Overview
API Gateway is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With API Gateway, you can easily integrate your internal service systems and selectively expose your service capabilities through its API opening and calling functions.
- API Opening
Enterprises and developers selectively expose their services and data through API Gateway.
Figure 1 API opening
The following figure shows the API opening process.
Figure 2 API opening process
- Create a gateway.
- Create an API group.
Each API belongs to an API group. Create a group before creating an API.
- Bind a domain name.
Before exposing an API, bind an independent domain name to the group so that users can access the API.
You can debug the API using the default subdomain name allocated to the group to which the API belongs. The subdomain name can be called a maximum of 1000 times every day.
- Create an API.
Encapsulate existing backend services into standard RESTful APIs and expose them to external systems.
After creating an API, configure the following settings to control API access:
- Request throttling
Set the maximum number of times the API can be called within a time period to protect backend services.
- Access control
Set a blacklist or whitelist to deny or allow API access from specific IP addresses or accounts.
- Signature keys
Signature keys are used by backend services to verify the identity of API Gateway and ensure secure access.
- Request throttling
- Debug the API.
Verify whether the API is working normally.
- Publish the API.
The API can be called only after it has been published in an environment.
- API calling
Enterprises and developers obtain and call APIs of other providers, thereby reducing development time and costs.
Figure 3 API calling
The following figure shows the API calling process.
Figure 4 API calling process
- Obtain an API.
Obtain the API request information, including the domain name, protocol, method, path, and authentication mode.
- Create an app.
For an API that uses app authentication, create an app to generate an AppKey and AppSecret. Bind the app to the API so that you can call the API through app authentication.
- Obtain an SDK.
Use the SDK to generate a signature for the AK/SK and call the API.
- Call the API.
Obtain the API using its access address and perform authentication based on its authentication mode.
- Obtain an API.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.