
Configuring CORS
CORS is disabled by default. To enable CORS for an API, perform the operations described in this section. To customize request headers, request methods, and origins allowed for cross-domain access, create a CORS plug-in.
+
- Simple CORS requests
When creating an API, enable CORS on the API request configuration page. For more information, see Simple Request.
+ - Not-so-simple CORS requests
If your API will receive not-so-simple requests, create another API that will be accessed using the OPTIONS method in the same group as the target API to receive preflight requests.
+
+Follow this procedure to define the preflight request API. For more information, see Not-So-Simple Request.
+- On the Set Basic Information page, select None to skip over security authentication.
- On the Define API Request page, perform the following settings:
- Protocol: The same protocol used by the API with CORS enabled.
- Path: Enter a slash (/).
- Method: Select OPTIONS.
- CORS: Enabled.
+ - Select the Mock backend type.
+
+
+
Simple Request
When creating an API that will receive simple requests, enable CORS for the API.
+
Scenario 1: If CORS is enabled and the response from the backend does not contain a CORS header, APIG handles requests from any domain, and returns the Access-Control-Allow-Origin header. For example:
+
Request sent by a browser and containing the Origin header field:
+
GET /simple HTTP/1.1
+Host: www.test.com
+Origin: http://www.cors.com
+Content-Type: application/x-www-form-urlencoded; charset=utf-8
+Accept: application/json
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+
Origin: This field is required to specify the origin (http://www.cors.com in this example) of the request. APIG and the backend service determine based on the origin whether the request is safe and can be accepted.
+
Response sent by the backend service:
+
HTTP/1.1 200 OK
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+Content-Type: application/json
+Content-Length: 16
+Server: api-gateway
+
+{"status":"200"}
+
Response sent by APIG:
+
HTTP/1.1 200 OK
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+Content-Type: application/json
+Content-Length: 16
+Server: api-gateway
+X-Request-Id: 454d689fa69847610b3ca486458fb08b
+Access-Control-Allow-Origin: *
+
+{"status":"200"}
+
Access-Control-Allow-Origin: This field is required. The asterisk (*) means that APIG handles requests sent from any domain.
+
Scenario 2: If CORS is enabled and the response from the backend contains a CORS header, the header will overwrite that added by APIG. The following messages are used as examples:
+
Request sent by a browser and containing the Origin header field:
+
GET /simple HTTP/1.1
+Host: www.test.com
+Origin: http://www.cors.com
+Content-Type: application/x-www-form-urlencoded; charset=utf-8
+Accept: application/json
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+
Origin: This field is required to specify the origin (http://www.cors.com in this example) of the request. APIG and the backend service determine based on the origin whether the request is safe and can be accepted.
+
Response sent by the backend service:
+
HTTP/1.1 200 OK
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+Content-Type: application/json
+Content-Length: 16
+Server: api-gateway
+Access-Control-Allow-Origin: http://www.cors.com
+
+{"status":"200"}
+
Access-Control-Allow-Origin: Indicates that the backend service accepts requests sent from http://www.cors.com.
+
Response sent by APIG:
+
HTTP/1.1 200 OK
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+Content-Type: application/json
+Content-Length: 16
+Server: api-gateway
+X-Request-Id: 454d689fa69847610b3ca486458fb08b
+Access-Control-Allow-Origin: http://www.cors.com
+
+{"status":"200"}
+
The CORS header in the backend response overwrites that in APIG's response.
+
+
Not-So-Simple Request
When creating an API that will receive not-so-simple requests, enable CORS for the API by following the instructions in Configuring CORS, and create another API that will be accessed using the OPTIONS method.
+
If you use the CORS plug-in for an API, you do not need to create another API that uses the OPTIONS method.
+
+
The request parameters of an API accessed using the OPTIONS method must be set as follows:
+
- API Group: The same group to which the API with CORS enabled belongs.
- Security Authentication: Select None. No authentication is required for requests received by the new API no matter which security authentication mode has been selected.
- Protocol: The same protocol used by the API with CORS enabled.
- Path: Enter a slash (/) or select the path that has been set for or matches the API with CORS enabled.
- Method: Select OPTIONS.
- CORS: Enabled.
+
The following are example requests and responses sent to or from a mock backend.
+
Request sent from a browser to an API that is accessed using the OPTIONS method:
+
OPTIONS /HTTP/1.1
+User-Agent: curl/7.29.0
+Host: localhost
+Accept: */*
+Origin: http://www.cors.com
+Access-Control-Request-Method: PUT
+Access-Control-Request-Headers: X-Sdk-Date
+
- Origin: This field is required to specify the origin from which the request has been sent.
- Access-Control-Request-Method: This field is required to specify the HTTP methods to be used by the subsequent simple requests.
- Access-Control-Request-Headers: This field is optional and used to specify the additional header fields in the subsequent simple requests.
+
Response sent by the backend: none
+
Response sent by APIG:
+
HTTP/1.1 200 OK
+Date: Tue, 15 Jan 2019 02:38:48 GMT
+Content-Type: application/json
+Content-Length: 1036
+Server: api-gateway
+X-Request-Id: c9b8926888c356d6a9581c5c10bb4d11
+Access-Control-Allow-Origin: *
+Access-Control-Allow-Headers: X-Stage,X-Sdk-Date,X-Sdk-Nonce,X-Proxy-Signed-Headers,X-Sdk-Content-Sha256,X-Forwarded-For,Authorization,Content-Type,Accept,Accept-Ranges,Cache-Control,Range
+Access-Control-Expose-Headers: X-Request-Id,X-Apig-Latency,X-Apig-Upstream-Latency,X-Apig-RateLimit-Api,X-Apig-RateLimit-User,X-Apig-RateLimit-App,X-Apig-RateLimit-Ip,X-Apig-RateLimit-Api-Allenv
+Access-Control-Allow-Methods: GET,POST,PUT,DELETE,HEAD,OPTIONS,PATCH
+Access-Control-Max-Age: 172800
+
- Access-Control-Allow-Origin: This field is required. The asterisk (*) means that APIG handles requests sent from any domain.
- Access-Control-Allow-Headers: This field is required if it is contained in the request. It indicates all header fields that can be used during cross-origin access.
- Access-Control-Expose-Headers: This is the response header fields that can be viewed during cross-region access.
- Access-Control-Allow-Methods: This field is required to specify which HTTP request methods the APIG supports.
- Access-Control-Max-Age: This field is optional and used to specify the length of time (in seconds) during which the preflight result remains valid. No more preflight requests will be sent within the specified period.
+
Request sent by a browser and containing the Origin header field:
+
PUT /simple HTTP/1.1
+Host: www.test.com
+Origin: http://www.cors.com
+Content-Type: application/x-www-form-urlencoded; charset=utf-8
+Accept: application/json
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+
Response sent by the backend:
+
HTTP/1.1 200 OK
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+Content-Type: application/json
+Content-Length: 16
+Server: api-gateway
+
+{"status":"200"}
+
Response sent by APIG:
+
HTTP/1.1 200 OK
+Date: Tue, 15 Jan 2019 01:25:52 GMT
+Content-Type: application/json
+Content-Length: 16
+Server: api-gateway
+X-Request-Id: 454d689fa69847610b3ca486458fb08b
+Access-Control-Allow-Origin: *
+
+{"status":"200"}
+
+
+
Access Control
+
+
+
diff --git a/docs/apig/umn/apig-en-ug-180712097.html b/docs/apig/umn/apig-en-ug-180712097.html
new file mode 100644
index 000000000..f0ce629d4
--- /dev/null
+++ b/docs/apig/umn/apig-en-ug-180712097.html
@@ -0,0 +1,66 @@
+
+
+Creating an Access Control Policy
+Scenario
Access control policies are a type of security measures provided by APIG. You can use them to allow or deny API access from specific IP addresses or accounts.
+
Access control policies take effect for an API only if they have been bound to the API.
+
Each API can be bound with only one access control policy for a given environment, but each access control policy can be bound to multiple APIs.
+
+
+
Creating an Access Control Policy
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Access Control.
- Click Create Access Control Policy.
- In the Create Access Control Policy dialog box, set the parameters listed in Table 1.
+
Table 1 Parameters for creating an access control policyParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Access control policy name.
+ |
+
+Restriction Type
+ |
+Type of the source from which API calls are to be controlled.
+- IP address: Specify IP addresses and IP address ranges that are allowed or not allowed to access an API.
- Account name: Specify names of the accounts that are allowed or not allowed to access an API.
+ |
+
+Effect
+ |
+Options: Allow and Deny.
+Use this parameter along with Restriction Type to control the access of certain IP addresses or accounts to an API.
+ |
+
+IP Address
+ |
+IP addresses and IP address ranges that are allowed or not allowed to access an API
+You need to set this parameter only if you have set Restriction Type to IP address.
+ NOTE: You can set a maximum of 100 IP addresses respectively to allow or deny access.
+
+ |
+
+Account Names
+ |
+Names of the accounts that are allowed or not allowed to access an API. This parameter only applies to APIs that are accessed through IAM authentication.
+You need to set this parameter only if you have set Restriction Type to Account name. You can enter multiple account names and separate them with commas, for example, aaa,bbb.
+ NOTE: APIG performs access control on accounts, not IAM users created using accounts.
+
+ |
+
+
+
+
+
- Click OK. You can bind the policy to APIs to control API access.
+
+
Binding an Access Control Policy to an API
- Go to the page for binding an access control policy to an API. You can use one of the following methods:
- In the Operation column of the access control policy to be bound, click Bind to API, and then click Select API.
- Click the name of the target access control policy, and click Select API.
+ - Specify an API group, environment, and API name keyword to search for the desired API.
- Select the API and click OK.
If an access control policy is no longer needed for an API, you can unbind it from that API. To unbind an access control policy from multiple APIs, select the APIs, and click Unbind. You can unbind a request throttling policy from a maximum of 1000 APIs at a time.
+
+
+
+
Deleting an Access Control Policy
+Scenario
You can delete access control policies you no longer require.
+
+
Prerequisites
You have created an access control policy.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Access Control.
- Delete an access control policy using one of the following methods:
- In the Operation column of the access control policy you want to delete, click Delete.
- Click the name of the target access control policy, and click Delete in the upper right corner of the displayed access control policy details page.
+ - If an access control policy has been bound to APIs, unbind it and then delete it.
- To delete multiple access control policies, select the policies, and click Delete. You can delete a maximum of 1000 access control policies at a time.
+
+ - Click Yes.
+
+
Response Headers
+The following table describes the response headers that APIG adds to the response returned when an API is called.
+
X-Apig-Mode: debug indicates API debugging information.
+
+
Response Header
+ |
+Description
+ |
+Remarks
+ |
+
|---|
+
+X-Request-Id
+ |
+Request ID.
+ |
+Returned for all valid requests.
+ |
+
+X-Apig-Latency
+ |
+Duration from the time when APIG receives a request to the time when the backend returns a message header.
+ |
+Returned only when the request header contains X-Apig-Mode: debug.
+ |
+
+X-Apig-Upstream-Latency
+ |
+Duration from the time when APIG sends a request to the backend to the time when the backend returns a message header.
+ |
+Returned only when the request header contains X-Apig-Mode: debug and the backend type is not Mock.
+ |
+
+X-Apig-RateLimit-api
+ |
+API request limit information.
+Example: remain:9,limit:10,time:10 second.
+ |
+Returned only when the request header contains X-Apig-Mode: debug and a limit has been configured for the number of times the API can be called.
+ |
+
+X-Apig-RateLimit-user
+ |
+User request limit information.
+Example: remain:9,limit:10,time:10 second.
+ |
+Returned only when the request header contains X-Apig-Mode: debug and a limit has been configured for the number of times the API can be called by a user.
+ |
+
+X-Apig-RateLimit-app
+ |
+App request limit information.
+Example: remain:9,limit:10,time:10 second.
+ |
+Returned only when the request header contains X-Apig-Mode: debug and a limit has been configured for the number of times the API can be called by an app.
+ |
+
+X-Apig-RateLimit-ip
+ |
+IP address request limit information.
+Example: remain:9,limit:10,time:10 second.
+ |
+Returned only when the request header contains X-Apig-Mode: debug and a limit has been configured for the number of times the API can be called by an IP address.
+ |
+
+X-Apig-RateLimit-api-allenv
+ |
+Default API request limit information.
+Example: remain:199,limit:200,time:1 second.
+ |
+Returned only when the request header contains X-Apig-Mode: debug.
+ |
+
+
+
+
+
Importing APIs
+Scenario
APIG allows you to import Swagger 2.0 APIs to existing or new API groups. Swagger is an open-source tool built based on OpenAPI specifications to design, build, record, and use REST APIs.
+
You can import APIs individually or in batches depending on the number of APIs contained in a Swagger file.
+
+
Prerequisites
- Supplement the extended Swagger definition of the APIs to import. If the extended definition does not contain the required settings, create them on the APIG console.
- You have sufficient API group and API quotas.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > APIs.
- Click Import API.
- Set the parameters listed in Table 1.
+
Table 1 Parameters for importing APIsParameter
+ |
+Description
+ |
+
|---|
+
+Import
+ |
+Options:
+- New group: Import APIs to a new API group. If you select this option, the system automatically creates an API group and imports the APIs into this group.
- Existing group: Import APIs to an existing API group. If you select this option, the system adds the APIs to the selected API group while retaining the existing APIs in the API group.
+ |
+
+API group
+ |
+Select an API group if you set Import to Existing group.
+ |
+
+Basic Definition Overwrite
+ |
+Determine whether to overwrite an existing API if the name of the API is the same as that of an imported API.
+This parameter is available only if you set Import to Existing group.
+ |
+
+Extended Definition Overwrite
+ |
+If this option is selected, the extended definition items (access control and request throttling policies) of an imported API will overwrite the existing policies with the same name.
+ |
+
+
+
+
- In the Parameter Import area, click File and select a file to import.
YAML and JSON files are supported. You can preview the API content to be imported on the Import API page.
+
+ - (Optional) Configure global settings for the APIs to be imported.
You can configure the global settings for the APIs, such as frontend and backend requests, or modify other parameters of the APIs.
+ - Click Import Now to import the APIs.
Imported APIs must be manually published so that they become available for users to access.
+
+
+
+
Follow-Up Operations
Publish the imported API in an environment so that it can be called by users.
+
+
Exporting APIs
+Scenario
You can export APIs one by one or in batches as JSON or YAML files.
+
+
Prerequisites
You have created an API group and API.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- Click Export API.
- Set the parameters listed in Table 1.
+
Table 1 Parameters for exporting APIsParameter
+ |
+Description
+ |
+
|---|
+
+API Group
+ |
+Select the API group from which APIs will be exported.
+ |
+
+Environment
+ |
+Select the environment where the APIs to be exported have been published.
+ |
+
+APIs
+ |
+By default, all APIs in the API group that have been published in the selected environment are exported. To export only specific APIs, click Select API, and specify the APIs you want to export.
+ |
+
+API Definition
+ |
+- Basic: The basic definition of an API is composed of the request and response definitions. It does not include the backend definition. The request definition includes both standard and extended Swagger fields.
- Full: The full definition of an API is composed of the request, backend, and response definitions.
- Extended: The extended definition of an API is composed of the request, backend, and response definitions as well as the request throttling policy, access control policy, and other configurations of the API.
+ |
+
+Format
+ |
+Export APIs in JSON or YAML format.
+ |
+
+Version
+ |
+Set the version of the APIs to be exported. If you do not specify a version, the version will be set as the current date and time.
+ |
+
+
+
+
- Click Export.
The export result is displayed on the right.
+
+
+
Why Doesn't a Request Throttling Policy Take Effect?
+
+
+
diff --git a/docs/apig/umn/apig-faq-0002.html b/docs/apig/umn/apig-faq-0002.html
new file mode 100644
index 000000000..1ef74ca25
--- /dev/null
+++ b/docs/apig/umn/apig-faq-0002.html
@@ -0,0 +1,21 @@
+
+
+
+ API Control Policies
+
+
+
+
+
diff --git a/docs/apig/umn/apig-faq-0003.html b/docs/apig/umn/apig-faq-0003.html
new file mode 100644
index 000000000..7e4b12edc
--- /dev/null
+++ b/docs/apig/umn/apig-faq-0003.html
@@ -0,0 +1,206 @@
+
+
+Common Errors Related to IAM Authentication Information
+You may encounter the following errors related to IAM authentication information:
+
+
Incorrect IAM authentication information: verify aksk signature fail
{
+ "error_msg": "Incorrect IAM authentication information: verify aksk signature fail, ......
+ "error_code": "APIG.0301",
+ "request_id": "******"
+}
+
+
Possible Cause
+
The signature algorithm is incorrect, and the signature calculated by the client is different from that calculated by APIG.
+
Solution
+
- Obtain the canonicalRequest calculated by APIG.
Obtain
request_id from the body of the error message, search for
error.log (you can view this file on CLS) of the shubao node based on
request_id, and obtain
canonicalRequest from
error.log.
2019/01/26 11:34:27 [error] 1211#0: *76 [lua] responses.lua:170: rewrite(): 473a4370fbaf69e42f9da243eb8f8c52;app-1;Incorrect IAM authentication information: verify signature fail;SDK-HMAC-SHA256 Access=071fe245-9cf6-4d75-822d-c29945a1e06a, SignedHeaders=host;x-sdk-date, Signature=b2ef2cddcef89cbfe22974c988909c1a94b1ac54114c30b8fe083d34a259e0f5;canonicalRequest:GET
+/app1/
+
+host:test.com
+x-sdk-date:20190126T033427Z
+
+host;x-sdk-date
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855, client: 192.168.0.1, server: shubao, request: "GET /app1 HTTP/1.1", host: "test.com"
+
- Obtain the canonicalRequest calculated by the client by printing logs or using debug interrupts. The following table describes the functions used to calculate the canonicalRequest in the SDKs of different languages.
+
Table 1 Functions for calculating canonicalRequest in the SDKs of common languagesLanguage
+ |
+Function
+ |
+
|---|
+
+Java
+ |
+Sign function in com.cloud.sdk.auth.signer.DefaultSigner.class of libs/java-sdk-core-*.jar
+ |
+
+C
+ |
+sig_sign function in signer.c
+ |
+
+C++
+ |
+Signer::createSignature function in signer.cpp.
+ |
+
+C#
+ |
+Sign function in signer.cs
+ |
+
+Go
+ |
+Sign function in signer.go
+ |
+
+JavaScript
+ |
+Signer.prototype.Sign function in signer.js
+ |
+
+Python
+ |
+Sign function in signer.py
+ |
+
+PHP
+ |
+Sign function in signer.php
+ |
+
+
+
+
Example: cannonicalRequest obtained at a debug interrupt
+POST
+/app1/
+
+host:test.com
+x-sdk-date:20190126T033950Z
+
+host;x-sdk-date
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+ - Check whether the cannonicalRequest in 1 is the same as that in 2.
- Yes: Check whether the AK and SK are correct, for example, without spaces.
- No:
- Different in line 1: The request method must be the same.
- Different in line 2: The request path must be the same.
- Different in line 3: The request parameters must be the same.
- Different in lines 4 to 5: The request header must be the same in each line.
- Different in line 7: The number of request header parameters must be the same as the number of request header lines.
- Different in line 8: The request body must be the same.
+
+
+Table 2 canonicalRequest of APIG and a clientLine No.
+ |
+Parameter
+ |
+APIG
+ |
+Client
+ |
+
|---|
+
+1
+ |
+Request method
+ |
+GET
+ |
+POST
+ |
+
+2
+ |
+Request path
+ |
+/app1/
+ |
+/app1/
+ |
+
+3
+ |
+Request parameters
+ |
+None
+ |
+None
+ |
+
+4
+ |
+Request header
+ |
+host:test.com
+ |
+host:test.com
+ |
+
+5
+ |
+Request header
+ |
+x-sdk-date:20190126T033427Z
+ |
+x-sdk-date:20190126T033950Z
+ |
+
+6
+ |
+Blank line
+ |
+-
+ |
+-
+ |
+
+7
+ |
+Request header parameters
+ |
+host;x-sdk-date
+ |
+host;x-sdk-date
+ |
+
+8
+ |
+Request body hash value
+ |
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+ |
+e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
+ |
+
+
+
+
+
Incorrect IAM authentication information: AK access failed to reach the limit,forbidden
{
+ "error_msg": "Incorrect IAM authentication information: AK access failed to reach the limit,forbidden." ......
+ "error_code": "APIG.0301",
+ "request_id": "******"
+}
+
+
Possible Causes
+
- The AK/SK signature calculation is incorrect. Resolve the problem by referring to Incorrect IAM authentication information: verify aksk signature fail.
- The AK and SK do not match.
- AK/SK authentication fails for more than five consecutive times, and the AK/SK pair is locked for five minutes. (Authentication requests are rejected within this period).
- An expired token is used for token authentication.
+
Incorrect IAM authentication information: decrypt token fail
{
+ "error_msg": "Incorrect IAM authentication information: decrypt token fail",
+ "error_code": "APIG.0301",
+ "request_id": "******"
+}
+
Possible Cause
+
The token cannot be parsed for IAM authentication of the API.
+
Solution
+
- Check whether the token is correct.
- Check whether the token has been obtained in the environment where the API is called.
+
+
Incorrect IAM authentication information: Get secretKey failed
{
+"error_msg": "Incorrect IAM authentication information: Get secretKey failed,ak:******,err:ak not exist",
+"error_code": "APIG.0301",
+"request_id": "******"
+}
+
Possible Cause
+
The AK used for IAM authentication of the API does not exist.
+
Solution
+
Check whether the AK is correct.
+
+
Why Am I Seeing the Message "Backend domain name resolution failed" When a Backend Service Is Called?
+An error message indicating a domain name resolution failure is displayed when the backend service is called, although private domain name resolution is completed for the VPC where the API gateway is located.
+
Possible Cause
+
The VPC of the API gateway is isolated from that of the backend service. Private domain names can be resolved only for the VPC of the backend service.
+
Solution
+
- Method 1: When creating an API, set Backend Address to a public network domain name.
- Method 2: When creating an API, do not use a VPC channel. Instead, set Backend Address to the backend service IP address, and add a constant parameter to specify the Host field in the header.
+ - Method 3: When creating an API, specify a VPC channel.
- Create a VPC channel.
+ - Add the backend service address.
+ - When creating an API, select the VPC channel and configure a custom header.
+
+
+
How Can I Access Backend Services over Public Networks Through APIG?
+Enable public access for the relevant gateway to allow external services to call APIs.
+
If you encounter a network problem when calling APIs, see What Are the Possible Causes for an API Calling Failure?
+
How Do I Perform App Authentication in iOS System?
+APIG provides SDKs and demos in multiple languages, such as Java, Python, C, PHP, and Go, for app authentication. To use Objective-C (for iOS) or other languages, see .
+
Why Does an API Failed to Be Called Across Domains?
+- Ensure that CORS has been enabled for the API.
Go to the API details page, click Edit, and check whether CORS is enabled. If it is not, enable it.
+ - Check whether an API with the OPTIONS method has been created. Only one such API is required for each API group.
- On the Set Basic Information page, set the basic information for the API that uses the OPTIONS method.
Go to the API details page and click Edit.
+API Group: The group to which the API with CORS enabled belongs.
+Security Authentication: None means all users will be granted access. It is not recommended.
+ - On the Define API Request page, set the request information for the API.
- Protocol: The same protocol used by the API with CORS enabled.
- Path: Same as or prefixally matching the request path set for the API with CORS enabled.
- Matching: Select Prefix match.
- Method: Select OPTIONS.
- CORS: Enable this option.
+
+
+
+
How Can I Configure the Backend Service Address?
+Configure the backend service address as an ECS EIP, or the public IP address or domain name of your own server.
+
Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authentication?
+The header parameter x-auth-token has already been defined in APIG. To use this parameter to call an API, add the parameter and its value to the request header.
+
App FAQs
+How many apps can I create?
+
You can create a maximum of 50 apps.
+
How do I isolate the calling information among the third parties that call the same API through app authentication?
+
Create multiple apps for different third parties and bind the apps to the same API.
+
Are there any restrictions on the maximum number of third parties that can call the same app through app authentication?
+
No restrictions.
+
Do I need to create an app for an API so that it can be called through app authentication?
+
Yes, you need to create an app and bind it to the API. After the app is created, an AppKey and AppSecret are automatically created. Provide the AppKey and AppSecret for third parties to call the API.
+
How can an API be called by third parties through app authentication?
+
Provide third parties with the AppKey and AppSecret of the app you have created for accessing the API. The third parties then can use the AppKey and AppSecret to call the API through an SDK. For details about how to use an SDK, see .
+
Is the Restriction of 1000 Requests to a Subdomain Name Applied to Enterprise Accounts?
+
+
+
diff --git a/docs/apig/umn/apig-faq-190627033.html b/docs/apig/umn/apig-faq-190627033.html
new file mode 100644
index 000000000..5813e4f37
--- /dev/null
+++ b/docs/apig/umn/apig-faq-190627033.html
@@ -0,0 +1,11 @@
+
+
+How Do I Implement WebSocket Data Transmission?
+APIG supports WebSocket data transmission. When creating an API, you can select HTTP, HTTPS, or HTTP&HTTPS. HTTP is equivalent to WebSocket (ws), and HTTPS is equivalent to WebSocket Secure (wss).
+
Common FAQs
+
+
+
diff --git a/docs/apig/umn/apig-faq-191201.html b/docs/apig/umn/apig-faq-191201.html
new file mode 100644
index 000000000..82817e1b9
--- /dev/null
+++ b/docs/apig/umn/apig-faq-191201.html
@@ -0,0 +1,11 @@
+
+
+Can I Control Access to the Private IP Addresses of the ECSs in a VPC Channel (or Load Balance Channel)?
+
+
+
diff --git a/docs/apig/umn/apig-faq-19122001.html b/docs/apig/umn/apig-faq-19122001.html
new file mode 100644
index 000000000..e4ed75ce7
--- /dev/null
+++ b/docs/apig/umn/apig-faq-19122001.html
@@ -0,0 +1,11 @@
+
+
+Does APIG Support Persistent Connections?
+Yes. But you should use persistent connections properly to avoid occupying too many resources.
+
Does APIG Has Bandwidth Limits?
+Dedicated gateways have bandwidth limits. When you create a dedicated gateway, you can set the bandwidth for public inbound and outbound access.
+
Is There a Limit on the Size of the Response to an API Request?
+
+
+
diff --git a/docs/apig/umn/apig-faq-19122004.html b/docs/apig/umn/apig-faq-19122004.html
new file mode 100644
index 000000000..468b6b30e
--- /dev/null
+++ b/docs/apig/umn/apig-faq-19122004.html
@@ -0,0 +1,17 @@
+
+
+Why Doesn't Modification of the backend_timeout Parameter Take Effect?
+Problem Description
Modification of the backend_timeout parameter in a dedicated gateway does not take effect.
+
+
Possible Causes
The Timeout (ms) parameter on the Define Backend Request page is not modified.
+
+
Solution
Log in to the APIG console, go to the API details page, click Edit, and modify the Timeout (ms) parameter on the Define Backend Request page.
+
+
+
How Will the Requests for an API with Multiple Backend Policies Be Matched and Executed?
+If multiple backend policies are configured for an API, APIG will match the backend policies in sequence. If an API request matches one of the backend policies, APIG immediately forwards the request to the corresponding backend and stops matching.
+
If no backend policy is matched, the API request is forwarded to the default backend server.
+
What Should I Do If "The API does not exist or has not been published in the environment." Is Displayed?
+If an open API in APIG failed to be called, troubleshoot the failure by performing the following operations:
+
- The domain name, request method, or path used for calling the API is incorrect.
- For example, an API created using the POST method is called with GET.
- Missing a slash (/) in the access URL will lead to a failure in matching the URL in the API details. For example, URLs http://7383ea59c0cd49a2b61d0fd1d351a619.apigw.region.cloud.com/test/ and http://7383ea59c0cd49a2b61d0fd1d351a619.apigw.region.cloud.com/test represent two different APIs.
+ - The API has not been published. APIs can be called only after they have been published in an environment. For details, see section "Publishing an API" in the User Guide. If the API has been published in a non-production environment, check whether the X-Stage header in the request is the name of the environment.
- The domain name is resolved incorrectly. If the domain name, request method, and path for calling the API are correct and the API has been published in an environment, the API may not be correctly resolved to the group to which the API belongs. For example, if you have multiple API groups and each group has an independent domain name, the API may be called using the independent domain name of another group. Ensure that the API is being called using the correct domain name.
- Check whether the API allows OPTIONS cross-region requests. If yes, enable cross-origin resource sharing (CORS) for the API, and create a new API that uses the OPTIONS method. For details, see section "CORS" in the User Guide.
+
How Do I Define Response Codes for an API?
+API responses are defined by backend services (API providers). API Gateway (APIG) only transparently transmits responses to API callers.
+
How Do I Specify the Host Port for a VPC Channel (or Load Balance Channel)?
+Use the port of the API backend service.
+
Can I Specify a Private Network Load Balancer Address for the Backend Service?
+- For dedicated gateways, you can use private network load balancer addresses.
- Alternatively, you can use the EIP bound to a public network load balancer.
+
How Do I Set the Backend Address If I Will Not Use a VPC Channel (or Load Balance Channel)?
+You can specify the backend address as a public domain name or a public IP address, such as the Elastic IP (EIP) of an Elastic Cloud Server (ECS).
+
Can I Specify the Backend Address as a Subnet IP Address?
+If you use a dedicated gateway, you can specify either an IP address that belongs to the same subnet where the gateway is deployed, or the private address of a local data center connected to the gateway through Direct Connect.
+
Unsupported network segments:
+
- 0.0.0.0/8
- 10.0.0.0/8
- 100.125.0.0/16
- 127.0.0.0/8
- 169.254.0.0/16
- 172.16.0.0/12
- 192.0.0.0/24
- 192.0.2.0/24
- 192.88.99.0/24
- 192.168.0.0/16
- 198.18.0.0/15
- 198.51.100.0/24
- 203.0.113.0/24
- 224.0.0.0/4
- 240.0.0.0/4
- 255.255.255.255/32
+
Why Can't I Create APIs?
+The creation of APIs is free of charge. If you cannot create APIs, your account must be in arrears.
+
How Do I Provide an Open API to Specific Users?
+You can provide an open API to specific users in either of the following ways:
+
- Select app authentication when you create the API, and share the AppKey and AppSecret with the target users.
- Configure an access control policy to allow access from specific IP addresses or account names, and bind the access control policy to the API.
+
What Should I Do After Applying for an Independent Domain Name?
+If you are using a dedicated gateway, add an A record that points the independent domain name to the inbound access address of the gateway. You can bind five independent domain names to an API group but can bind each independent domain name only to one API group.
+
To use a public domain name, add an A record (dedicated gateway) in Domain Name Service (DNS).
+
To use a private domain name, add an A record (dedicated gateway) in the DNS service and associate the domain name with the VPC in which your backend service is located.
+
+
What Are the Possible Causes for an API Calling Failure?
+Network
API calling failures may occur in three scenarios: within a VPC, between VPCs, and on a public network.
+
+
+
Domain Name
- Check whether the domain name bound to the API group to which the API belongs has been successfully licensed and can be resolved.
- Check whether the domain name has been bound to the correct API group.
- The subdomain name automatically allocated to the API group is accessed too many times. The subdomain name can be accessed only 1000 times a day. It is unique and cannot be modified. Add independent domain names for the group to make the APIs in the group accessible.
+
+
API Publishing
Check whether the API has been published. If the API has been modified, publish it again. If the API has been published to a non-RELEASE environment, specify the X-Stage header as the environment name.
+
+
API Authentication
If the API uses app authentication, check whether the AppKey and AppSecret used to call the API are correct.
+
+
API Control Policies
- Check whether the access control policy bound to the API is correct.
- Check whether the request throttling limit of the API has been reached. If no request throttling policy is created for an API, the API can be accessed 200 times per second by default. To change this limit, go to the Gateway Information page, click the Configuration Parameters tab, and modify the ratelimit_api_limits parameter.
+
+
How Do I Switch the Environment for API Calling?
+By default, the API in the RELEASE environment is called. If you want to call the same API in another environment, add the request header X-Stage to specify the environment name.
+
What Should I Do If an Error Code Is Returned During API Calling?
+If an error code is returned when you call your own APIs, see .
+
If an error code is returned when you manage your APIs, see .
+
Does APIG Support HTTPS Two-Way Authentication?
+Dedicated gateway: Yes.
+
- Backend two-way authentication: When creating an API, enable two-way authentication for the backend service. For details, see the description about Two-way Authentication in Creating an API.
+
Which TLS Versions Does APIG Support?
+APIG supports TLS 1.1 and TLS 1.2, but does not support TLS 1.0 or TLS 1.3.
+
Does APIG Support Custom Authentication?
+Yes. For details, see "Custom Authorizers" in the User Guide.
+
Will the Request Body Be Signed for Security Authentication?
+Yes. The request body is another element that needs to be signed in addition to the mandatory request header parameters. For example, when an API used to upload a file using the POST method is called, the hash value of the file to upload is calculated to generate a signature.
+
For details about signatures, see section "App Authentication" in the API Gateway Developer Guide.
+
How Do I Call an API That Does Not Require Authentication?
+To call APIs that do not require authentication, construct standard HTTP requests and send them to APIG.
+
APIG transparently transmits requests to call an API that does not require authentication to the backend service. If you want requests to be authenticated on the API backend service, you can set Security Authentication to None. The API caller transfers the fields required for authentication to the backend service, and the backend service performs authentication.
+
+
Can I Bind Private Domain Names for API Access?
+In a dedicated gateway, you can add a private domain name, and add an A record to point the domain name to the inbound access address of the gateway.
+
Why Am I Seeing the Error Message "414 Request-URI Too Large" When I Call an API?
+The request URL (including request parameters) is too long. Place the request parameters in the request body and try again.
+
How Do I Exclude a Specific IP Address for Identity Authentication of an API?
+You can choose either of the following solutions:
+
- Solution 1: Create an API that does not require authentication, and configure an access control policy to whitelist the IP address.
- Solution 2: Create two APIs, one that uses IAM or app authentication and one that does not require authentication, and configure an access control policy to whitelist the IP address for the API that does not require authentication.
+
Why Does API Import Fail?
+Possible cause 1: The number of APIs exceeds the maximum allowed limit for a single import. For more APIs (300), import them in batches or submit a service ticket to increase the limit.
+
Possible cause 2: Parameters are incorrect. Check and rectify the parameters. You are advised to create an API on the APIG console, export it, and then use it as a template for importing APIs.
+
Possible cause 3: The YAML file is in incorrect format. Check and modify the file.
+
Possible cause 4: The local proxy network has restrictions. Change the network environment.
+
Possible cause 5: The header of the API request contains X-Auth-Token. Remove X-Auth-Token from the header.
+
Does APIG Provide a Template for Importing APIs from Swagger Files?
+The template is being developed.
+
Currently, you can configure one or two APIs in APIG, and then export them to use as templates.
+
Can I Configure the Maximum Number of Concurrent Requests?
+No, but you can limit the maximum number of API calls allowed within a specific period of time.
+
How Do I Specify an Environment for API Debugging?
+APIG debugs APIs in a specific debugging environment. After debugging is completed, you need to publish your API in an environment, and use code or postman to add the X-Stage header to specify the environment where you want to call the API.
+
Request Throttling
+
+
+
diff --git a/docs/apig/umn/apig-faq-2005033.html b/docs/apig/umn/apig-faq-2005033.html
new file mode 100644
index 000000000..458680ee9
--- /dev/null
+++ b/docs/apig/umn/apig-faq-2005033.html
@@ -0,0 +1,17 @@
+
+
+Access Control
+
+
+
diff --git a/docs/apig/umn/apig-faq-2005035.html b/docs/apig/umn/apig-faq-2005035.html
new file mode 100644
index 000000000..1af699525
--- /dev/null
+++ b/docs/apig/umn/apig-faq-2005035.html
@@ -0,0 +1,18 @@
+
+
+API Import and Export
+
+
+
diff --git a/docs/apig/umn/apig-faq-20210414.html b/docs/apig/umn/apig-faq-20210414.html
new file mode 100644
index 000000000..855e75682
--- /dev/null
+++ b/docs/apig/umn/apig-faq-20210414.html
@@ -0,0 +1,11 @@
+
+
+Can APIG Be Deployed in a Local Data Center?
+No. APIG cannot be deployed in a local data center.
+
API Authentication
+
+
+
diff --git a/docs/apig/umn/apig-faq-create.html b/docs/apig/umn/apig-faq-create.html
new file mode 100644
index 000000000..933196405
--- /dev/null
+++ b/docs/apig/umn/apig-faq-create.html
@@ -0,0 +1,35 @@
+
+
+API Creation
+
+
+
diff --git a/docs/apig/umn/apig-lgug-200226001.html b/docs/apig/umn/apig-lgug-200226001.html
new file mode 100644
index 000000000..651c62f79
--- /dev/null
+++ b/docs/apig/umn/apig-lgug-200226001.html
@@ -0,0 +1,199 @@
+
+
+Adding a Gateway Response
+Scenario
A gateway response is displayed if APIG fails to process an API request. APIG provides a set of default responses and also allows you to create gateway responses with custom status codes and content, on the API Groups page. The response content must be in JSON format.
+
For example, the content of a default gateway response is as follows:
+
{"error_code": "$context.error.code", "error_msg": "$context.error.message", "request_id": "$context.requestId"}
+
You can add a response with the following content:
+
{"errorcode": "$context.error.code", "errormsg": "$context.error.message", "requestid": "$context.requestId","apiId":"$context.apiId"}
+
You can add more fields to or delete existing fields from the JSON body.
+
- The default gateway responses provided by APIG can be edited.
- You can create gateway responses and configure different responses for APIs in the same API group.
- The type of a gateway response cannot be changed. For details, see Response Types.
- Gateway responses can contain the API gateway context variables (starting with $context). For details, see APIG Context Variables.
+
+
+
Prerequisites
You have created an API group.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > API Groups.
- Locate the API group for which you want to create or modify a gateway response, and click the group name to go to the API group details page.
- Click the Gateway Responses tab and create a gateway response.
+
- To edit a response, click the Edit button in the upper right corner and modify the status code and content of the response.
- You can modify only the status code and content of a default or custom gateway response, and you cannot change the response type.
- Error information and other response details can be obtained using variables. For details about the supported variables, see Table 2.
+
+
+
+
Response Types
Table 1 lists the response types supported by APIG. You can define status codes of responses to meet your service requirements.
+
+
Table 1 Error Response types supported by APIGResponse Name
+ |
+Default Status Code
+ |
+Description
+ |
+
|---|
+
+Access Denied
+ |
+403
+ |
+Access denied. For example, the access control policy is triggered or an attack is detected.
+ |
+
+Authorizer Configuration Error
+ |
+500
+ |
+A custom authorizer error has occurred. For example, communication failed or an error response was returned.
+ |
+
+Authorizer Failed
+ |
+500
+ |
+The custom authorization failed.
+ |
+
+Incorrect Identity Source
+ |
+401
+ |
+The identity source of the custom authorizer is missing or invalid.
+ |
+
+Authentication Failure
+ |
+401
+ |
+IAM or app authentication failed.
+ |
+
+Identity Source Not Found
+ |
+401
+ |
+No identity source has been specified.
+ |
+
+Backend Timeout
+ |
+504
+ |
+Communication with the backend service timed out.
+ |
+
+Backend Unavailable
+ |
+502
+ |
+The backend service is unavailable due to communication error.
+ |
+
+Default 4XX
+ |
+-
+ |
+Another 4XX error occurred.
+ |
+
+Default 5XX
+ |
+-
+ |
+Another 5XX error occurred.
+ |
+
+No API Found
+ |
+404
+ |
+No API is found.
+ |
+
+Incorrect Request Parameters
+ |
+400
+ |
+The request parameters are incorrect or the HTTP method is not supported.
+ |
+
+Request Throttled
+ |
+429
+ |
+The request was rejected due to request throttling.
+ |
+
+Unauthorized App
+ |
+401
+ |
+The app you are using has not been authorized to call the API.
+ |
+
+
+
+
+
+
APIG Context Variables
+
Table 2 Variables that can be used in response message bodyVariable
+ |
+Description
+ |
+
|---|
+
+$context.apiId
+ |
+API ID.
+ |
+
+$context.appId
+ |
+ID of the app that calls the API.
+ |
+
+$context.requestId
+ |
+Request ID generated when the API is called.
+ |
+
+$context.stage
+ |
+Deployment environment in which the API is called.
+ |
+
+$context.sourceIp
+ |
+Source IP address of the API caller.
+ |
+
+$context.authorizer.frontend.property
+ |
+Values of the specified attribute–value pairs mapped to the context in the frontend custom authorizer response
+ |
+
+$context.authorizer.backend.property
+ |
+Values of the specified attribute–value pairs mapped to the context in the backend custom authorizer response
+ |
+
+$context.error.message
+ |
+Error message.
+ |
+
+$context.error.code
+ |
+Error code.
+ |
+
+$context.error.type
+ |
+Error type.
+ |
+
+
+
+
+
+
Adding an AppCode for Simple Authentication
+Scenario
AppCodes are identity credentials of an app used to call APIs in simple authentication mode. In this mode, the X-Apig-AppCode parameter (whose value is an AppCode on the app details page) is added to the HTTP request header for quick response. APIG verifies only the AppCode and the request content does not need to be signed.
+
When an API is called using app authentication and simple authentication is enabled for the API, AppKey and AppSecret can be used to sign and verify the API request. AppCode can also be used for simple authentication.
+
- For security purposes, simple authentication only supports API calls over HTTPS.
- You can create a maximum of five AppCodes for each app.
+
+
+
Prerequisites
You have created an app.
+
+
Generating an AppCode
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Calling > Apps.
- Click the name of the target app.
- Click the AppCodes tab.
- Click Add AppCode to generate an AppCode. It can be automatically generated or customized.
+
+
+
Using AppCode for Simple Authentication of API Requests
- When creating an API, set Security Authentication to App and enable Simple Authentication.
After you enable simple authentication for an existing API, you need to publish the API again to make the configuration take effect.
+
+ - Bind an app to the API.
+
- When sending a request, add the X-Apig-AppCode parameter to the request header and omit the request signature.
For example, when using curl, add the X-Apig-AppCode parameter to the request header and set the parameter value to the generated AppCode.
+curl -X GET "https://api.exampledemo.com/testapi" -H "content-type: application/json" -H "host: api.exampledemo.com" -H "X-Apig-AppCode: xhrJVJKABSOxc7d***********FZL4gSHEXkCMQC"
+
+
+
Permissions Management
+If you need to assign different permissions to employees in your enterprise to access your APIG resources, Identity and Access Management (IAM) is a good choice for fine-grained permissions management. IAM provides identity authentication, permissions management, and access control, helping you secure access to your resources.
+
With IAM, you can use your account to create IAM users for your employees, and assign permissions to the employees to control their access to specific resources.
+
If your account does not require individual IAM users for permissions management, skip this chapter.
+
APIG Permissions
By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and attach policies or roles to these groups. The user then inherits permissions from the groups to which the user belongs, and can perform specified operations on cloud services based on the permissions.
+
APIG is a project-level service deployed and accessed in specific physical regions. To assign APIG permissions to a user group, you need to specify region-specific projects for which the permissions will take effect. If you select All projects, the permissions will be granted for both the global service project and all region-specific projects. When accessing APIG, the users need to switch to a region where they have been authorized to use this service.
+
You can grant permissions by using roles and policies.
- Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other dependent roles for permissions to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control.
- Policies: A type of fine-grained authorization mechanism that defines permissions required to perform operations on specific cloud resources under certain conditions. This mechanism allows for more flexible policy-based authorization and meets requirements for secure access control. For example, you can grant APIG users only the permissions for performing specific operations. Most policies define permissions based on APIs. For the API actions supported by APIG, see section "Permissions Policies and Supported Actions" in the API Reference.
+
+
Table 1 lists all the system-defined roles and policies supported by APIG.
+
+
Table 1 System-defined roles and policies supported by APIGRole/Policy Name
+ |
+Description
+ |
+Type
+ |
+Dependency
+ |
+
|---|
+
+APIG Administrator
+ |
+Administrator permissions for APIG. Users granted these permissions can use all functions of API gateways.
+ |
+System-defined role
+ |
+None
+ |
+
+APIG FullAccess
+ |
+Full permissions for APIG. Users granted these permissions can use all functions of dedicated gateways.
+ |
+System-defined policy
+ |
+None
+ |
+
+APIG ReadOnlyAccess
+ |
+Read-only permissions for APIG. Users granted these permissions can only view dedicated gateways.
+ |
+System-defined policy
+ |
+None
+ |
+
+
+
+
+
You can view the content of the preceding roles and policies on the IAM console. For example, the content of the APIG FullAccess policy is as follows:
+
{
+ "Version": "1.1",
+ "Statement": [
+ {
+ "Action": [
+ "apig:*:*",
+ "vpc:*:get*",
+ "vpc:*:list*",
+ "vpc:ports:create",
+ "vpc:ports:update",
+ "vpc:ports:delete",
+ "vpc:publicIps:update",
+ "FunctionGraph:function:listVersion",
+ "FunctionGraph:function:list",
+ "FunctionGraph:function:getConfig",
+ "ecs:servers:list",
+ "lts:groups:list",
+ "lts:logs:list",
+ "lts:topics:list"
+ ],
+ "Effect": "Allow"
+ }
+ ]
+}
+
+
Related Documents
- Section "Service Overview" in the Identity and Access Management User Guide
- Section "Creating a User and Granting Permissions" in the API Gateway User Guide
+
+
Specifications
+Dedicated Gateway Specifications
Table 1 lists the specifications of dedicated API gateways.
+
+
Table 1 Specifications of dedicated gatewaysEdition
+ |
+Maximum Number of Requests per Second
+ |
+
|---|
+
+Basic
+ |
+2000
+ |
+
+Professional
+ |
+4000
+ |
+
+Enterprise
+ |
+6000
+ |
+
+Platinum
+ |
+10,000
+ |
+
+
+
+
+
- For dedicated gateways, you can adjust the maximum number of requests per second for each API.
- The specifications of dedicated gateways cannot be modified.
- The dedicated gateway specifications are obtained by testing in the following conditions:
- Protocol: HTTPS
- Connection type: long connection
- Concurrent requests: 100
- Authentication mode: none
- Size of returned data: 1 KB
- Bandwidth: 10 MB/s
+
+
+
+
Plug-ins
+
+
+
diff --git a/docs/apig/umn/apig-ug-0002.html b/docs/apig/umn/apig-ug-0002.html
new file mode 100644
index 000000000..c708311c4
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0002.html
@@ -0,0 +1,72 @@
+
+
+CORS Plug-in
+For security purposes, the browser restricts cross-domain requests from being initiated from a page script. In this case, the page can access only the resources from the current domain. CORS allows the browser to send XMLHttpRequest to the server in a different domain. For more information, see CORS.
+
The CORS plug-in provides the capabilities of specifying preflight request headers and response headers and automatically creating preflight request APIs for cross-origin API access.
+
If your gateway does not support the CORS plug-in, contact customer service to upgrade the gateway.
+
+
Usage Guidelines
- You have understood the Guidelines for Using Plug-ins.
- APIs with the same request path in an API group can only be bound with the same CORS plug-in.
- If you have enabled CORS for an API and have also bound the CORS plug-in to the API, the CORS plug-in will be used.
- You cannot bind the CORS plug-in to APIs with the same request path as another API that uses the OPTIONS method.
- When you bind a plug-in to an API, ensure that the request method of the API is included in allow_methods.
+
+
Configuration Parameters
+
Table 1 Configuration parametersParameter
+ |
+Description
+ |
+
|---|
+
+allowed origins
+ |
+Access-Control-Allow-Origin response header, which specifies either a single origin, which tells browsers to allow that origin to access an API; or else — for requests without credentials — the "*" wildcard, to tell browsers to allow any origin to access the API. Separate multiple URIs using commas.
+ |
+
+allowed methods
+ |
+Access-Control-Allow-Methods response header, which specifies the HTTP methods allowed when accessing the API. Separate multiple methods using commas.
+ |
+
+allowed headers
+ |
+Access-Control-Allow-Headers response header, which specifies request headers that can be used when making an XMLHttpRequest. Separate multiple headers using commas.
+By default, simple request headers Accept, Accept-Language, Content-Language, and Content-Type (only if the value is application/x-www-form-urlencoded, multipart/form-data, or text/plain) are carried in requests. You do not need to configure these headers in this parameter.
+ NOTE: - When you create a CORS plug-in, no allowed headers are configured by default, which means cross-domain requests cannot carry any custom headers.
- Setting Allowed Headers to an asterisk (*) means cross-domain requests can carry any custom headers.
+
+ |
+
+exposed headers
+ |
+Access-Control-Expose-Headers response header, which specifies which response headers can be contained in the response of XMLHttpRequest. Separate multiple headers using commas.
+By default, basic response headers Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma can be contained in the response. You do not need to configure these headers in this parameter.
+ NOTE: - When you create a CORS plug-in, no exposed headers are configured by default, which means the JavaScript code of a browser cannot parse the headers in a cross-domain access response. However, the following basic response headers obtained using the getResponseHeader() method of the XMLHttpRequest object are excluded: Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, and Pragma.
- Setting Exposed Headers to an asterisk (*) means the JavaScript code of a browser can parse all the headers in a cross-domain access response.
+
+ |
+
+maximum age
+ |
+Access-Control-Max-Age response header, which specifies for how many seconds the results of a preflight request can be cached. No more preflight requests will be sent within the specified period.
+ |
+
+allowed credentials
+ |
+Access-Control-Allow-Credentials response header, which specifies whether XMLHttpRequest requests can carry cookies.
+ |
+
+
+
+
+
+
Example Script
{
+ "allow_origin": "*",
+ "allow_methods": "GET,POST,PUT",
+ "allow_headers": "Content-Type,Accept,Accept-Ranges,Cache-Control",
+ "expose_headers": "X-Request-Id,X-Apig-Latency",
+ "max_age": 172800,
+ "allow_credentials": true
+}
+
+
Deleting a Plug-in
+Scenario
You can delete plug-ins you no longer require. To delete a plug-in that has been bound to APIs, unbind the plug-in from the APIs and then delete it.
+
+
Prerequisites
You have created a plug-in.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Plug-ins.
- Click the name of the target plug-in to go to the plug-in details page.
- If the plug-in is not bound to any APIs, click Delete in the upper right corner.
- If the plug-in has been bound to APIs, unbind the plug-in from the APIs in the Bound APIs area, and then click Delete in the upper right corner.
+ - Click Yes.
+
+
Creating a Plug-in
+APIG provides flexible extension capabilities for APIs through plug-ins.
+
Plug-in parameters will be stored as plaintext. To prevent information leakage, do not contain sensitive information in these parameters.
+
+
Guidelines for Using Plug-ins
- An API can be bound with only one plug-in of the same type.
- Plug-ins are independent of APIs. A plug-in takes effect for an API only after they are bound to each other. When binding a plug-in to an API, you must specify an environment where the API has been published. The plug-in takes effect for the API only in the specified environment.
- After you bind a plug-in to an API, unbind the plug-in from the API, or update the plug-in, you do not need to publish the API again.
- Taking an API offline does not affect the plug-ins bound to it. The plug-ins are still bound to the API if the API is published again.
- Plug-ins that have been bound to APIs cannot be deleted.
+
+
Creating a Plug-in
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- In the navigation pane, choose API Publishing > Plug-ins.
- Click Create Plug-in.
In the Create Plug-in dialog box, configure the plug-in information.
+
+
Table 1 Plug-in configurationParameter
+ |
+Description
+ |
+
|---|
+
+Plug-in Name
+ |
+Name of the plug-in you want to create. It is recommended that you enter a name based on certain naming rules to facilitate identification and search.
+ |
+
+Plug-in Type
+ |
+Type of the plug-in, which determines the extension capabilities of the plug-in.
+- CORS: Specifies preflight request headers and response headers and automatically creates preflight request APIs for cross-origin API access.
- HTTP Response Headers: Enables you to customize HTTP response headers that will be displayed in an API response.
- Request throttling: Limits the number of times that an API can be called within a specific time period. Parameter-based, basic, and excluded throttling is supported.
+ |
+
+Plug-in Content
+ |
+Content of the plug-in, which can be configured in a form or using a script.
+The plug-in content varies depending on the plug-in type:
+
+ |
+
+Description
+ |
+Description of the plug-in.
+ |
+
+
+
+
+
- Click OK.
After creating the plug-in, bind it to the API for which the plug-in will take effect.
+
+
+
Binding a Plug-in to an API
- In the navigation pane, choose API Publishing > APIs.
- Click the name of the target API to go to the API details page.
- On the Plug-ins tab page, click Bind.
- In the Bind Plug-in dialog box, select an environment and plug-in type, and select the plug-in to bind.
- Click OK.
+
+
HTTP Response Header Management Plug-in
+HTTP response headers are part of the response returned by APIG to a client that calls an API. You can customize HTTP response headers that will be contained in an API response.
+
If your gateway does not support the HTTP response header management plug-in, contact customer service to upgrade the gateway.
+
+
Usage Guidelines
You cannot modify the response headers, such as x-apig-* and x-request-id, added by APIG, or the headers configured for CORS.
+
+
Configuration Parameters
+
Table 1 Configuration parametersParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+Response header name, which is case-insensitive and must be unique within a plug-in. You can add a maximum of 10 response headers.
+ |
+
+Value
+ |
+Value of the response header. This parameter does not take effect and can be left blank if you set Action to Delete.
+ |
+
+Action
+ |
+Response header operation. You can override, append, delete, skip, or add the specified header.
+Override
+- The value of this response header will override that of the same header that exists in an API response.
- If an API response contains multiple headers with the same name as the one you set here, only the value of the specified header will be returned.
- If an API response does not contain the specified header, the value you set here will be returned.
+Append
+- If an API response contains the specified header, the value you set here will be added, following the existing value. The two values will be separated with commas (,).
- If an API response contains multiple headers with the same name as the one you set here, values of these headers will be separated with commas (,) and followed by the value of the specified header.
- If an API response does not contain the specified header, the value you set here will be returned.
+Delete
+- If an API response contains the specified header, the header will be deleted.
- If an API response contains multiple headers with the same name as the one you set here, all these headers will be deleted.
+Skip
+- If an API response contains the specified header, the header will be skipped.
- If an API response contains multiple headers with the same name as the one you set here, values of all these headers will be returned without modification.
- If an API response does not contain the specified header, the value you set here will be returned.
+Add
+The value of the specified header will be returned even if the header does not exist in an API response.
+ |
+
+
+
+
+
+
Example Script
{
+ "response_headers": [
+ {
+ "name": "test",
+ "value": "test",
+ "action": "append"
+ },
+ {
+ "name": "test1",
+ "value": "test1",
+ "action": "override"
+ }
+ ]
+}
+
+
Gateway Management
+
+
+
+
+
diff --git a/docs/apig/umn/apig-ug-0008.html b/docs/apig/umn/apig-ug-0008.html
new file mode 100644
index 000000000..d48a79004
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0008.html
@@ -0,0 +1,33 @@
+
+
+
+ API Opening
+
+
+
+
+
diff --git a/docs/apig/umn/apig-ug-0009.html b/docs/apig/umn/apig-ug-0009.html
new file mode 100644
index 000000000..adf81188c
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0009.html
@@ -0,0 +1,19 @@
+
+
+
+ API Calling
+
+
+
+
+
diff --git a/docs/apig/umn/apig-ug-0010.html b/docs/apig/umn/apig-ug-0010.html
new file mode 100644
index 000000000..76df36193
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0010.html
@@ -0,0 +1,20 @@
+
+
+Calling Published APIs
+
+
+
diff --git a/docs/apig/umn/apig-ug-0011.html b/docs/apig/umn/apig-ug-0011.html
new file mode 100644
index 000000000..22af73837
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0011.html
@@ -0,0 +1,99 @@
+
+
+Calling APIs
+Obtaining APIs and Documentation
Before calling APIs, obtain the request information from the API provider, including the access domain name, protocol, method, path, and request parameters.
+
+
Obtain APIs: from your company or from a partner
+
Obtain related documentation from the help center of the API provider's official website:
+
+
The authentication information to be obtained varies with the API authentication mode.
+
- App authentication:
- Signature authentication: Obtain the key and secret (or client AppKey and AppSecret) of the app authorized for the API from the API provider as well as the SDK for calling the API.
- Simple authentication: Obtain the AppCode of the app authorized for the API from the API provider.
- Other authentication modes: Obtain the key and secret (or client AppKey and AppSecret) of the app authorized for the API from the API provider.
+ - IAM authentication: The account credential (token or AK/SK obtained with the account and password) obtained on the cloud service platform is used for authentication. If the AK/SK is used for authentication, you also need to obtain the SDK from the API provider for calling the API.
- Custom authentication: Obtain the custom authentication information to be carried in the request parameters from the API provider.
- None: No authentication information is required.
+
Calling an API
This section describes only the configuration of the request path and authentication parameters. For other parameters, such as timeout and SSL, configure them as required. To avoid service loss due to incorrect parameters, configure them by referring to the industry standards.
+
+
- Set the request path.
+
Scenario
+ |
+Request Parameter Configuration
+ |
+
|---|
+
+Calling an API with a domain name
+ |
+Call the API using the subdomain name allocated to the API group or a domain name bound to the group. No additional configuration is required.
+ |
+
+Calling an API in the DEFAULT group with an IP address
+ |
+In the shared gateway, call an API in the DEFAULT group with an IP address. No additional configuration is required.
+ |
+
+Calling an API in a non-DEFAULT group with an IP address
+ |
+- To call APIs using an IP address, ensure that the app_route parameter has been set to on on the Configuration Parameters tab page of the dedicated gateway.
- To use an IP address to call an API that uses app authentication in a non-DEFAULT group, add the header parameters X-HW-ID and X-HW-APPKEY and set the parameter values to the key and secret of an app authorized for the API or a client AppKey and AppSecret.
- To use an IP address to call an API that does not use app authentication in a non-DEFAULT group, add the header parameter host.
+ |
+
+
+
+
- Set the authentication parameters.
+
Authentication Mode
+ |
+Request Parameter Configuration
+ |
+
|---|
+
+App authentication (with a signature)
+ |
+Use the SDK to sign API requests. For details, see section "Calling APIs Through App Authentication" in the API Gateway Developer Guide.
+ |
+
+App authentication (through simple authentication)
+ |
+Add the header parameter X-Apig-AppCode and set the parameter value to the AppCode obtained in Obtaining APIs and Documentation. For details, see Getting Started.
+ |
+
+App authentication (with app_secret)
+ |
+- On the Configuration Parameters tab page of a dedicated gateway, the app_secret parameter has been set to on to enable app_secret authentication and app_api_key has been set to off to disable app_api_key authentication.
- Add the header parameter X-HW-ID and set the parameter value to the key of the app authorized for the API or the client AppKey.
- Add the header parameter X-HW-AppKey and set the parameter value to the secret or AppSecret obtained in Obtaining APIs and Documentation.
+ |
+
+App authentication (with app_basic)
+ |
+- To enable app_basic authentication, ensure that the app_basic parameter has been set to on on the Configuration Parameters tab page of the dedicated gateway.
- Add the header parameter Authorization and set the parameter value to "Basic + base64 (appkey + : + appsecret)", in which appkey and appsecret are the key and secret (or AppKey and AppSecret) obtained in Obtaining APIs and Documentation.
+ |
+
+IAM authentication (with a token)
+ |
+Obtain a token from the cloud platform and carry the token in API requests for authentication. For details, see section "Token Authentication" in the API Gateway Developer Guide.
+ |
+
+IAM authentication (with AK/SK)
+ |
+Use an SDK to sign API requests. For details, see section "AK/SK Authentication" in the API Gateway Developer Guide.
+ |
+
+Custom authentication
+
+ |
+Carry authentication information in API request parameters for authentication.
+ |
+
+None
+
+ |
+Call APIs without authentication.
+ |
+
+
+
+
+
+
Getting Started
+
+
+
diff --git a/docs/apig/umn/apig-ug-0013.html b/docs/apig/umn/apig-ug-0013.html
new file mode 100644
index 000000000..6a712081c
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0013.html
@@ -0,0 +1,12 @@
+
+
+Introduction
+API Gateway (APIG) is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With APIG, you can easily integrate your internal service systems and selectively expose your service capabilities.
+
To learn about the process of exposing and calling an API, see Opening APIs and Calling APIs. Simple authentication with an app is used for illustration.
+
Request Throttling Plug-in
+The request throttling plug-in limits the number of times an API can be called within a specific time period. It supports parameter-based, basic, and excluded throttling.
+
If your gateway does not support the request throttling plug-in, contact customer service to upgrade the gateway.
+
+
- Basic throttling
Throttle requests by API, user, app, or source IP address. This function is equivalent to a request throttling policy but is incompatible with it.
+ - Parameter-based throttling
Throttle requests based on headers, path parameters, methods, query strings, or system variables.
+ - Excluded throttling
Throttle requests based on specific apps or tenants.
+
+
Constraints
- A request throttling policy becomes invalid if a request throttling plug-in is bound to the same API as the policy.
- You can define a maximum of 100 parameter rules.
- The plug-in content cannot exceed 65,535 characters.
+
+
Configuration Parameters
+
Table 1 Configuration parametersParameter
+ |
+Description
+ |
+
|---|
+
+Policy Type
+ |
+
+ |
+
+Period
+ |
+For how long you want to limit the number of API requests.
+- Max. API Requests: Limit the maximum number of times an API can be called within a specific time period.
- Max. User Requests: Limit the maximum number of times an API can be called by a user within a specific time period.
- Max. App Requests: Limit the maximum number of times an API can be called by an app within a specific time period.
- Max. IP Address Requests: Limit the maximum number of times an API can be called by an IP address within a specific time period.
+ |
+
+Max. API Requests
+ |
+The maximum number of times each bound API can be called within the specified period.
+This parameter must be used together with Period.
+ |
+
+Max. User Requests
+ |
+The maximum number of times each bound API can be called by a user within the specified period. For APIs with IAM authentication, the throttling is based on a project ID; for APIs with app authentication, the throttling is based on an account ID. For details about account IDs and project IDs, see the description about Excluded Tenants in this table.
+- The value of this parameter cannot exceed that of Max. API Requests.
- This parameter must be used together with Period.
- If there are many users under your account that access an API, the request throttling limits of the API will apply to all these users.
+ |
+
+Max. App Requests
+ |
+The maximum number of times each bound API can be called by an app within the specified period. This limit only applies to APIs that are accessed through app authentication.
+- The value of this parameter cannot exceed that of Max. User Requests.
- This parameter must be used together with Period.
+ |
+
+Max. IP Address Requests
+ |
+The maximum number of times each bound API can be called by an IP address within the specified period.
+- The value of this parameter cannot exceed that of Max. API Requests.
- This parameter must be used together with Period.
+ |
+
+Parameter-based Throttling
+ |
+Enable or disable parameter-based throttling. After this function is enabled, API requests are throttled based on specified parameters.
+ |
+
+Parameters
+ |
+Define parameters for throttling rules.
+- Parameter Location: the location of a parameter to be used in a rule.
- path: API request URI. This parameter is configured by default.
- method: API request method. This parameter is configured by default.
- Header: the value of the first HTTP header with the parameter name you set.
- Query: the value of the first query string with the parameter name you set.
- System: a system parameter.
+ - Parameter Name: the name of a parameter to match the specified value in a rule.
+ |
+
+Rules
+ |
+Define throttling rules. A rule consists of conditions, an API request throttling limit, and a period.
+To add more rules, click Add Rule.
+- Conditions
Click  to set condition expressions. To set an expression, select a parameter and operator, and enter a value.
+- =: equal to
- !=: not equal to
- pattern: regular expression
- enum: enumerated values. Separate multiple values with commas (,).
+ - Max. API Requests
The maximum number of times that an API can be called within a specific time period.
+ - Period
A period of time that will apply with the throttling limit you set. If not specified, the period set in the Police Details area will be used.
+
+For example, configure parameter-based throttling as follows: add the Host parameter and specify the location as Header; add the condition Host = www.abc.com, and set the throttling limit to 10 and the period to 60s. For APIs whose Host parameter in the request header is equal to www.abc.com, they cannot be called again once called 10 times in 60s.
+ |
+
+Excluded Throttling
+ |
+Enable or disable excluded throttling. After this function is enabled, the throttling limits for excluded tenants and apps override the Max. User Requests and Max. App Requests in the Basic Throttling area.
+ |
+
+Excluded Tenants
+ |
+Tenant ID: an account ID or project ID.
+- Specify a project ID for an API with app authentication. For details, see "Obtaining a Project ID" in the API Gateway API Reference.
- Specify an account ID (not IAM user ID) for an API with IAM authentication. For details, see "Obtaining an Account Name and Account ID" in the API Gateway API Reference.
+Threshold: the maximum number of times that a specific tenant can access an API within the specified period. The threshold cannot exceed the value of Max. API Requests in the Basic Throttling area.
+ |
+
+Excluded Apps
+ |
+Select an app, and specify the maximum number of times that the app can access an API within the specified period. The threshold cannot exceed the value of Max. API Requests in the Basic Throttling area.
+ |
+
+
+
+
+
+
Example Script
{
+ "scope": "basic",
+ "default_interval": 60,
+ "default_time_unit": "second",
+ "api_limit": 100,
+ "app_limit": 50,
+ "user_limit": 50,
+ "ip_limit": 20,
+ "specials": [
+ {
+ "type": "app",
+ "policies": [
+ {
+ "key": "2e421d76dc6c4c75941511ccf654e368",
+ "limit": 10
+ }
+ ]
+ },
+ {
+ "type": "user",
+ "policies": [
+ {
+ "key": "878f1b87f71c40a7a15db0998f358bb9",
+ "limit": 10
+ }
+ ]
+ }
+ ],
+ "parameters": [
+ {
+ "type": "path",
+ "name": "reqPath",
+ "value": "reqPath"
+ },
+ {
+ "type": "method",
+ "name": "method",
+ "value": "method"
+ },
+ {
+ "type": "header",
+ "name": "Host",
+ "value": "Host"
+ }
+ ],
+ "rules": [
+ {
+ "match_regex": "[\"Host\",\"==\",\"www.abc.com\"]",
+ "rule_name": "rule-jlce",
+ "time_unit": "second",
+ "interval": 0,
+ "limit": 5
+ }
+ ]
+}
+
+
Service Overview
+
+
+
diff --git a/docs/apig/umn/apig-ug-0017.html b/docs/apig/umn/apig-ug-0017.html
new file mode 100644
index 000000000..5bbffa02e
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0017.html
@@ -0,0 +1,33 @@
+
+
+What Is APIG?
+API Gateway (APIG) is a high-performance, high-availability, and high-security API hosting service that helps you build, manage, and deploy APIs at any scale. With just a few clicks, you can integrate internal systems, and selectively expose capabilities with minimal costs and risks.
+
- To monetize your service and data capabilities, you can open them up by creating APIs in APIG. Then you can provide the APIs for API callers using offline channels.
- You can also obtain open APIs from APIG to reduce your development time and costs.
+
Figure 1 APIG architecture
+
Product Functions
- API lifecycle management
The lifecycle of an API involves creating, publishing, removing, and deleting the API. API lifecycle management enables you to quickly and efficiently expose service capabilities.
+ - Cloud native gateway
APIG integrates traffic ingress (Kubernetes Ingress) and microservice governance (Kubernetes Gateway API) in one gateway, improving performance, simplifying the architecture, and reducing deployment and O&M costs.
+ - Built-in debugging tool
With the built-in debugging tool, you can debug APIs using different HTTP headers and request bodies. This tool simplifies the API development process and reduces the API development and maintenance costs.
+ - Version management
An API can be published in different environments. Publishing an API again in the same environment will override the API's previous version. APIG displays the publication history (including the version, description, date and time, and environment) of each API. You can roll back an API to any historical version to meet dark launch and version upgrade requirements.
+ - Environment variables
Environment variables are manageable and specific to environments. Variables of an API will be replaced by the values of the variables in the environment where the API will be published. You can create variables in different environments to call different backend services using the same API.
+ - Request throttling
- For different services and users, you can control the request frequency at which an API can be called by a user, an app, and an IP address. This ensures that backend services can run stably.
- The throttling can be accurate to the second, minute, hour, or day.
- Excluded apps and tenants can be configured to limit the number of API calls from specific apps and tenants, respectively.
+ - Monitoring and alarm
APIG provides visualized, real-time API monitoring, and displays multiple metrics, including number of requests, invocation latency, and number of errors. The metrics help you understand the API usage, allowing you to identify potential service risks.
+ - Access control
Access control policies are one of the security measures provided by APIG. They allow or deny API access from specific IP addresses or accounts.
+ - VPC channels
VPC channels can be created for accessing resources in Virtual Private Clouds (VPCs) and exposing capabilities of backend services deployed in VPCs. A VPC channel forwards API requests to different servers for load balancing.
+ - Signature keys
A signature key consists of a key and secret, and takes effect only after being bound to APIs. Signature keys are used by backend services to verify the identity of APIG and ensure secure access.
+ - Mock response
Mock backends simulate API responses for circuit breakers, service degradation, and redirection.
+
+
+
Managing VPC Endpoints
+VPC endpoints are secure and private channels for connecting VPCs to VPC endpoint services.
+
APIs can be exposed and accessed across VPCs in the same region of the same cloud.
+
Figure 1 Cross-VPC access in the same region
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways.
- Click Access Console next to a gateway or click the gateway name.
- Click VPC Endpoints to view details. For details, see "VPC Endpoints" in the VPC Endpoint User Guide.
+
Table 1 VPC endpoint informationParameter
+ |
+Description
+ |
+
|---|
+
+VPC Endpoint Service
+ |
+Name of the VPC endpoint service. When you purchase a gateway, a VPC endpoint service is automatically created and the gateway can be accessed using a VPC endpoint.
+ |
+
+Connections
+ |
+VPC endpoints connected to the gateway. By default, the endpoints are connected to the VPC you selected when purchasing the gateway.
+
+ |
+
+Permissions
+ |
+Specify accounts allowed to access using the VPC endpoints by adding the account IDs to the whitelist.
+Click Add Account and enter an account ID. To obtain the account ID, see "Obtaining an Account Name and Account ID" in the API Gateway API Reference.
+- Account ID: ID of an account allowed to access using the VPC endpoints.
- Created: time when the whitelist is created.
- Operation: Manage access of the account from VPC endpoints. To forbid access of the account, remove it from the whitelist.
+ |
+
+
+
+
+
+
Key Operations Recorded by CTS
+
+
+
diff --git a/docs/apig/umn/apig-ug-0021.html b/docs/apig/umn/apig-ug-0021.html
new file mode 100644
index 000000000..5e9f5e966
--- /dev/null
+++ b/docs/apig/umn/apig-ug-0021.html
@@ -0,0 +1,12 @@
+
+
+Querying Audit Logs
+Query audit logs by following the procedure in section "Querying Real-Time Traces" in the Cloud Trace Service User Guide.
+
Figure 1 Viewing logs
+
Binding a Domain Name
+- On the API Groups page, click the group created in Creating an API Group to go to the group details page.
- Click the Domain Names tab.
- Click Bind Independent Domain Name.
The independent domain name must be registered and resolved. For details, see "Prerequisites" in Binding a Domain Name.
+
+
+
Debugging an API
+- On the APIs page, locate the API created in Creating an API, and choose More > Debug.
- On the left side, set the API request parameters listed in Table 1. On the right side, view the API request and response information after you click Send Request.
+
Table 1 Parameters for debugging an APIParameter
+ |
+Description
+ |
+
|---|
+
+Protocol
+ |
+This parameter can be modified only if you set Protocol to HTTP&HTTPS for the API.
+ |
+
+Method
+ |
+This parameter can be modified only if you set Method to ANY for the API.
+ |
+
+Path
+ |
+Request path of the API.
+ |
+
+Query Strings
+ |
+Query string parameters and values.
+ |
+
+Headers
+ |
+HTTP headers and values.
+ |
+
+Body
+ |
+This parameter can be modified only if you set Method to PATCH, POST, or PUT for the API.
+ |
+
+
+
+
- Click Send Request.
If the API is called successfully, the status code 200 is displayed.
+
+
+
Permissions Management
+
+
+
+
+
diff --git a/docs/apig/umn/apig-ug-190529109.html b/docs/apig/umn/apig-ug-190529109.html
new file mode 100644
index 000000000..fd99e150e
--- /dev/null
+++ b/docs/apig/umn/apig-ug-190529109.html
@@ -0,0 +1,64 @@
+
+
+Creating a User and Granting APIG Permissions
+This topic describes how to use Identity and Access Management (IAM) to implement permissions control for your APIG resources. With IAM, you can:
+
- Create IAM users for employees based on your enterprise's organizational structure. Each IAM user will have their own security credentials for accessing APIG resources.
- Grant only the permissions required for users to perform a specific task.
- Entrust an account or a cloud service to perform O&M on your APIG resources.
+
If your account does not require individual IAM users, skip this chapter.
+
This section describes the procedure for granting permissions (see Figure 1).
+
Prerequisites
Learn about the permissions (see
Table 1) supported by APIG and choose policies or roles according to your requirements. For the permissions of other services, see
Others >
Permissions in the service list.
+
Table 1 System-defined roles and policies supported by APIGRole/Policy Name
+ |
+Description
+ |
+Type
+ |
+Dependency
+ |
+
|---|
+
+APIG Administrator
+ |
+Administrator permissions for APIG. Users granted these permissions can use all functions of API gateways.
+ |
+System-defined role
+ |
+None
+ |
+
+APIG FullAccess
+ |
+Full permissions for APIG. Users granted these permissions can use all functions of dedicated gateways.
+ |
+System-defined policy
+ |
+None
+ |
+
+APIG ReadOnlyAccess
+ |
+Read-only permissions for APIG. Users granted these permissions can only view dedicated gateways.
+ |
+System-defined policy
+ |
+None
+ |
+
+
+
+
+
+
+
Process Flow
Figure 1 Process for granting APIG permissions
+
+
- Create a user group and assign permissions.
Create a user group on the IAM console, and attach the APIG Administrator role or the APIG FullAccess policy to the group.
+ - Create an IAM user.
Create a user on the IAM console and add the user to the group created in 1.
+ - Log in and verify permissions.
Log in to the APIG console as the created user, and verify that the user has administrator permissions for APIG.
+
+
+
Buying a Dedicated Gateway
+This section describes how to buy a dedicated gateway. You can create APIs and use them to provide services only after a dedicated gateway is created.
+
Information on Buying a Dedicated Gateway
There are some limitations on buying a dedicated gateway. If you cannot buy a dedicated gateway or a gateway fails to be created, check the following items:
+
- Gateway quota
By default, your account can be used to create five dedicated gateways in a project. To create more dedicated gateways, submit a service ticket to increase the quota.
+ - Permissions
You must be assigned both the APIG Administrator and VPC Administrator roles.
+Alternatively, you must be attached the APIG FullAccess policy.
+You can also be granted permissions using custom policies. For details, see APIG Custom Policies.
+ - Number of available private IP addresses in the subnet
The basic, professional, enterprise, and platinum editions of APIG require 3, 5, 6, and 7 private IP addresses in a subnet, respectively. Ensure that the subnet you choose has sufficient private IP addresses on the Virtual Private Cloud (VPC) console.
+
+
+
Network Environment
- VPC
Dedicated gateways are deployed in VPCs. Cloud resources, such as Elastic Cloud Servers (ECSs), in the same VPC can call APIs using the private IP address of the dedicated gateway deployed in the VPC.
+You are advised to deploy your dedicated gateways in the same VPC as your other services to facilitate network configuration and secure network access.
+ VPCs of dedicated gateways cannot be modified.
+
+ - EIP
To allow public inbound access to the APIs deployed in a dedicated gateway, buy an Elastic IP (EIP) and bind it to the dedicated gateway.
+ For APIs whose backend services are deployed on a public network, APIG automatically generates an IP address for public outbound access and you do not need to buy an EIP.
+
+ - Security group
Similar to a firewall, a security group controls access to a gateway through a specific port and transmission of communication data from the gateway to a specific destination address. For security purposes, create inbound rules for the security group to allow access only on specific ports.
+The security group bound to a dedicated gateway must meet the following requirements:
+- Inbound access: To allow the APIs in the dedicated gateway to be accessed over public networks or from other security groups, add inbound rules for the security group to allow access on ports 80 (HTTP) and 443 (HTTPS).
- Outbound access: If the backend service of an API is deployed on a public network or in another security group, add outbound rules for the security group to allow access to the backend service address through the API calling port.
- If the frontend and backend services of an API are bound with the same security group and VPC as the dedicated gateway, no inbound or outbound rules are needed to allow access through the preceding ports.
+
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways.
- Click Buy Dedicated Gateway.
+
Table 1 Parameters for creating a dedicated gatewayParameter
+ |
+Description
+ |
+
|---|
+
+Region
+ |
+A geographic area where the gateway will be deployed. Deploy the gateway in the same region as your other services to allow all services to communicate with each other through subnets within a VPC. This reduces public bandwidth costs and network latency.
+ |
+
+AZ
+ |
+A physical region where resources use independent power supplies and networks. Availability zones (AZs) are physically isolated but interconnected through an internal network.
+To enhance gateway availability, deploy the gateway in multiple AZs.
+ |
+
+Gateway Name
+ |
+Gateway name.
+ |
+
+Edition
+ |
+The basic, professional, enterprise, and platinum editions are available.
+ |
+
+Scheduled Maintenance
+ |
+Time period when the gateway can be maintained. The technical support personnel will contact you before maintenance.
+Select a time period with low service demands.
+ |
+
+Enterprise Project
+ |
+Select an enterprise project to which the dedicated gateway belongs. This parameter is available only if your account is an enterprise account.
+For details about resource usage, migration, and user permissions of enterprise projects, see Enterprise Management User Guide.
+ |
+
+Load Balancing with ELB
+ |
+Indicates whether to use ELB as a load balancer of the gateway.
+After you enable this option, cross-VPC inbound access is supported. When you enable public inbound access, an EIP is automatically assigned by the gateway, and you cannot specify one.
+ |
+
+Public Inbound Access
+ |
+Determine whether to allow the APIs created in the dedicated gateway to be called by external services using an EIP. To enable this function, assign an EIP to the dedicated gateway.
+ NOTE: - APIs in the dedicated gateway can be called using independent domain names or subdomain names. There is a limitation on the number of times that APIs in an API group can be called per day using the subdomain name. To overcome the limitation, bind independent domain names to the API group and ensure that the independent domain names have already been CNAMEd to the EIP of the dedicated gateway to which the API group belongs.
For example, you have an HTTPS API (path: /apidemo) with public access enabled. The API can be called using "https://{domain}/apidemo", where domain indicates an independent domain name bound to the API group to which the API belongs. The independent domain name must have already been CNAMEd to the EIP of the dedicated gateway. The default port is 443.
+
+
+ |
+
+Public Outbound Access
+ |
+Determine whether to allow backend services of the APIs created in the dedicated gateway to be deployed on public networks. If you enable this option, set a bandwidth that meets your service requirements. The bandwidth is billed by hour based on the rate of the EIP service.
+ |
+
+Network
+ |
+Select a VPC and subnet for the dedicated gateway.
+Cloud resources (such as ECSs) within the same VPC can call APIs using the private IP address of the dedicated gateway.
+Deploy the dedicated gateway in the same VPC as your other services to facilitate network configuration and secure network access.
+ |
+
+Security Group
+ |
+Select a security group to control inbound and outbound access.
+If the backend service of an API is deployed on an external network, configure security group rules to allow access to the backend service address through the API calling port.
+ NOTE: If public inbound access is enabled, add inbound rules for the security group to allow access on ports 80 (HTTP) and 443 (HTTPS).
+
+ |
+
+Description
+ |
+Description of the gateway.
+ |
+
+
+
+
- Click Next.
- Check the gateway configurations, and click Pay Now. The gateway creation progress is displayed on the screen.
+
+
Follow-Up Operations
After the gateway is created, you can create and manage APIs on the console of the gateway. The Gateway Information page shows the gateway details, network configurations, API resources, and metrics.
+
You can modify the gateway name, description, scheduled maintenance time window, security group, and EIP.
+
+
Modifying a Dedicated Gateway
+You can modify the basic information and configuration parameters of dedicated gateways.
+
Modifying Basic Information
To modify the basic information about a dedicated gateway, do as follows:
+
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways.
- Click Access Console in the upper right corner of the dedicated gateway you want to modify.
- On the Basic Information tab page, modify the basic information.
+
Table 1 Basic information about a dedicated gatewayParameter
+ |
+Description
+ |
+
|---|
+
+Gateway Name
+ |
+Name of the gateway.
+ |
+
+Description
+ |
+Description of the gateway.
+ |
+
+Scheduled Maintenance
+ |
+Time period when the gateway can be maintained by technical support personnel. The technical support personnel will contact you if any maintenance activity is going to take place during the window.
+Select a time period with low service demands.
+ |
+
+Security Group
+ |
+Select a security group to control inbound and outbound access.
+If the backend service of an API is deployed on an external network, configure security group rules to allow access to the backend service address through the API calling port.
+ NOTE: - If you change the security group, the new security group must meet the requirements for calling APIs included in the dedicated gateway and accessing the backend services of these APIs.
- If public inbound access is enabled, add inbound rules for the security group to allow access on ports 80 (HTTP) and 443 (HTTPS).
+
+ |
+
+EIP
+ |
+Determine whether to allow the APIs created in the dedicated gateway to be called by external services using an EIP. To enable this function, assign an EIP to the dedicated gateway.
+APIs in the dedicated gateway can be called using independent domain names or subdomain names. There is a limitation on the number of times that APIs in an API group can be called per day using the subdomain name.
+To overcome the limitation, bind independent domain names to the API group and ensure that the independent domain names have already been CNAMEd to the EIP of the dedicated gateway to which the API group belongs.
+ |
+
+Bandwidth
+ |
+When EIP is enabled, Bandwidth is displayed in the Inbound Access area.
+The bandwidth is billed by hour based on the rate of the EIP service.
+ |
+
+Outbound Access
+ |
+Determine whether to allow API backend services to be deployed on public networks and accessed using the IP address automatically generated by APIG. You can enable or disable outbound access at any time.
+ |
+
+Bandwidth
+ |
+The bandwidth is billed by hour based on the rate of the EIP service.
+ |
+
+Routes
+ |
+Configure routes at your premises if the subnet of your data center is within the following three segments: 10.0.0.0/8-24, 172.16.0.0/12-24, and 192.168.0.0/16-24.
+ |
+
+
+
+
+
+
Modifying Configuration Parameters
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways.
- Click Access Console in the upper right corner of the dedicated gateway you want to modify.
- Click the Configuration Parameters tab, and click Edit in the row containing the parameter you want to modify.
+
Table 2 Configuration parametersParameter Name
+ |
+Description
+ |
+
|---|
+
+ratelimit_api_limits
+ |
+Default request throttling value applied to all APIs. The total number of times an API can be called is determined by this parameter only if no request throttling policy is bound to the API. The Max. API Requests of a request throttling policy cannot exceed the value of this parameter.
+ |
+
+request_body_size
+ |
+The maximum body size allowed for an API request.
+ |
+
+backend_timeout
+ |
+Backend response timeout. Value range: 1 ms to 600,000 ms.
+ |
+
+app_token
+ |
+Determine whether to enable app_token authentication. If you enable this function, an access_token can be added to the API request for authentication.
+- app_token_expire_time: the validity period of an access_token. A new access_token must be obtained before the original access_token expires.
- refresh_token_expire_time: the validity period of a refresh_token. A refresh_token is used to obtain a new access_token.
- app_token_uri: the URI used to obtain an access_token.
- app_token_key: the encryption key of an access token.
+ |
+
+app_basic
+ |
+Determine whether to enable app_basic authentication. After this option is enabled, users can add the header parameter Authorization and set the parameter value to "Basic + base64 (appkey + : + appsecret)", in which appkey and appsecret are the key and secret of an app or the AppKey and AppSecret of a client.
+ |
+
+app_secret
+ |
+Determine whether to enable app_secret authentication. If you enable this function, the X-HW-ID and X-HW-AppKey parameters can be added to the API request to carry the key and secret of an app (the AppKey and AppSecret of a client) for authentication.
+If you want to enable app_secret authentication, app_api_key authentication must be disabled.
+ |
+
+app_route
+ |
+Determine whether to support IP address–based API access. If you enable this function, APIs that use app authentication in any group except DEFAULT can be called using IP addresses.
+ |
+
+backend_client_certificate
+ |
+Determine whether to enable backend two-way authentication. If you enable this function, you can configure two-way authentication for a backend when creating an API.
+ |
+
+ssl_ciphers
+ |
+Supported HTTPS cipher suites. Select cipher suites that meet your requirements.
+ |
+
+real_ip_from_xff
+ |
+Determine whether to use the IP addresses in the X-Forwarded-For header for access control and request throttling.
+xff_index: Sequence number of an IP address in the X-Forwarded-For header. The value can be positive, negative, or 0.
+- If the value is 0 or positive, the IP address of the corresponding index in the X-Forwarded-For header will be obtained.
- If the value is negative, the IP address of the indicated reverse sequence in the X-Forwarded-For header will be obtained.
+For example, assume that the X-Forwarded-For header of a request received by API gateway contains three IP addresses: IP1, IP2, and IP3. If the value of xff_index is 0, IP1 is obtained. If the value is 1, IP2 is obtained. If the value is –1, IP3 is obtained. If the value is –2, IP2 is obtained.
+ |
+
+vpc_name_modifiable
+ |
+Determine whether load balance channel names can be modified.
+ NOTICE: If this option is enabled, load balance channels of the current gateway cannot be managed using project-level load balance channel management APIs.
+
+ |
+
+
+
+
+
+
FAQs
+
+
+
diff --git a/docs/apig/umn/apig-zh-pd-180307002.html b/docs/apig/umn/apig-zh-pd-180307002.html
new file mode 100644
index 000000000..fb6768fae
--- /dev/null
+++ b/docs/apig/umn/apig-zh-pd-180307002.html
@@ -0,0 +1,24 @@
+
+
+Product Advantages
+Available Out-of-the-Box
You can quickly create APIs by configuring the required settings on the API Gateway console. API Gateway provides an inline debugging tool to simplify API development, and allows you to publish an API in multiple environments for easy testing and fast iteration.
+
+
Convenient API Lifecycle Management
API Gateway provides full-lifecycle API management, including design, development, test, publish, and O&M, to help you quickly build, manage, and deploy APIs at any scale.
+
+
Refined Request Throttling
API Gateway combines synchronous and asynchronous traffic control and multiple algorithms to throttle requests at the second level. You can flexibly define request throttling policies to ensure stability and continuity of API services.
+
+
Visualized API Monitoring
API Gateway monitors the number of API calls, data latency, and number of errors, helping you identify potential service risks.
+
+
Comprehensive Security Protection
API Gateway provides multiple measures to secure API calling, such as Secure Sockets Layer (SSL) transfer, strict access control, IP address blacklist/whitelist, authentication, anti-replay, anti-attack, and multiple audit rules. In addition, API Gateway implements flexible and refined quota management and request throttling to help you flexibly and securely open your backend services.
+
+
Flexible Policy Routes
You can configure backends for an API to forward requests according to multiple policies. This facilitates dark launch and environment management.
+
+
SDKs of Different Programming Languages
SDKs of different programming languages (such as Java, Go, Python, and C) are available for access from clients. Because the backends do not need to be modified, only one system is required to adapt to different service scenarios (such as mobile devices and IoT).
+
+
Application Scenarios
+Internal System Decoupling
As enterprises develop rapidly with quick business changes, internal systems of enterprises need to keep pace with the development. However, it is difficult to ensure system universality and stability because internal systems are dependent on each other. APIG uses standard RESTful APIs to simplify the service architecture, decouples internal systems, and separates the frontend from backend. Existing capabilities can be reused to avoid repetitive development.
+
+
+
Enterprise Capabilities Opening
An enterprise cannot develop without partners' capabilities, such as a third-party payment platform and partner account login. APIG enables you to selectively expose capabilities to partners by using standard APIs and share services and data with partners to build a new ecosystem.
+
+
+
Basic Concepts
+API
A set of predefined functions that encapsulates application capabilities. You can create APIs and make them accessible to users.
+
When creating an API, you need to configure the basic information and the frontend and backend request paths, parameters, and protocols.
+
+
API Group
A collection of APIs used for the same service. API groups facilitate API management.
+
+
Environment
A stage in the lifecycle of an API. An environment, such as API testing or development environment, specifies the usage scope of APIs, facilitating API lifecycle management. The same API can be published in different environments.
+
To call an API in different environments, you need to add the x-stage header parameter to the request sent to call the API. The value of this parameter is an environment name.
+
+
Environment Variable
A variable that is manageable and specific to an environment. You can create variables in different environments to call different backend services using the same API.
+
+
Request Throttling
Controls the number of times APIs can be called by a user, an app, or an IP address during a specific period to protect backend services.
+
Request throttling can be accurate to the minute and second.
+
+
Access Control
Access control policies are one of the security measures provided by APIG. They allow or deny API access from specific IP addresses or accounts.
+
+
App
An entity that requests for APIs. An app can be authorized to access multiple APIs, and multiple apps can be authorized to access the same API.
+
+
Signature Key
Consists of a key and secret, which are used by backend services to verify the identity of API Gateway and ensure secure access.
+
When an API bound with a signature key is called, API Gateway adds signature information to the API requests. The backend service of the API signs the requests in the same way, and verifies the identity of API Gateway by checking whether the signature is consistent with that in the Authorization header sent by API Gateway.
+
+
VPC Channel
A method for accessing VPC resources from API Gateway, allowing you to selectively expose backend services deployed in VPCs to third-party users.
+
+
Custom Authentication
A mechanism defined with custom rules for API Gateway to verify the validity and integrity of requests initiated by API callers. The mechanism is also used for backend services to verify the requests forwarded by API Gateway.
+
The following two types of custom authentication are provided:
+
- Frontend custom authentication: A custom authorizer is configured with a function to authenticate requests for an API.
- Backend custom authentication: A custom authorizer can be configured to authenticate requests for different backend services, eliminating the need to customize APIs for different authentication systems and simplifying API development. You only need to create a function-based custom authorizer in API Gateway to connect to the backend authentication system.
+
+
Simple Authentication
Simple authentication facilitates quick response for API requests by adding the X-Apig-AppCode parameter (whose value is an AppCode) to the HTTP request header. API Gateway verifies only the AppCode and does not verify the request signature.
+
+
Gateway Response
Gateway responses are returned if API Gateway fails to process API requests. API Gateway provides default responses for multiple scenarios and allows you to customize response status codes and content. You can add a gateway response in JSON format on the API Groups page.
+
+
Notes and Constraints
+To change the default restrictions, increase the quota by referring to
+
+
Table 1 Dedicated API gateway quotasItem
+ |
+Default Restriction
+ |
+Modifiable
+ |
+
|---|
+
+Gateways
+ |
+5
+ |
+√
+ |
+
+API groups
+ |
+1500
+ |
+√
+ |
+
+APIs
+ |
+Number of APIs for each gateway edition:
+- Basic: 250
- Professional: 800
- Enterprise: 2000
- Platinum: 8000
+ |
+√
+ |
+
+Backend policies
+ |
+5
+ |
+√
+ |
+
+Apps
+ |
+50. The app quota includes the apps you have created.
+ |
+√
+ |
+
+Request throttling policies
+ |
+- You can create a maximum of 300 request throttling policies for each gateway.
- The call limit for a single user cannot exceed that for the target API.
- The call limit for a single app cannot exceed that for a single user.
- The call limit for a single IP address cannot exceed that for the target API.
+ |
+√
+ |
+
+Environments
+ |
+10
+ |
+√
+ |
+
+Signature keys
+ |
+200
+ |
+√
+ |
+
+Access control policies
+ |
+100
+ |
+√
+ |
+
+VPC channels
+ |
+200
+ |
+√
+ |
+
+Variables
+ |
+You can create a maximum of 50 variables for an API group in each environment.
+ |
+√
+ |
+
+Independent domain names
+ |
+A maximum of five independent domain names can be bound to an API group.
+ |
+√
+ |
+
+Cloud servers
+ |
+A maximum of 10 cloud servers can be added to a VPC channel.
+ |
+√
+ |
+
+Parameters
+ |
+A maximum of 50 parameters can be created for an API.
+ |
+√
+ |
+
+API publication records
+ |
+A maximum of 10 publication records of an API can be retained for each environment.
+ |
+√
+ |
+
+API access rate
+ |
+Up to 6000 times per second
+ |
+√
+ |
+
+Excluded apps
+ |
+A maximum of 30 excluded apps can be added to a request throttling policy.
+ |
+√
+ |
+
+Excluded tenants
+ |
+A maximum of 30 excluded tenants can be added to a request throttling policy.
+ |
+√
+ |
+
+Access to a subdomain name
+ |
+A subdomain name can be accessed up to 1000 times a day.
+ |
+x
+ |
+
+Maximum size of an API request package
+ |
+12 MB
+ |
+√
+ |
+
+TLS protocol
+ |
+TLS 1.1 and TLS 1.2 are supported. TLS 1.2 is recommended.
+ |
+√
+ |
+
+Custom authorizers
+ |
+50
+ |
+x
+ |
+
+Plug-ins
+ |
+500
+ |
+√
+ |
+
+
+
+
+
Log Analysis
+Scenario
This section describes how to obtain and analyze the API calling logs of dedicated gateways.
+
+
Prerequisites
APIs have been called.
+
+
Procedure
- Log in to the management console.
- In the navigation pane, choose Dedicated Gateways. Then click Access Console in the upper right corner of a dedicated gateway.
- Choose , and click Configure Log Collection.
- Enable log collection (
). - Specify a log group and log stream, and click OK. For details about log groups and log streams, see Log Tank Service User Guide.
- Click Log Fields to view the description of each log field. Then view and analyze logs by referring to the log field descriptions.
- To export logs, see section "Log Transfer" in the Log Tank Service User Guide.
Fields in access logs are separated using spaces. The following table describes each log field.
+
+Table 1 Log field descriptionNo.
+ |
+Field
+ |
+Description
+ |
+
|---|
+
+1
+ |
+remote_addr
+ |
+Client IP address
+ |
+
+2
+ |
+request_id
+ |
+Request ID
+ |
+
+3
+ |
+api_id
+ |
+API ID
+ |
+
+4
+ |
+user_id
+ |
+Project ID provided by a requester for IAM authentication
+ |
+
+5
+ |
+app_id
+ |
+App ID provided by a requester for app-based authentication
+ |
+
+6
+ |
+time_local
+ |
+Time when a request is received
+ |
+
+7
+ |
+request_time
+ |
+Request latency
+ |
+
+8
+ |
+request_method
+ |
+HTTP request method
+ |
+
+9
+ |
+host
+ |
+Domain name
+ |
+
+10
+ |
+router_uri
+ |
+Request URI
+ |
+
+11
+ |
+server_protocol
+ |
+Request protocol
+ |
+
+12
+ |
+status
+ |
+Response status code
+ |
+
+13
+ |
+bytes_sent
+ |
+Response size in bytes, including the status line, header, and body.
+ |
+
+14
+ |
+request_length
+ |
+Request length in bytes, including the start line, header, and body.
+ |
+
+15
+ |
+http_user_agent
+ |
+User agent ID
+ |
+
+16
+ |
+http_x_forwarded_for
+ |
+X-Forwarded-For header field
+ |
+
+17
+ |
+upstream_addr
+ |
+Backend address
+ |
+
+18
+ |
+upstream_uri
+ |
+Backend URI
+ |
+
+19
+ |
+upstream_status
+ |
+Backend response code
+ |
+
+20
+ |
+upstream_connect_time
+ |
+Time taken for establishing a connection with the backend
+ |
+
+21
+ |
+upstream_header_time
+ |
+Duration from the beginning of the establishment of a connection to receiving the first byte from the backend
+ |
+
+22
+ |
+upstream_response_time
+ |
+Duration from the beginning of the establishment of a connection to receiving the last byte from the backend
+ |
+
+23
+ |
+region_id
+ |
+Region ID
+ |
+
+
+
+
+
+
Using APIG
+API Gateway (APIG) is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With APIG, you can easily integrate your internal service systems and selectively expose your service capabilities through its API opening and API calling functions.
+
+
- API calling
Enterprises and developers obtain and call APIs of other providers, thereby reducing development time and costs.
+Figure 3 API calling
+
The following figure shows the API calling process.
+Figure 4 API calling process
+- Obtain an API.
Obtain the API request information, including the domain name, protocol, method, path, and authentication mode.
+ - Create an app.
For an API that uses app authentication, create an app to generate an AppKey and AppSecret. Bind the app to the API so that you can call the API through app authentication.
+ - Obtain an SDK.
Use the SDK to generate a signature for the AK/SK and call the API.
+ - Call the API.
Obtain the API using its access address and perform authentication based on its authentication mode.
+
+
+
Creating an API
+Create an API with the following steps:
+
- Setting Basic Information
- Defining API Request
- Defining Backend Service
- Defining Responses
+
Setting Basic Information
- In the navigation pane, choose API Publishing > APIs.
- Click Create API and set the basic information.
+
+
Table 1 Setting basic informationParameter
+ |
+Description
+ |
+
|---|
+
+Name
+ |
+API name. It is recommended that you enter a name based on naming rules to facilitate search.
+ |
+
+API Group
+ |
+By default, the group created in Creating an API Group is selected.
+ |
+
+Gateway Response
+ |
+Select a response to be displayed if APIG fails to process an API request.
+The default gateway response is default.
+ |
+
+Visibility
+ |
+By default, Public is selected.
+ |
+
+Security Authentication
+ |
+API authentication mode. Set this parameter to App.
+ |
+
+Simple Authentication
+ |
+If you enable this option, APIG verifies only the AppCode and the request signature does not need to be verified. For this example, enable simple authentication.
+ |
+
+Tag Name
+ |
+Classification attribute used to quickly identify the API from other APIs.
+ |
+
+Description
+ |
+Description of the API.
+ |
+
+
+
+
+
- Click Next.
+
+
Defining API Request
- On the Define API Request page, set the request information.
+
+
Table 2 Parameters for defining API requestsParameter
+ |
+Description
+ |
+
|---|
+
+Domain Name
+ |
+The subdomain automatically allocated to the API group created in Creating an API Group.
+ |
+
+Protocol
+ |
+Request protocol of the API. Set this parameter to HTTPS.
+ |
+
+Path
+ |
+The path for requesting the API.
+ |
+
+Matching
+ |
+By default, Exact match is selected.
+ |
+
+Method
+ |
+Request method of the API. Set this parameter to POST.
+ |
+
+CORS
+ |
+For this example, disable this option.
+ |
+
+
+
+
+
- Click Next.
+
+
Defining Backend Service
- On the Define Backend Request page, set the backend service information.
- Select a backend service type. For this example, select HTTP/HTTPS.
+
+
Table 3 Parameters for defining an HTTP/HTTPS backend serviceParameter
+ |
+Description
+ |
+
|---|
+
+Protocol
+ |
+Set this parameter to HTTP.
+ |
+
+Method
+ |
+Request method of the API. Set this parameter to POST.
+ |
+
+VPC Channel
+ |
+Determine whether the backend service will be accessed using a VPC channel. For this example, select Skip.
+ |
+
+Backend Address
+ |
+Address of the backend service.
+ |
+
+Path
+ |
+Path of the backend service.
+ |
+
+Timeout
+ |
+Backend service request timeout. Default value: 5000 ms.
+ |
+
+
+
+
+
- Click Next.
+
+
Defining Responses
- On the Define Response page, set the responses.
+
Table 4 Defining responsesParameter
+ |
+Description
+ |
+
|---|
+
+Example Success Response
+ |
+An example of a response returned when the API is called successfully.
+ |
+
+Example Failure Response
+ |
+An example of a response returned when the API fails to be called.
+ |
+
+
+
+
+
- Click Finish.
+
+
What Are the Relationships Between an API, Environment, and App?
+An API can be published in different environments, such as RELEASE (online environment) and BETA (test environment).
+
An app refers to the identity of an API caller. After you create an app, the system automatically generates an AppKey and AppSecret for authenticating the app. After an API is published and assigned to an app, the owner of the app can call the API.
+
After publishing an API in different environments, you can define different request throttling policies and authorize different apps to call the API. For example, during the test process, API v2 is published in the BETA environment and authorized to test apps. API v1 is stable and can be authorized to all users or apps in the RELEASE environment.
+
How Can I Use APIG?
+You can use APIG to manage and call APIs in the following ways:
+
- Management console, a web-based service management platform
If you have already registered an account, log in to the management console, click 
in the upper left corner, and choose APIG.
+For details about the functions and operations of the APIG console, see the User Guide.
+ - Java, Go, Python, JavaScript, C#, PHP, C++, C, and Android SDKs
Download an SDK and use it to call APIs. For details, see the Developer Guide.
+
+
What Are the Possible Causes If the Message "Backend unavailable" or "Backend timeout" Is Displayed?
+The following table lists the possible causes if a backend service fails to be invoked or the invocation times out.
+
+
Possible Cause
+ |
+Solution
+ |
+
|---|
+
+The backend service address is incorrect.
+ |
+Change the backend service address in the API definition.
+If the domain name is used, ensure that the domain name can be correctly resolved to the IP address of the backend service.
+ |
+
+The timeout duration is incorrect.
+If a backend service fails to return a response within the configured timeout duration, APIG displays a message indicating that the backend service fails to be invoked.
+ |
+Increase the backend timeout duration in the API definition.
+ |
+
+If the backend address is an ECS address, the security group to which the ECS belongs may block the request in the inbound or outbound direction.
+ |
+Check the security group to which the ECS belongs and ensure that the inbound and outbound port rules and protocols of this security group are correct.
+ |
+
+The request protocol is incorrect. For example, the backend service uses HTTP, but HTTPS is selected on APIG.
+ |
+Ensure that the protocol of the created API is the same as that of the backend service.
+ |
+
+The backend service URL is unreachable.
+ |
+Check the URL.
+ |
+
+
+
+
+
