Help Center/ API Gateway/ Developer Guide/ Importing and Exporting APIs/ Extended Definition

Updated on 2023-04-06 GMT+08:00

View PDF

Extended Definition

The extended definition of an API includes the API's special configurations on APIG, such as authentication mode and backend parameters.

The extended definition fields of APIG are as follows:

1 x-apigateway-auth-type

Meaning: Swagger-based apiKey authentication format, which defines an authentication mode provided by APIG.

Scope of effect: Security Scheme Object (2.0)

Example (2.0):

securityDefinitions:
  apig-auth-app:
    in: header
    name: Authorization
    type: apiKey
    x-apigateway-auth-type: AppSigv1
  apig-auth-iam:
    in: header
    name: unused
    type: apiKey
    x-apigateway-auth-type: IAM

**Table 1** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-auth-type	Yes	String	Authentication mode used on APIG. AppSigv1 and IAM are supported.
type	Yes	String	Authentication type. Only apiKey is supported.
name	Yes	String	Name of the parameter for authentication.
in	Yes	String	Only header is supported.
description	No	String	Description about the authentication.

2 x-apigateway-request-type

Meaning: API request type, which can be public or private.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/path':
    get:
      x-apigateway-request-type: 'public'

**Table 2** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-request-type	Yes	String	API visibility. The options include public and private. public: The API can be made available for sale. private: The API will not be available for sale.

3 x-apigateway-match-mode

Meaning: Request URL matching mode, which can be NORMAL or SWA.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/path':
    get:
      x-apigateway-match-mode: 'SWA'

**Table 3** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-match-mode	Yes	String	API matching mode. The options include SWA and NORMAL. SWA: prefix match. For example, both /prefix/foo and /prefix/bar match /prefix, but /prefixpart does not match. NORMAL: exact match.

4 x-apigateway-cors

Meaning: Specifies whether CORS is supported. The value is of the Boolean type.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/path':
    get:
      x-apigateway-cors: true

**Table 4** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-cors	Yes	boolean	Whether to support CORS. true: support false: not support

For the API request for enabling CORS, the headers listed in the following table will be added to the response.

Header	Value	Description
Access-Control-Max-Age	172800	Maximum time the response of a preflight request can be cached.
Access-Control-Allow-Origin	*	Requests from any domain are allowed.
Access-Control-Allow-Headers	X-Sdk-Date, X-Sdk-Nonce, X-Proxy-Signed-Headers, X-Sdk-Content-Sha256, X-Forwarded-For, Authorization, Content-Type, Accept, Accept-Ranges, Cache-Control, and Range	Headers that can be used by a formal request.
Access-Control-Allow-Methods	GET, POST, PUT, DELETE, HEAD, OPTIONS, and PATCH	Methods that can be used by a formal request.

5 x-apigateway-any-method

Meaning: API request method used by default if no HTTP request method is specified.

Scope of effect: Path Item Object (2.0)

Example:

paths:
  '/path':
    get:
      produces:
        - application/json
      responses:
        "200":
          description: "get response"
    x-apigateway-any-method:
      produces:
        - application/json
      responses:
        "200":
          description: "any response"

**Table 5** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-any-method	No	String	Request method.

6 x-apigateway-backend

Meaning: API backend definition.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "backend endpoint type"

**Table 6** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-backend	Yes	String	Backend service definition.
type	Yes	String	Backend service type. The options include HTTP, HTTP-VPC, FUNCTION, and MOCK.
parameters	No	x-apigateway-backend.parameters	Backend parameters.
httpEndpoints	No	x-apigateway-backend.httpEndpoints	HTTP backend service definition.
httpVpcEndpoints	No	x-apigateway-backend.httpVpcEndpoints	HTTP VPC backend service definition.
functionEndpoints	No	x-apigateway-backend.functionEndpoints	Function backend service definition.
mockEndpoints	No	x-apigateway-backend.mockEndpoints	Mock backend service definition.

6.1 x-apigateway-backend.parameters

Meaning: API backend service definition.

Scope of effect: x-apigateway-backend

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      parameters:
        - name: "X-Auth-Token"
                   description: "Authentication token"
          type: "string"
          in: "header"
          required: true
        - name: "userId"
                   description: "Username"
          type: "string"
          in: "path"
          required: true
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "HTTP"
        parameters:
          - name: "userId"
            value: "userId"
            in: "query"
            origin: "REQUEST"
                       description: "Username"
          - name: "X-Invoke-User"
            value: "apigateway"
            in: "header"
            origin: "CONSTANT"
                       description: "Caller"

**Table 7** Parameter description
Parameter	Mandatory	Type	Description
name	Yes	String	Parameter name, which consists of a maximum of 32 bytes, starting with a letter. Only letters, digits, periods (.), hyphens (-), and underscores (_) are allowed. The names of header parameters are not case-sensitive.
value	Yes	String	Parameter value, which is a parameter name if the parameter comes from a request.
in	Yes	String	Parameter location, which can be header, query, or path.
origin	Yes	String	Parameter mapping source. The options include REQUEST and CONSTANT.
description	No	String	Parameter meaning.

6.2 x-apigateway-backend.httpEndpoints

Meaning: HTTP backend service definition.

Scope of effect: x-apigateway-backend

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      parameters:
        - name: "X-Auth-Token"
                   description: "Authentication token"
          type: "string"
          in: "header"
          required: true
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "HTTP"
        httpEndpoints:
          address: "example.com"
          scheme: "http"
          method: "GET"
          path: "/users"
          timeout: 30000

**Table 8** Parameter description
Parameter	Mandatory	Type	Description
address	Yes	Array	Backend service address. The format is <Domain name or IP address>:[Port number]
scheme	Yes	String	Backend request protocol. HTTP and HTTPS are supported.
method	Yes	String	Backend request method. The options include GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH, and ANY.
path	Yes	String	Backend request path, which can contain variables.
timeout	No	Number	Backend request timeout in milliseconds. The range is 1–60,000, and the default value is 5000.

6.3 x-apigateway-backend.httpVpcEndpoints

Meaning: HTTP VPC backend service definition.

Scope of effect: x-apigateway-backend

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      parameters:
        - name: "X-Auth-Token"
                   description: "Authentication token"
          type: "string"
          in: "header"
          required: true
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "HTTP-VPC"
        httpVpcEndpoints:
          name: "vpc-test-1"
          scheme: "http"
          method: "GET"
          path: "/users"
          timeout: 30000

**Table 9** Parameter description
Parameter	Mandatory	Type	Description
name	Yes	Array	VPC channel name.
scheme	Yes	String	Backend request protocol. HTTP and HTTPS are supported.
method	Yes	String	Backend request method. The options include GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH, and ANY.
path	Yes	String	Backend request path, which can contain variables.
timeout	No	Number	Backend request timeout in milliseconds. The range is 1–60,000, and the default value is 5000.

6.4 x-apigateway-backend.functionEndpoints

Meaning: Function backend service definition.

Scope of effect: x-apigateway-backend

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      parameters:
        - name: "X-Auth-Token"
                   description: "Authentication token"
          type: "string"
          in: "header"
          required: true
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "FUNCTION"
        functionEndpoints:
          version: "v1"
          function-urn: ""
          invocation-type: "synchronous"
          timeout: 30000

**Table 10** Parameter description
Parameter	Mandatory	Type	Description
function-urn	Yes	String	Function URN.
version	Yes	String	Function version.
invocation-type	Yes	String	Function invocation type. The value can be async or sync.
timeout	No	Number	Function timeout in milliseconds. The range is 1–60,000, and the default value is 5000.

6.5 x-apigateway-backend.mockEndpoints

Meaning: Mock backend service definition.

Scope of effect: x-apigateway-backend

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      parameters:
        - name: "X-Auth-Token"
                   description: "Authentication token"
          type: "string"
          in: "header"
          required: true
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "MOCK"
        mockEndpoints:
          result-content: "mocked"

**Table 11** Parameter description
Parameter	Mandatory	Type	Description
result-content	Yes	String	Mock response.

7 x-apigateway-backend-policies

Meaning: API backend policy.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "backend endpoint type"
      x-apigateway-backend-policies:
        - type: "backend endpoint type"
          name: "backend policy name"
          conditions: 
            - type: "equal/enum/pattern",
              value: "string",
              origin: "source/request_parameter",
              parameter_name: "string"

**Table 12** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-backend-policies	No	x-apigateway-backend-policies	Backend policies.
type	Yes	String	Backend service type. The options include HTTP, HTTP-VPC, FUNCTION, and MOCK.
name	Yes	String	Backend policy name.
parameters	No	x-apigateway-backend.parameters	Backend parameters.
httpEndpoints	No	x-apigateway-backend.httpEndpoints	HTTP service definition.
httpVpcEndpoints	No	x-apigateway-backend.httpVpcEndpoints	HTTP-VPC service definition.
functionEndpoints	No	x-apigateway-backend.functionEndpoints	Function service definition.
mockEndpoints	No	x-apigateway-backend.mockEndpoints	Mock service definition.
conditions	Yes	x-apigateway-backend-policies.conditions	Policy condition array.

7.1 x-apigateway-backend-policies.conditions

Meaning: API backend policy conditions.

Scope of effect: x-apigateway-backend-policies

Example:

paths:
  '/users/{userId}':
    get:
      produces:
        - "application/json"
      responses:
        default:
          description: "default response"
      x-apigateway-request-type: "public"
      x-apigateway-backend:
        type: "backend endpoint type"
      x-apigateway-backend-policies:
        - type: "backend endpoint type"
          name: "backend policy name"
          conditions: 
            - type: "equal/enum/pattern",
              value: "string",
              origin: "source/request_parameter",
              parameter_name: "string"

**Table 13** Parameter description
Parameter	Mandatory	Type	Description
type	Yes	String	Policy condition type. The options include equal, enum, and pattern.
value	Yes	String	Policy condition value.
origin	Yes	String	Policy condition source. The options include source and request.
parameter	No	String	Input parameter name if the origin parameter is set to request.

8 x-apigateway-ratelimit

Meaning: Request throttling policy.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/path':
    get:
      x-apigateway-ratelimit: 'customRatelimitName'

**Table 14** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-ratelimit	No	String	Request throttling policy.

9 x-apigateway-ratelimits

Meaning: Mapping between a request throttling policy name and limit values.

Scope of effect: Swagger Object

Example:

x-apigateway-ratelimits:
  customRatelimitName:
    api-limit: 200
    app-limit: 200
    user-limit: 200
    ip-limit: 200
    interval: 1
    unit: second/minute/hour
    shared: true
    special: 
      - type: APP
        limit: 100
        instance: xxxxxxxxx

**Table 15** Parameter description
Parameter	Mandatory	Type	Description
customRatelimitName	No	x-apigateway-ratelimits.policy	Name of a request throttling policy. To use the policy, set x-apigateway-ratelimit to the policy name.

9.1 x-apigateway-ratelimits.policy

Meaning: Definition of a request throttling policy.

Scope of effect: x-apigateway-ratelimits

Example:

x-apigateway-ratelimits:
  customRatelimitName:
    api-limit: 200
    app-limit: 200
    user-limit: 200
    ip-limit: 200
    interval: 1
    unit: MINUTE
    shared: false
    special: 
      - type: USER
        limit: 100
        instance: xxxxxxx

**Table 16** Parameter description
Parameter	Mandatory	Type	Description
api-limit	Yes	Number	Limit of API access.
user-limit	No	Number	Limit of API access for users.
app-limit	No	Number	Limit of API access for apps.
ip-limit	No	Number	Limit of API access for source IP addresses.
interval	Yes	Number	Throttling period.
unit	Yes	String	Throttling unit, which can be SECOND, MINUTE, HOUR, or DAY.
shared	No	Boolean	Whether to share the throttling limits among APIs.
special	No	x-apigateway-ratelimits.policy.special Array	Special request throttling policy.

9.2 x-apigateway-ratelimits.policy.special

Meaning: Definition of a special request throttling policy.

Scope of effect: x-apigateway-ratelimits.policy

Example:

x-apigateway-ratelimits:
  customRatelimitName:
    api-limit: 200
    app-limit: 200
    user-limit: 200
    ip-limit: 200
    interval: 1
    unit: MINUTE
    shared: false
    special: 
      - type: USER
        limit: 100
        instance: xxxxxxxx

**Table 17** Parameter description
Parameter	Mandatory	Type	Description
type	Yes	String	Special request throttling policy type, which can be APP or USER.
limit	Yes	Number	Access limit.
instance	Yes	String	Object ID of an excluded app or user.

10 x-apigateway-access-control

Meaning: Access control policy.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/path':
    get:
      x-apigateway-access-control: 'customAccessControlName'

**Table 18** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-access-control	No	String	Access control policy.

11 x-apigateway-access-controls

Meaning: Mapping between an access control policy name and limit settings.

Scope of effect: Swagger Object

Example:

x-apigateway-access-controls:
  customAccessControlName:
    acl-type: "DENY"
    entity-type: "IP"
    value: 127.0.0.1,192.168.0.1/16

**Table 19** Parameter description
Parameter	Mandatory	Type	Description
customAccessControlName	No	x-apigateway-access-controls.policy	Name of an access control policy. To use the policy, set x-apigateway-access-control to the policy name.

11.1 x-apigateway-access-controls.policy

Meaning: Definition of an access control policy.

Scope of effect: x-apigateway-access-controls

Example:

x-apigateway-access-controls:
  customAccessControlName:
    acl-type: "DENY"
    entity-type: "IP"
    value: 127.0.0.1,192.168.0.1/16

**Table 20** Parameter description
Parameter	Mandatory	Type	Description
acl-type	Yes	String	Access control effect. The options include PERMIT and DENY.
entity-type	Yes	String	Access control object. Only IP addresses are supported.
value	Yes	String	Access control values, which are separated with commas (,).

12 x-apigateway-plugins

Meaning: API plug-in service.

Scope of effect: Operation Object (2.0)

Example:

paths:
  '/path':
    get:
      x-apigateway-plugins: ['Plugin_mock']
x-apigateway-plugins

**Table 21** Parameter description
Parameter	Mandatory	Type	Description
x-apigateway-plugins	No	Array	List of plug-ins bound to the API.

Parent topic: Importing and Exporting APIs

Previous topic: Restrictions and Compatibility

Next topic: x-apigateway-auth-type

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel