Help Center/ API Gateway/ User Guide/ Gateway Management/ Modifying a Dedicated Gateway
Updated on 2022-09-26 GMT+08:00

Modifying a Dedicated Gateway

You can modify the basic information and configuration parameters of dedicated gateways.

Modifying Basic Information

To modify the basic information about a dedicated gateway, do as follows:

  1. Log in to the management console.
  2. Click in the upper left corner and choose API Gateway.
  3. In the navigation pane, choose Dedicated Gateways.
  4. Click Access Console in the upper right corner of the dedicated gateway you want to modify.
  5. On the Basic Information tab page, modify the basic information.

    Table 1 Basic information about a dedicated gateway

    Parameter

    Description

    Gateway Name

    Name of the gateway.

    Description

    Description of the gateway.

    Scheduled Maintenance

    Time period when the gateway can be maintained by technical support personnel. The technical support personnel will contact you if any maintenance activity is going to take place during the window.

    Select a time period with low service demands.

    Security Group

    Select a security group to control inbound and outbound access.

    If the backend service of an API is deployed on an external network, configure security group rules to allow access to the backend service address through the API calling port.

    NOTE:
    • If you change the security group, the new security group must meet the requirements for calling APIs included in the dedicated gateway and accessing the backend services of these APIs.
    • If public inbound access is enabled, add inbound rules for the security group to allow access on ports 80 (HTTP) and 443 (HTTPS).

    EIP

    Determine whether to allow the APIs created in the dedicated gateway to be called by external services using an EIP. To enable this function, assign an EIP to the dedicated gateway.

    APIs in the dedicated gateway can be called using independent domain names or subdomain names. There is a limitation on the number of times that APIs in an API group can be called per day using the subdomain name.

    To overcome the limitation, bind independent domain names to the API group and ensure that the independent domain names have already been CNAMEd to the EIP of the dedicated gateway to which the API group belongs.

    Outbound Access

    Determine whether to allow API backend services to be deployed on public networks and accessed using the IP address automatically generated by API Gateway. You can enable or disable outbound access at any time.

    Bandwidth

    The bandwidth is billed by hour based on the rate of the EIP service.

    Routes

    Configure routes at your premises if the subnet of your data center is within the following three segments: 10.0.0.0/8-24, 172.16.0.0/12-24, and 192.168.0.0/16-24.

Modifying Configuration Parameters

  1. Log in to the management console.
  2. Click in the upper left corner and choose API Gateway.
  3. In the navigation pane, choose Dedicated Gateways.
  4. Click Access Console in the upper right corner of the dedicated gateway you want to modify.
  5. Click the Configuration Parameters tab, and click Edit in the row containing the parameter you want to modify.

    Table 2 Configuration parameters

    Parameter Name

    Description

    ratelimit_api_limits

    Default request throttling value applied to all APIs. The total number of times an API can be called is determined by this parameter only if no request throttling policy is bound to the API. The Max. API Requests of a request throttling policy cannot exceed the value of this parameter.

    request_body_size

    The maximum body size allowed for an API request.

    backend_timeout

    Backend response timeout. Value range: 1 ms to 600,000 ms.

    app_token

    Determine whether to enable app_token authentication. If you enable this function, an access_token can be added to the API request for authentication.

    • app_token_expire_time: the validity period of an access_token. A new access_token must be obtained before the original access_token expires.
    • refresh_token_expire_time: the validity period of a refresh_token. A refresh_token is used to obtain a new access_token.
    • app_token_uri: the URI used to obtain an access_token.
    • app_token_key: the encryption key of an access token.

    app_basic

    Determine whether to enable app_basic authentication. After this option is enabled, users can add the header parameter Authorization and set the parameter value to "Basic + base64 (appkey + : + appsecret)", in which appkey and appsecret are the key and secret of an app or the AppKey and AppSecret of a client.

    app_secret

    Determine whether to enable app_secret authentication. If you enable this function, the X-HW-ID and X-HW-AppKey parameters can be added to the API request to carry the key and secret of an app (the AppKey and AppSecret of a client) for authentication.

    If you want to enable app_secret authentication, app_api_key authentication must be disabled.

    app_route

    Determine whether to support IP address–based API access. If you enable this function, APIs that use app authentication in any group except DEFAULT can be called using IP addresses.

    backend_client_certificate

    Determine whether to enable backend two-way authentication. If you enable this function, you can configure two-way authentication for a backend when creating an API.

    ssl_ciphers

    Supported HTTPS cipher suites. Select cipher suites that meet your requirements.

    real_ip_from_xff

    Determine whether to use the IP addresses in the X-Forwarded-For header for access control and request throttling.

    xff_index: Sequence number of an IP address in the X-Forwarded-For header. The value can be positive, negative, or 0.

    • If the value is 0 or positive, the IP address of the corresponding index in the X-Forwarded-For header will be obtained.
    • If the value is negative, the IP address of the indicated reverse sequence in the X-Forwarded-For header will be obtained.

    For example, assume that the X-Forwarded-For header of a request received by API gateway contains three IP addresses: IP1, IP2, and IP3. If the value of xff_index is 0, IP1 is obtained. If the value is 1, IP2 is obtained. If the value is –1, IP3 is obtained. If the value is –2, IP2 is obtained.