Configuring a Feature for a Gateway
Function
This API is used to configure a feature for a gateway.
The following table lists the supported features and configuration examples.
| Feature Name | Feature Description | Configuration Example | Parameter Name | Parameter Description | Default Value | Value Range |
|---|---|---|---|---|---|---|
| lts | Reporting of Shubao access logs | {"name":"lts","enable":true,"config": "{\"group_id\": ",\"topic_id\":\"\",\"log_group\":\"\",\"log_stream\":\"\"}"} | (1) group_id (2) topic_id (3) log_group (4) log_stream | (1) Log group ID. (2) Log stream ID. (3) Log group name. (4) Log stream name. | - | - |
| ratelimit | Request throttling limit configuration | {"name":"ratelimit","enable":true,"config": "{\"api_limits\": 500}"} | api_limits | Default request throttling limit for APIs. Set this parameter properly to meet your service requirements. A small value may constantly throttle your services. | 200 calls/second | 1–1,000,000 calls/second |
| request_body_size | Configuration of the maximum request body size | {"name":"request_body_size","enable":true,"config": "104857600"} | request_body_size | The maximum body size allowed for a request. | 12 MB | 1–9536 MB |
| backend_timeout | Maximum backend timeout configuration | {"name":"backend_timeout","enable":true,"config": "{"max_timeout": 500}"} | max_timeout | Maximum timeout allowed for API Gateway to request the backend service. | 60,000 ms | 1–600,000 ms |
| app_token | app_token authentication | {"name":"app_token","enable":true,"config": "{\"enable\": \"on\", \"app_token_expire_time\": 3600, \"app_token_uri\": \"/v1/apigw/oauth2/token\", \"refresh_token_expire_time\": 7200}"} | (1) enable (2) app_token_expire_time (3) refresh_token_expire_time (4) app_token_uri (5) app_token_key | (1) Whether to enable this feature. (2) Access token validity period. (3) Refresh token validity period. (4) URI for obtaining a token. (5) Token encryption key. | (1) off (2) 3600s (3) 7200s (4) /v1/apigw/oauth2/token | (1) on/off (2) 1–72,000s (3) 1–72,000s |
| app_api_key | app_api_key authentication | {"name":"app_api_key","enable":true,"config": "on"} | - | - | off | on/off |
| app_basic | app_basic authentication | {"name":"app_basic","enable":true,"config": "on"} | - | - | off | on/off |
| app_secret | app_secret authentication | {"name":"app_secret","enable":true,"config": "on"} | - | - | off | on/off |
| app_jwt | app_jwt authentication | {"name":"app_jwt","enable":true,"config": "{\"enable\": \"on\", \"auth_header\": \"Authorization\"}"} | (1) enable (2) auth_header | (1) Whether to enable app_jwt authentication. (2) app_jwt authentication header. | (1) off (2) Authorization | (1) on/off |
| public_key | public_key backend signatures | {"name":"public_key","enable":true,"config": "{\"enable\": \"on\", \"public_key_uri_prefix\": \"/apigw/authadv/v2/public-key/\"}"} | (1) enable (2) public_key_uri_prefix | (1) Whether to enable app_jwt authentication. (2) URI prefix used for obtaining the public key. | (1) off(2) /apigw/authadv/v2/public-key/ | (1) on/off |
| backend_token_allow | Allowing tenants to transparently transmit tokens to the backend | {"name":"backend_token_allow","enable":true,"config": "{\"backend_token_allow_users\": [\"user_name\"]}"} | backend_token_allow_users | Whitelist of tenants allowed to transparently transmit tokens to the backend. The value is a regular expression of domain names. | - | - |
| backend_client_certificate | Backend two-way authentication | {"name":"backend_client_certificate","enable":true,"config": "{\"enable\": \"on\",\"ca\": \"\",\"content\": \"\",\"key\": \"\"}"} | (1) enable (2) ca (3) content (4) key | (1) Whether to enable this feature. (2) CA file of two-way authentication. (3) Two-way authentication file. (4) Private key of two-way authentication. | (1) off | (1) on/off |
| ssl_ciphers | HTTPS cipher suites | {"name":"ssl_ciphers","enable":true,"config": "config": "{\"ssl_ciphers\": [\"ECDHE-ECDSA-AES256-GCM-SHA384\"]}"} | ssl_ciphers | Supported cipher suites. The ssl_ciphers parameter cannot be left blank and can contain only the options in the value range. | - | ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 |
| real_ip_from_xff | Whether to use the X-Forwarded-For header to specify source IP addresses for access control and request throttling. | {"name":"real_ip_from_xff","enable": true,"config": "{\"enable\": \"on\",\"xff_index\": 1}"} | (1) enable (2) xff_index | (1) Whether to enable this feature. (2) Index of the source IP address in the X-Forwarded-For header. (Negative numbers are allowed and –1 is the last index.) | (1) off (2) -1 | (1) on/off (2) Valid Int32 value |
| app_route | Whether to allow IP address access. | {"name":"app_route","enable":true,"config": "on"} | - | - | off | on/off |
| vpc_name_modifiable | Load balance channel name modification | {"name":"vpc_name_modifiable","enable":true,"config": "on"} | - | - | on | on/off |
| default_group_host_trustlist | Access to the DEFAULT group from IP addresses that are not inbound access addresses of the current gateway | {"name":"default_group_host_trustlist","enable": true,"config": "{\"enable\":\"on\",\"hosts\":[\"123.2.2.2\",\"202.2.2.2\"]}"} | (1) enable (2) hosts | (1) Whether to enable this feature. (2) IP addresses that are not inbound access addresses of the current gateway. | - | (1) on/off |
| throttle_strategy | Whether to enable request throttling. | {"name":"throttle_strategy","enable":true,"config": "{\"enable\": \"on\",\"strategy\": \"local\"}"} | (1) enable (2) strategy | (1) Whether to enable this feature. (2) Request throttling mode. | (1) off | (1) on/off (2) cluster/local |
| custom_log | Whether to print custom request headers, query strings, and cookies in logs. | {"name":"custom_log","enable":true,"config": "{\"custom_logs\":[{\"location\":\"header\",\"name\":\"a1234\"}]}"} | (1) custom_logs (2) location (3) name | (1) Custom logs. (2) Location. (3) Name. | - | (1) Max. 10 items. (2) header/query/cookie |
| real_ip_header_getter | Whether to use a custom header to obtain source IP addresses. | {"name":"real_ip_header_getter","enable":true,"config": "{\"enable\": \"on\",\"header_getter\": \"header:testIP\"}"} | (1) enable (2) header_getter | (1) Whether to enable this feature. (2) Custom header for obtaining source IP addresses. | (1) off | (1) on/off |
| policy_cookie_param | Whether to support cookies in backend policy conditions. | {"name":"policy_cookie_param","enable":true,"config": "on"} | - | - | off | on/off |
URI
POST /v2/{project_id}/apigw/instances/{instance_id}/features
Parameter | Mandatory | Type | Description |
|---|---|---|---|
project_id | Yes | String | Project ID. For details about how to obtain a project ID, see "Appendix" > "Obtaining a Project ID" in this document. |
instance_id | Yes | String | Gateway ID, which can be obtained from the gateway information on the APIG console. |
Request Parameters
Parameter | Mandatory | Type | Description |
|---|---|---|---|
X-Auth-Token | Yes | String | User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
Parameter | Mandatory | Type | Description |
|---|---|---|---|
name | Yes | String | Feature name. Minimum: 1 Maximum: 64 |
enable | Yes | Boolean | Indicates whether to enable the feature. |
config | No | String | Parameter configuration. |
Response Parameters
Status code: 201
Parameter | Type | Description |
|---|---|---|
id | String | Feature ID. |
name | String | Feature name. Minimum: 1 Maximum: 64 |
enable | Boolean | Indicates whether to enable the feature. |
config | String | Parameter configuration. |
instance_id | String | Gateway ID. |
update_time | String | Feature update time. |
Status code: 400
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 401
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 403
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 404
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Status code: 500
Parameter | Type | Description |
|---|---|---|
error_code | String | Error code. |
error_msg | String | Error message. |
Example Requests
{
"name" : "app_api_key",
"config" : "on",
"enable" : true
} Example Responses
Status code: 201
Created
{
"config" : "on",
"enable" : true,
"id" : "db9a9260cd3e4a16a9b5747a65d3ffaa",
"instance_id" : "eddc4d25480b4cd6b512f270a1b8b341",
"name" : "app_api_key",
"update_time" : "2020-08-24T01:17:31.041984021Z"
} Status code: 400
Bad Request
{
"error_code" : "APIG.2000",
"error_msg" : "unrecognized feature app-api-key"
} Status code: 401
Unauthorized
{
"error_code" : "APIG.1002",
"error_msg" : "Incorrect token or token resolution failed"
} Status code: 403
Forbidden
{
"error_code" : "APIG.1005",
"error_msg" : "No permissions to request this method"
} Status code: 404
Not Found
{
"error_code" : "APIG.3030",
"error_msg" : "The instance does not exist;id:eddc4d25480b4cd6b512f270a1b8b341"
} Status code: 500
Internal Server Error
{
"error_code" : "APIG.9999",
"error_msg" : "System error"
} Status Codes
Status Code | Description |
|---|---|
201 | Created |
400 | Bad Request |
401 | Unauthorized |
403 | Forbidden |
404 | Not Found |
500 | Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
