- What's New
- Function Overview
- Product Bulletin
- Service Overview
- Getting Started
-
User Guide
- Overview
- Gateway Management
- API Group Management
- API Management
- Request Throttling
- Access Control
- Environment Management
- Signature Key Management
- VPC Channel Management
- Custom Authorizers
- Plug-ins
- Monitoring
- App Management
- Log Analysis
- SDKs
- Calling Published APIs
- Permissions Management
- Key Operations Recorded by CTS
-
Developer Guide
- Overview
- Authentication Mode Selection
- Calling APIs Through App Authentication
- Calling APIs Through IAM Authentication
- Creating a Function for Frontend Custom Authentication
- Creating a Function for Backend Custom Authentication
- Creating Signatures for Backend Requests
-
Importing and Exporting APIs
- Restrictions and Compatibility
- Extended Definition
- API Import Precautions
- Examples of Importing APIs
- API Export Precautions
-
API Reference
- Before You Start
- Calling APIs
-
Dedicated Gateway APIs (V2)
- API Group Management
- Environment Management
- Environment Variable Management
- Request Throttling Policy Management
-
API Management
- Registering an API
- Modifying an API
- Deleting an API
- Publishing an API or Taking an API Offline
- Querying API Details
- Querying APIs
- Debugging an API
- Publishing APIs or Taking APIs Offline
- Querying Historical Versions of an API
- Switching the Version of an API
- Querying the Runtime Definition of an API
- Querying API Version Details
- Taking an API Version Offline
- Signature Key Management
- Binding/Unbinding Signature Keys
- Binding/Unbinding Request Throttling Policies
- Excluded Request Throttling Configuration
- App Authorization Management
- Resource Query
- App Management
- Domain Name Management
- Access Control Policy Management
- Binding/Unbinding Access Control Policies
- Custom Authorizer Management
- API Import and Export
- VPC Channel Management
- Monitoring Information Query
- Group Response Management
- Tag Management
- Gateway Feature Management
- Configuration Management
-
Gateway Management
- Creating a Dedicated Gateway
- Querying Dedicated Gateway Details
- Updating a Dedicated Gateway
- Querying the Creation Progress of a Dedicated Gateway
- Updating or Binding an EIP to a Dedicated Gateway
- Unbinding the EIP of a Dedicated Gateway
- Enabling Public Access for a Dedicated Gateway
- Updating the Outbound Access Bandwidth of a Dedicated Gateway
- Disabling Public Access for a Dedicated Gateway
- Querying AZs
- Querying Dedicated Gateways
- Deleting a Dedicated Gateway
- Permissions Policies and Supported Actions
- Appendix
- Change History
- SDK Reference
- Best Practices
-
FAQs
- Common FAQs
-
API Creation
- Why Can't I Create APIs?
- How Do I Define Response Codes for an API?
- How Do I Specify the Host Port for a VPC Channel (or Load Balance Channel)?
- How Do I Set the Backend Address If I Will Not Use a VPC Channel (or Load Balance Channel)?
- How Can I Configure the Backend Service Address?
- Can I Specify a Private Network Load Balancer Address for the Backend Service?
- Can I Specify the Backend Address as a Subnet IP Address?
- Does APIG Support Multiple Backend Endpoints?
- What Should I Do After Applying for an Independent Domain Name?
- Can I Bind Private Domain Names for API Access?
- Why Does an API Failed to Be Called Across Domains?
-
API Calling
- What Are the Possible Causes for an API Calling Failure?
- What Should I Do If an Error Code Is Returned During API Calling?
- Why Am I Seeing the Error Message "414 Request-URI Too Large" When I Call an API?
- What Should I Do If "The API does not exist or has not been published in the environment." Is Displayed?
- Why Am I Seeing the Message "No backend available"?
- What Are the Possible Causes If the Message "Backend unavailable" or "Backend timeout" Is Displayed?
- Why Am I Seeing the Message "Backend domain name resolution failed" When a Backend Service Is Called?
- Why Doesn't Modification of the backend_timeout Parameter Take Effect?
- How Do I Switch the Environment for API Calling?
- What Is the Maximum Size of an API Request Package?
- How Do I Perform App Authentication in iOS System?
- Why Can't I Create a Header Parameter Named x-auth-token for an API Called Through IAM Authentication?
- App FAQs
- Can Mobile Apps Call APIs?
- Can Applications Deployed in a VPC Call APIs?
- How Do I Implement WebSocket Data Transmission?
- Does APIG Support Persistent Connections?
- How Will the Requests for an API with Multiple Backend Policies Be Matched and Executed?
- Is There a Limit on the Size of the Response to an API Request?
- How Can I Access Backend Services over Public Networks Through APIG?
-
API Authentication
- Does APIG Support HTTPS Two-Way Authentication?
- How Do I Call an API That Does Not Require Authentication?
- Which TLS Versions Does APIG Support?
- Does APIG Support Custom Authentication?
- Will the Request Body Be Signed for Security Authentication?
- Common Errors Related to IAM Authentication Information
- API Control Policies
- API Publishing
- API Import and Export
- API Security
-
Other FAQs
- What Are the Relationships Between an API, Environment, and App?
- How Can I Use APIG?
- What SDK Languages Does APIG Support?
- Can I Upload Files Using the POST Method?
- What Are the Error Messages Returned by APIG Like?
- How Do I Use APIG to Open Up Services Deployed on Huawei Cloud?
- Can APIG Be Deployed in a Local Data Center?
- Videos
Selectively Exposing Service Capabilities of a Data Center
The backend services of APIG can be deployed in the following modes:
- Deployed in a VPC and accessible only using private IP addresses.
You can create a VPC channel on APIG to enable network routing between APIG and the VPC.
- Deployed on the public network and accessible using a public IP address.
- Deployed in an on-premises data center and not accessible using a public IP address.
If you use a dedicated API gateway, you can set up a connection between your on-premises data center and the gateway.
This section describes the precautions for using APIG to selectively expose APIs of backend services deployed in a local data center.
Connecting a Data Center to APIG
- Create a VPC.
For details, see the section "Creating a VPC" in the Virtual Private Cloud User Guide.
To allow APIG to access services in your on-premises data center, bind a VPC to your dedicated gateway, and establish a connection between the data center and VPC.
Figure 1 Creating a VPC
NOTE:- Specify a subnet for your dedicated gateway.
- A connection can be used to connect a local data center to only one VPC. You are advised to bind the same VPC to all your cloud resources to reduce costs.
- If a VPC already exists, you do not need to create a new one.
- Create a dedicated gateway.
For details, see section "Creating a Dedicated Gateway" in the User Guide.
Figure 2 Creating a dedicated gateway
- Enable Direct Connect by referring to the Direct Connect User Guide.
- Create a connection.
Apply for a connection from your account manager. If you do not have an account manager, contact technical support.
- Create a virtual gateway.
The virtual gateway is a logical gateway for accessing the VPC bound to the dedicated gateway.
NOTE:Select the subnet that the dedicated gateway uses, to connect to the VPC. For details about the subnet, go to the gateway details page.
- Create a virtual interface.
The virtual interface links the connection with the virtual gateway, enabling connectivity between the connection and the VPC of the dedicated gateway.
Configure the remote gateway and remote subnet as the gateway and subnet for accessing the open API of your on-premises data center. For example, if the API calling address of your data center is http://192.168.0.25:80/{URI}, configure the remote gateway and remote subnet as those of 192.168.0.25.
- Create a connection.
- Verify the network connectivity.
Create another pay-per-use ECS and select the same VPC, subnet, and security group as the dedicated gateway. If the data center can connect to the ECS, the data center can also connect to the dedicated gateway.
Exposing APIs with the Dedicated Gateway
After you connect the data center to the dedicated gateway, you can expose APIs using the gateway. For details, see "API Opening" in the User Guide.
When creating an API, specify the backend address as the API calling address of your data center.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.