Updated on 2024-11-27 GMT+08:00

Implementation Procedure

One-Way Authentication

  1. Log in to the APIG console.
  2. Select a gateway at the top of the navigation pane.
  3. Create an SSL certificate.

    1. In the navigation pane, choose API Management > API Policies.
    2. On the SSL Certificates tab, click Create SSL Certificate.
      Table 1 Certificate configuration for one-way authentication

      Parameter

      Description

      Name

      Enter a certificate name that conforms to specific rules to facilitate search.

      Instances Covered

      Select Current.

      Content

      -----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...

      -----End certificate-----

      Key

      -----Start RSA private key----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...

      -----End RSA private key-----

      CA

      No CA certificate is required for one-way authentication.

    3. Click OK.

  4. Bind a domain name.

    1. In the navigation pane, choose API Management > API Groups.
    2. Click the name of the group to which the API belongs. The group details page is displayed.
    3. On the Group Information tab page, click Bind Independent Domain Name.
      Table 2 Independent domain name configuration

      Parameter

      Description

      Domain Name

      Enter a licensed domain name.

      Minimum TLS Version

      Select TLS1.2.

      HTTP-to-HTTPS Auto Redirection

      Disabled by default.

    4. Click OK.

  5. Bind a certificate.

    1. In the row that contains the domain name, click Select SSL Certificate.
    2. Select the created certificate and click OK.

    Client authentication should be disabled for one-way authentication.

  6. Call the API.

    Use the API test tool to call the API. If the status code is 200, the API is successfully called. Otherwise, rectify the fault by following the instructions provided in Error Codes.

Two-Way Authentication

  1. On the SSL Certificates tab, click Create SSL Certificate.

    Table 3 Certificate configuration for two-way authentication

    Parameter

    Description

    Name

    Enter a certificate name that conforms to specific rules to facilitate search.

    Instances Covered

    Select Current.

    Content

    Enter the certificate content.

    -----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...

    -----End certificate-----

    Key

    Enter the key.

    -----Start RSA private key----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...

    -----End RSA private key-----

    CA

    Enter the CA certificate content. After the CA certificate is configured, bind the SSL certificate to the independent domain name and enable Client Authentication.

    -----Start certificate----- MIICXgIBAAKBgQC6ndRHy5Dv5TcZiVzT6qF iaMGy61ZIbUrmBhUn61vMdvOHmtblST+fSl ZheNAcv2hQR4aqJLi4wrcerTaRyG9op3OSh...

    -----End certificate-----

  2. Click OK.
  3. Bind a domain name.

    1. In the navigation pane, choose API Management > API Groups.
    2. Click the name of the group to which the API belongs. The group details page is displayed.
    3. On the Group Information tab page, click Bind Independent Domain Name.
      Table 4 Independent domain name configuration

      Parameter

      Description

      Domain Name

      Enter a licensed domain name.

      Minimum TLS Version

      Select TLS1.2.

      HTTP-to-HTTPS Auto Redirection

      Disabled by default.

    4. Click OK.

  4. Bind a certificate.

    1. In the row that contains the domain name, click Select SSL Certificate.
    2. Select the created certificate, select Enable Client Authentication, and click OK.

  5. Call the API.

    Use the API test tool to call the API. If the status code is 200, the API is successfully called. Otherwise, rectify the fault by following the instructions provided in Error Codes.

    You need to configure the client certificate when accessing APIs.

    If Postman is used to call APIs, you need to add client certificates to Certificates in Setting and upload the client certificates and key.