Appendix: Extended Swagger Definition of APIs
On the basis of the basic Swagger definition, ROMA Connect defines the extended definition of APIs, such as the authentication mode and backend service definition. This section describes the extended definitions of APIs.
1: x-apigateway-auth-type
Meaning: Swagger-based apiKey authentication format, which defines an authentication mode provided by ROMA Connect.
Scope of effect: Security Scheme Object
Example
securityDefinitions: customize-name-iam: type: "apiKey" name: "unused" in: "header" x-apigateway-auth-type: "IAM" customize-name-app: type: "apiKey" name: "Authorization" in: "header" x-apigateway-auth-type: "AppSigv1" customize-name-iam-none: type: "apiKey" name: "unused" in: "header" x-apigateway-auth-type: "IAM_NONE"
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Authentication type. Only apiKey is supported. |
name |
Yes |
String |
Name of the parameter for authentication.
|
in |
Yes |
String |
Location of the parameter. Only header is supported. |
description |
No |
String |
Description of the parameter. |
x-apigateway-auth-type |
Yes |
String |
APIC authentication mode. AppSigv1, IAM, and IAM_NONE are supported. |
2: x-apigateway-request-type
Meaning: API request type, which can be public or private.
Scope of effect: Operation Object
Example
paths: '/path': get: x-apigateway-request-type: 'public'
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
x-apigateway-request-type |
Yes |
String |
API visibility. The options include public and private.
|
3: x-apigateway-match-mode
Meaning: Request URL matching mode, which can be NORMAL or SWA.
Scope of effect: Operation Object
Example
paths: '/path': get: x-apigateway-match-mode: 'SWA'
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
x-apigateway-match-mode |
Yes |
String |
Matching mode of the API request path. The value can be SWA or NORMAL.
|
4: x-apigateway-cors
Meaning: Specifies whether APIs defined by ROMA Connect support CORS.
Scope of effect: Operation Object
Example
paths: '/path': get: x-apigateway-cors: true
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
x-apigateway-cors |
No |
Boolean |
Whether CORS is supported. |
For the API request for enabling CORS, the headers listed in the following table will be added to the response.
Parameter Name |
Parameter Value |
Description |
---|---|---|
Access-Control-Max-Age |
172800 |
Maximum time the response of a preflight request can be cached. |
Access-Control-Allow-Origin |
* |
Domain that can be accessed. The asterisk (*) indicates that requests from any domain are allowed. |
Access-Control-Allow-Headers |
X-Sdk-Date, X-Sdk-Nonce, X-Proxy-Signed-Headers, X-Sdk-Content-Sha256, X-Forwarded-For, Authorization, Content-Type, Accept, Accept-Ranges, Cache-Control, Range |
Header information fields that can be used in API requests. |
Access-Control-Allow-Methods |
GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH |
HTTP methods allowed by the API request. |
5: x-apigateway-any-method
Meaning: API request method used by default if no HTTP request method is specified.
Scope of effect: Path Item Object
Example
paths: '/path': get: produces: - application/json responses: "200": description: "get response" x-apigateway-any-method: produces: - application/json responses: "200": description: "any response"
6: x-apigateway-backend
Meaning: API backend definition.
Scope of effect: Operation Object
Example
paths: '/users/{userId}': get: produces: - "application/json" responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "backend endpoint type"
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Backend service type. HTTP, HTTP-VPC, and MOCK are supported. |
parameters |
No |
Backend parameters. |
|
httpEndpoints |
No |
HTTP backend service definition. |
|
httpVpcEndpoints |
No |
HTTP-VPC backend service definition. |
|
functionEndpoints |
No |
Function backend service definition. |
|
mockEndpoints |
No |
Mock backend service definition. |
6.1: x-apigateway-backend.parameters
Meaning: API backend definition.
Scope of effect: x-apigateway-backend
Example
paths: '/users/{userId}': get: produces: - "application/json" parameters: - name: "X-Auth-Token" description: "authorization token" type: "string" in: "header" required: true - name: "userId" description: "user name" type: "string" in: "path" required: true responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "HTTP" parameters: - name: "userId" value: "userId" in: "query" origin: "REQUEST" description: "user name" - name: "X-Invoke-User" value: "apigateway" in: "header" origin: "CONSTANT" description: "invoke user"
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
String |
Parameter name, which consists of a maximum of 32 bytes, starting with a letter. Only letters, digits, periods (.), hyphens (-), and underscores (_) are allowed. The names of header parameters are not case-sensitive. |
value |
Yes |
String |
Parameter value, which is a parameter name if the parameter comes from a request. |
in |
Yes |
String |
Parameter location, which can be header, query, or path. |
origin |
Yes |
String |
Parameter mapping source. REQUEST and CONSTANT are supported. |
description |
No |
String |
Parameter description. |
6.2: x-apigateway-backend.httpEndpoints
Meaning: HTTP backend service definition.
Scope of effect: x-apigateway-backend
Example
paths: '/users/{userId}': get: produces: - "application/json" parameters: - name: "X-Auth-Token" description: "authorization token" type: "string" in: "header" required: true responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "HTTP" httpEndpoints: address: "www.example.com" scheme: "http" method: "GET" path: "/users" timeout: 30000
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
address |
Yes |
Array |
Backend service address. The format is <Domain name or IP address>:[Port number] |
scheme |
Yes |
String |
Backend request protocol. HTTP and HTTPS are supported. |
method |
Yes |
String |
Backend request method. GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH, and ANY are supported. |
path |
Yes |
String |
Backend request path, which can contain variables. |
timeout |
No |
Number |
Backend request timeout in milliseconds. The value ranges from 1 to 60,000, and the default value is 5000. |
6.3: x-apigateway-backend.httpVpcEndpoints
Meaning: HTTP-VPC backend service definition.
Scope of effect: x-apigateway-backend
Example
paths: '/users/{userId}': get: produces: - "application/json" parameters: - name: "X-Auth-Token" description: "authorization token" type: "string" in: "header" required: true responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "HTTP-VPC" httpVpcEndpoints: name: "vpc-test-1" scheme: "http" method: "GET" path: "/users" timeout: 30000
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
name |
Yes |
Array |
VPC channel name. |
scheme |
Yes |
String |
Backend request protocol. HTTP and HTTPS are supported. |
method |
Yes |
String |
Backend request method. GET, POST, PUT, DELETE, HEAD, OPTIONS, PATCH, and ANY are supported. |
path |
Yes |
String |
Backend request path, which can contain variables. |
timeout |
No |
Number |
Backend request timeout in milliseconds. The value ranges from 1 to 60,000, and the default value is 5000. |
6.4: x-apigateway-backend.functionEndpoints
Meaning: FUNCTION backend service definition.
Scope of effect: x-apigateway-backend
Example
paths: '/users/{userId}': get: produces: - "application/json" parameters: - name: "X-Auth-Token" description: "authorization token" type: "string" in: "header" required: true responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "FUNCTION" functionEndpoints: version: "v1" function-urn: "" invocation-type: "synchronous" timeout: 30000
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
function-urn |
Yes |
String |
Function URN. |
version |
Yes |
String |
Function version. |
invocation-type |
Yes |
String |
Function invocation type. async or sync are supported. |
timeout |
No |
Number |
Function timeout in milliseconds. The value ranges from 1 to 60,000, and the default value is 5000. |
6.5: x-apigateway-backend.mockEndpoints
Meaning: Mock backend service definition.
Scope of effect: x-apigateway-backend
Example
paths: '/users/{userId}': get: produces: - "application/json" parameters: - name: "X-Auth-Token" description: "authorization token" type: "string" in: "header" required: true responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "MOCK" mockEndpoints: result-content: "mocked"
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
result-content |
Yes |
String |
Mock response. |
7: x-apigateway-backend-policies
Meaning: API backend policy.
Scope of effect: Operation Object
Example
paths: '/users/{userId}': get: produces: - "application/json" responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "backend endpoint type" x-apigateway-backend-policies: - type: "backend endpoint type" name: "backend policy name" conditions: - type: "equal/enum/pattern", value: "string", origin: "source/request_parameter", parameter_name: "string"
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Backend service type. HTTP, HTTP-VPC, and MOCK are supported. |
name |
Yes |
String |
Name |
parameters |
No |
Backend parameters. |
|
httpEndpoints |
No |
HTTP service definition. |
|
httpVpcEndpoints |
No |
HTTP-VPC service definition. |
|
functionEndpoints |
No |
Function service definition. |
|
mockEndpoints |
No |
Mock service definition. |
|
conditions |
Yes |
Backend policy condition. |
7.1: x-apigateway-backend-policies.conditions
Meaning: API backend policy.
Scope of effect: x-apigateway-backend-policies
Example
paths: '/users/{userId}': get: produces: - "application/json" responses: default: description: "default response" x-apigateway-request-type: "public" x-apigateway-backend: type: "backend endpoint type" x-apigateway-backend-policies: - type: "backend endpoint type" name: "backend policy name" conditions: - type: "equal/enum/pattern", value: "string", origin: "source/request_parameter", parameter_name: "string"
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Policy condition type. equal, enum, and pattern are supported. |
value |
Yes |
String |
Policy condition value. |
origin |
Yes |
String |
Policy condition source. source and request are supported. |
parameter |
No |
String |
Input parameter name if the origin parameter is set to request. |
8: x-apigateway-ratelimit
Meaning: Request throttling policy.
Scope of effect: Operation Object
Example
paths: '/path': get: x-apigateway-ratelimit: 'customRatelimitName'
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
x-apigateway-ratelimit |
No |
String |
Name of the referenced request throttling policy. Set this parameter to customRatelimitName. |
9: x-apigateway-ratelimits
Meaning: Mapping between a request throttling policy name and limit values.
Scope of effect: Swagger Object
Example
x-apigateway-ratelimits: customRatelimitName: api-limit: 200 app-limit: 200 user-limit: 200 ip-limit: 200 interval: 1 unit: second/minute/hour shared: true special: - type: APP limit: 100 instance: xxxxxxxxx
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
customRatelimitName |
No |
Custom request throttling policy. To use a request throttling policy, set x-apigateway-ratelimit to the name of the policy. |
9.1: x-apigateway-ratelimits.policy
Meaning: Definition of a request throttling policy.
Scope of effect: x-apigateway-ratelimits
Example
x-apigateway-ratelimits: customRatelimitName: api-limit: 200 app-limit: 200 user-limit: 200 ip-limit: 200 interval: 1 unit: MINUTE shared: false special: - type: USER limit: 100 instance: xxxxxxx
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
api-limit |
Yes |
Number |
Maximum number of times an API can be called. |
user-limit |
No |
Number |
Number of times the API can be called by a user. |
app-limit |
No |
Number |
Number of times the API can be called by an app. |
ip-limit |
No |
Number |
Number of times the API can be called by an IP address. |
interval |
Yes |
Number |
Throttling period. |
unit |
Yes |
String |
Throttling unit, which can be SECOND, MINUTE, HOUR, or DAY. |
shared |
No |
Boolean |
Whether to share the throttling limits among APIs. |
special |
No |
Special request throttling policy. |
9.2: x-apigateway-ratelimits.policy.special
Meaning: Definition of a special request throttling policy.
Scope of effect: x-apigateway-ratelimits.policy
Example
x-apigateway-ratelimits: customRatelimitName: api-limit: 200 app-limit: 200 user-limit: 200 ip-limit: 200 interval: 1 unit: MINUTE shared: false special: - type: USER limit: 100 instance: xxxxxxxx
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Excluded request throttling type, which can be APP or USER. |
limit |
Yes |
Number |
Access limit. |
instance |
Yes |
String |
Excluded app or user |
10: x-apigateway-access-control
Meaning: Access control policy.
Scope of effect: Operation Object
Example
paths: '/path': get: x-apigateway-access-control: 'customAccessControlName'
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
x-apigateway-access-control |
No |
String |
Name of the referenced access control policy. Set this parameter to customAccessControlName. |
11: x-apigateway-access-controls
Meaning: Mapping between an access control policy name and limit settings.
Scope of effect: Swagger Object
Example
x-apigateway-access-controls: customAccessControlName: acl-type: "DENY" entity-type: "IP" value: 127.0.0.1,192.168.0.1/16
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
customAccessControlName |
No |
Custom access control policy. To use an access control policy, set x-apigateway-access-control to the name of the policy. |
11.1: x-apigateway-access-controls.policy
Meaning: Definition of an access control policy.
Scope of effect: x-apigateway-access-controls
Example
x-apigateway-access-controls: customAccessControlName: acl-type: "DENY" entity-type: "IP" value: 127.0.0.1,192.168.0.1/16
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
acl-type |
Yes |
String |
Access control effect. The options include PERMIT and DENY. |
entity-type |
Yes |
String |
Access control object. Only IP addresses are supported. |
value |
Yes |
String |
Access control policy values. Use commas (,) to separate multiple values. |
12: x-apigateway-roma-app
Meaning: Integration application bound to the API.
Scope of effect: Operation Object
Example
paths: '/path': get: x-apigateway-roma-app: 'romaAppName'
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
x-apigateway-roma-app |
Yes |
String |
Name of the integration application bound to the API. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot