Configuring Gateway Parameters
This section describes how to configure common parameters for a gateway to adjust component functions.
Constraint
Modifying gateway configuration parameters will interrupt services. Do this during off-peak hours or when no service is running.
Procedure
- Go to the APIG console.
- In the navigation pane, choose Gateways.
- Click Access Console or the name of the target gateway.
- Click the Parameters tab, and click Modify in the row that contains the target parameter. The configuration parameters vary depending on the gateway edition.
Table 1 Configuration parameters Parameter
Description
ratelimit_api_limits
Default request throttling value applied to all APIs. Default: 200 calls/second. The total number of times an API can be called is determined by this parameter only if no request throttling policy is bound to the API. The Max. API Requests of a request throttling policy cannot exceed the value of this parameter.
request_body_size
Maximum size of the body that can be carried in an API request. The default value is 12 MB. The value ranges from 1 MB to 9,536 MB.
backend_timeout
Backend response timeout. Default: 60,000 ms. Range: 1–600,000 ms.
app_token
Determine whether to enable app_token authentication. Default: disabled. If you enable this function, an access_token can be added to the API request for authentication.
- app_token_expire_time: validity period of an access_token. A new access_token must be obtained before the original access_token expires.
- refresh_token_expire_time: the validity period of a refresh_token. A refresh_token is used to obtain a new access_token.
- app_token_uri: the URI used to obtain an access_token.
- app_token_key: the encryption key of an access token.
app_api_key
Determine whether to enable app_api_key authentication. Default: disabled. If you enable this function, the apikey parameter can be added to the API request to carry the key of a credential for authentication.
app_basic
Determine whether to enable app_basic authentication. Default: disabled. After this option is enabled, users can add the header parameter Authorization and set the parameter value to "Basic + base64 (appkey + : + appsecret)", in which appkey and appsecret are the key and secret of a credential.
app_secret
Determine whether to enable app_secret authentication. Default: disabled. If you enable this function, the X-HW-ID and X-HW-AppKey parameters can be added to the API request to carry the key and secret of a credential for authentication.
app_route
Determine whether to support IP address–based API access. Default: disabled. If you enable this function, APIs in any group except DEFAULT can be called using IP addresses.
backend_client_certificate
Determine whether to enable backend two-way authentication. Default: disabled. If you enable this function, you can configure two-way authentication for a backend when creating an API.
ssl_ciphers
Supported HTTPS cipher suites. By default, all cipher suites are supported. Select cipher suites after you bind independent domain names to an API group.
real_ip_from_xff
Determine whether to use the IP addresses in the X-Forwarded-For header for access control and request throttling. By default, the IP addresses in this header are not used.
xff_index: Sequence number of an IP address in the X-Forwarded-For header. The value can be positive, negative, or 0.
- If the value is 0 or positive, the IP address of the corresponding index in the X-Forwarded-For header will be obtained.
- If the value is negative, the IP address of the indicated reverse sequence in the X-Forwarded-For header will be obtained.
For example, assume that the X-Forwarded-For header of a request received by API gateway contains three IP addresses: IP1, IP2, and IP3. If the value of xff_index is 0, IP1 is obtained. If the value is 1, IP2 is obtained. If the value is –1, IP3 is obtained. If the value is –2, IP2 is obtained.
vpc_name_modifiable
Determine whether load balance channel names can be modified. By default, the names can be modified.
NOTICE:If this option is enabled, load balance channels of the current gateway cannot be managed using project-level load balance channel management APIs.
app_jwt_enable
Determine whether to enable app_jwt authentication. Default: disabled. If you enable this function, the following parameters can be added to API requests to carry the key, secret, and timestamp of a credential for authentication.
- Add the header parameter Timestamp and set the parameter value to the Unix timestamp of the current time in millisecond.
- Add the header parameter Authorization. This parameter can be configured by modifying app_jwt_auth_header. The default value is Authorization. The parameter value is "SHA-256 (appkey + appsecret + timestamp)", in which appkey and appsecret are the credential key and secret and timestamp is the Unix timestamp of the current time in millisecond. The character string encrypted using SHA-256 must be lowercase letters.
- Add the header parameter X-HW-ID and set the parameter value to the credential key.
public_key_enable
Determine whether to enable public_key authentication. Default: disabled. If you enable this option, signature keys of the public_key type can be used for authentication.
public_key_uri_prefix indicates the prefix of the URI used to obtain the secret of public_key. The URI format is as follows: https://{VPC access address}{public_key_uri_prefix}{public_key name}.
custom_auth_header
Determine whether to support custom authentication headers. By default, custom authentication headers are not supported. If you enable this parameter, the initial values of app_auth_header and backend_sign_header are empty, same as when the parameter is disabled.
If you set the Current Value of app_auth_header, the parameter with the same name as this value carries the app authentication information in the request header for APIs that use app authentication. If you set the Current Value of backend_sign_header, the parameter with the same name as this value carries the signature information in the backend request header for APIs bound with an HMAC or Basic Auth signature key policy.
NOTICE:Configuring this parameter will affect all APIs that use app authentication or are bound with an HMAC or Basic Auth signature key policy in the gateway.
gzip
Determine whether to compress responses using gzip to reduce public network traffic. By default, responses are not compressed. The configuration will take effect in 1 minute.
After enabling this parameter, set the compression level parameter comp_level. The greater the value is, the better responses are compressed. Default: 6.
NOTICE:- Use gzip to compress response body larger than 1 KB.
- gzip supports the following file types: text/xml, text/plain, text/css, application/javascript, application/x-javascript, application/rss+xml, text/javascript, image/tiff, image/svg+xml, application/json, and application/xml.
- After enabling gzip compression, you must add request header Accept-Encoding: gzip.
- The gzip configuration can be modified 1 minute after being completed.
custom_log
Whether to enable custom logs. Default: disabled. Once enabled, values of specified parameters will be printed in specified locations of calling logs for all APIs in the gateway.
After this function is enabled, click Modify, and then click Add to add the parameters to print in calling logs.
NOTICE:- Custom logs print only the requests initiated from clients and do not print the constants and system parameters defined in APIG.
- Custom logs can have a maximum of 10 fields, with a total size of not more than 2 KB.
- Some special characters in parameter values will be encoded. For example, the plus sign (+) will be encoded as a space, double quotation marks (") encoded as \x22, and a backslash (\) encoded as \x5C.
sse_strategy
Whether to enable Server-Sent Events (SSE) transmission. It is disabled by default. Once enabled, the responses of APIs are output in streaming mode for character-based rendering.
NOTICE:The sse_strategy configuration can be modified 1 minute after being completed.
vpc_name_modifiable
Whether to enable name modification of the load balance channel. If the load balance channel name is modifiable, the load balance channel of the current gateway cannot be operated through the project-level load balance channel management API.
vpc_health_status
Whether to display the health status of backend instances for load balance channels when the channels' health check is enabled. This parameter is disabled by default.
request_custom_config
Configure client request parameters.
- HTTP/2: Enabled by default. For details, see What Is API Gateway?.
- request_body_timeout: Timeout for client request body. Default: 8s. Modify this parameter if the network condition is poor or the request body is too large.
NOTICE:The client request configuration can be modified 1 minute after being completed.
api_uri_no_escape
Determine whether to escape the path in the API URL. It is disabled by default, indicating that the path in the URL is escaped.
For details about the function of not escaping paths after api_uri_no_escape is enabled, see Table 2.
Table 2 Functions affected if path is not escaped Function
Description
API Frontend Definition Path
Path for Sending a Request
Disabling api_uri_no_escape
Enabling api_uri_no_escape
API definition
Path for APIG to match routes.
/{path}
/aa%2Faa
/aa/aa
/aa%2Faa
Parameter orchestration
Path used by backend service parameters.
-
-
/aa/aa
/aa%2Faa
HTTP-to-HTTPS redirection
Path used for redirection.
-
-
/aa/aa
/aa%2Faa
Backend policies
The policy condition is the path of the request input parameter.
-
-
/aa/aa
/aa%2Faa
Third-party authentication policy
Path transferred to the third-party system after the API is bound to a third-party authentication policy.
-
-
/aa/aa
/aa%2Faa
Kafka log push policy
Request path used after the Kafka log push policy is bound to the API.
-
-
/aa/aa
/aa%2Faa
Load balance channels
Path used by APIG to forward requests when the load balance channel uses the URI hash.
-
-
/aa/aa
/aa%2Faa
FunctionGraph backends
Request path sent to a function when the backend type of the API is FunctionGraph.
-
-
/aa/aa
/aa%2Faa
Custom authentication
Path of the request sent to the function when the API authentication mode is set to Custom.
-
-
/aa/aa
/aa%2Faa
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot