Configuring a Feature for a Gateway
Function
This API is used to configure a feature for a gateway.
The following table lists the supported features and configuration examples.
Feature Name |
Feature Description |
Configuration Example |
Parameter Name |
Parameter Description |
Default Value |
Value Range |
|---|---|---|---|---|---|---|
lts |
Reporting of Shubao access logs |
{"name":"lts","enable":true,"config": "{\"group_id\": ",\"topic_id\":\"\",\"log_group\":\"\",\"log_stream\":\"\"}"} |
group_id |
Log group ID. |
- |
- |
topic_id |
Log stream ID. |
- |
- |
|||
log_group |
Log group name. |
- |
- |
|||
log_stream |
Log stream name. |
- |
- |
|||
ratelimit |
Request throttling limit configuration |
{"name":"ratelimit","enable":true,"config": "{\"api_limits\": 500}"} |
api_limits |
Default request throttling limit for APIs. Set this parameter properly to meet service requirements. A small value may constantly throttle your services. |
200 calls/second |
1–1,000,000 calls/second |
request_body_size |
Configuration of the maximum request body size |
{"name":"request_body_size","enable":true,"config": "104857600"} |
request_body_size |
The maximum body size allowed for a request. |
12 MB |
1–9536 MB |
backend_timeout |
Maximum backend timeout configuration |
{"name":"backend_timeout","enable":true,"config": "{"max_timeout": 500}"} |
max_timeout |
Maximum timeout allowed for APIG to request the backend service. |
60,000 ms |
1–600,000 ms |
app_token |
app_token authentication |
{"name":"app_token","enable":true,"config": "{\"enable\": \"on\", \"app_token_expire_time\": 3600, \"app_token_uri\": \"/v1/apigw/oauth2/token\", \"refresh_token_expire_time\": 7200}"} |
enable |
Indicates whether to enable app_token authentication. |
off |
on/off |
app_token_expire_time |
Validity period of the access token. |
3600s |
1–72,000s |
|||
refresh_token_expire_time |
Validity period of the refresh token. |
7200s |
1–72,000s |
|||
app_token_uri |
URI used to obtain a token. |
/v1/apigw/oauth2/token |
- |
|||
app_token_key |
Encryption key of the token. |
- |
- |
|||
app_api_key |
app_api_key authentication |
{"name":"app_api_key","enable":true,"config": "on"} |
- |
- |
off |
on/off |
app_basic |
app_basic authentication |
{"name":"app_basic","enable":true,"config": "on"} |
- |
- |
off |
on/off |
app_secret |
app_secret authentication |
{"name":"app_secret","enable":true,"config": "on"} |
- |
- |
off |
on/off |
app_jwt |
app_jwt authentication |
{"name":"app_jwt","enable":true,"config": "{\"enable\": \"on\", \"auth_header\": \"Authorization\"}"} |
enable |
Indicates whether to enable app_jwt authentication. |
off |
on/off |
auth_header |
app_jwt authentication header. |
Authorization |
- |
|||
public_key |
public_key backend signatures |
{"name":"public_key","enable":true,"config": "{\"enable\": \"on\", \"public_key_uri_prefix\": \"/apigw/authadv/v2/public-key/\"}"} |
enable |
Indicates whether to enable app_jwt authentication. |
off |
on/off |
public_key_uri_prefix |
URI prefix for obtaining a public key. |
/apigw/authadv/v2/public-key/ |
- |
|||
backend_token_allow |
Allowing tenants to transparently transmit tokens to the backend |
{"name":"backend_token_allow","enable":true,"config": "{\"backend_token_allow_users\": [\"user_name\"]}"} |
backend_token_allow_users |
Whitelist of tenants allowed to transparently transmit tokens to the backend. The value is a regular expression of domain names. |
- |
- |
backend_client_certificate |
Backend two-way authentication |
{"name":"backend_client_certificate","enable":true,"config": "{\"enable\": \"on\",\"ca\": \"\",\"content\": \"\",\"key\": \"\"}"} |
enable |
Indicates whether to enable backend two-way authentication. |
off |
on/off |
ca |
Trust certificate for two-way authentication. |
- |
- |
|||
content |
Two-way authentication certificate. |
- |
- |
|||
key |
Private key for two-way authentication. |
- |
- |
|||
ssl_ciphers |
HTTPS cipher suites |
{"name":"ssl_ciphers","enable":true,"config": "config": "{\"ssl_ciphers\": [\"ECDHE-ECDSA-AES256-GCM-SHA384\"]}"} |
ssl_ciphers |
Supported cipher suites. The ssl_ciphers parameter cannot be left blank and can contain only the options in the value range. |
- |
ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 |
real_ip_from_xff |
Indicates whether to use the X-Forwarded-For header to identify the source IP address during access control and request throttling. |
{"name":"real_ip_from_xff","enable": true,"config": "{\"enable\": \"on\",\"xff_index\": 1}"} |
enable |
Indicates whether to enable this feature. |
off |
on/off |
xff_index |
Index of the source IP address in the X-Forwarded-For header. (Negative numbers are allowed and –1 is the last index.) |
-1 |
Valid Int32 value |
URI
POST /v2/{project_id}/apigw/instances/{instance_id}/features
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
project_id |
Yes |
String |
Project ID. For details about how to obtain a project ID, see "Appendix" > "Obtaining a Project ID" in this document. |
instance_id |
Yes |
String |
Gateway ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is a token. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
name |
Yes |
String |
Feature name. Minimum: 1 Maximum: 64 |
enable |
Yes |
Boolean |
Indicates whether to enable the feature. |
config |
No |
String |
Parameter configuration. |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
|---|---|---|
id |
String |
Feature ID. |
name |
String |
Feature name. Minimum: 1 Maximum: 64 |
enable |
Boolean |
Indicates whether to enable the feature. |
config |
String |
Parameter configuration. |
instance_id |
String |
Gateway ID. |
update_time |
String |
Feature update time. |
Status code: 400
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
Status code: 401
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
Status code: 403
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
Status code: 404
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
Status code: 500
Parameter |
Type |
Description |
|---|---|---|
error_code |
String |
Error code. |
error_msg |
String |
Error message. |
Example Requests
{
"name" : "app_api_key",
"config" : "on",
"enable" : true
}
Example Responses
Status code: 200
OK
{
"config" : "on",
"enable" : true,
"id" : "db9a9260cd3e4a16a9b5747a65d3ffaa",
"instance_id" : "eddc4d25480b4cd6b512f270a1b8b341",
"name" : "app_api_key",
"update_time" : "2020-08-24T01:17:31.041984021Z"
}
Status code: 400
Bad Request
{
"error_code" : "APIG.2000",
"error_msg" : "unrecognized feature app-api-key"
}
Status code: 401
Unauthorized
{
"error_code" : "APIG.1002",
"error_msg" : "Incorrect token or token resolution failed"
}
Status code: 403
Forbidden
{
"error_code" : "APIG.1005",
"error_msg" : "No permissions to request this method"
}
Status code: 404
Not Found
{
"error_code" : "APIG.3030",
"error_msg" : "The instance does not exist;id:eddc4d25480b4cd6b512f270a1b8b341"
}
Status code: 500
Internal Server Error
{
"error_code" : "APIG.9999",
"error_msg" : "System error"
}
Status Codes
Status Code |
Description |
|---|---|
200 |
OK |
400 |
Bad Request |
401 |
Unauthorized |
403 |
Forbidden |
404 |
Not Found |
500 |
Internal Server Error |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
