Updated on 2024-06-27 GMT+08:00

Supported Features

The following table lists the features that are supported by dedicated gateways.

If the gateway you use does not have specific features, submit a service ticket to upgrade your gateway.

Feature Name

Feature Description

Configurable

Feature Configuration Example

Configuration Parameter

Parameter Description

Default Value

Value Range

lts

Reporting of Shubao access logs

Yes

{"name":"lts","enable":true,"config": "{\"group_id\": ",\"topic_id\":\"\",\"log_group\":\"\",\"log_stream\":\"\"}"}

group_id

Log group ID.

-

-

topic_id

Log stream ID.

log_group

Name of a log group.

log_stream

Name of a log stream.

gateway_responses

Custom gateway responses

No

-

-

-

-

-

ratelimit

Request throttling limit configuration

Yes

{"name":"ratelimit","enable":true,"config": "{\"api_limits\": 500}"}

api_limits

Default request throttling value applied to all APIs. Set this parameter properly to meet service requirements. A small value may constantly throttle your services.

200 calls per second

1–1,000,000 calls per second

request_body_size

Configuration of the maximum request body size

Yes

{"name":"request_body_size","enable":true,"config": "104857600"}

request_body_size

Maximum size of the body allowed in an API request.

12 MB

1–9536 MB

backend_timeout

Maximum backend timeout configuration

Yes

{"name":"backend_timeout","enable":true,"config": "{"max_timeout": 500}"}

max_timeout

Maximum timeout for APIG to request a backend service.

60,000 ms

1-600,000 ms

app_token

app_token authentication

Yes

{"name":"app_token","enable":true,"config": "{\"enable\": \"on\", \"app_token_expire_time\": 3600, \"app_token_uri\": \"/v1/apigw/oauth2/token\", \"refresh_token_expire_time\": 7200}"}

enable

Whether to enable this feature.

Off

On/Off

app_token_expire_time

Validity period of the access token.

3600s

1–72,000s

refresh_token_expire_time

Validity period of the refresh token.

7200s

1–72,000s

app_token_uri

URI used for obtaining the token.

/v1/apigw/oauth2/token

-

app_token_key

Token encryption key.

-

-

app_api_key

app_api_key authentication

Yes

{"name":"app_api_key","enable":true,"config": "on"}

-

-

Off

On/Off

app_basic

app_basic authentication

Yes

{"name":"app_basic","enable":true,"config": "on"}

-

-

Off

On/Off

app_secret

app_secret authentication

Yes

{"name":"app_secret","enable":true,"config": "on"}

-

-

Off

On/Off

app_jwt

app_jwt authentication

Yes

{"name":"app_jwt","enable":true,"config": "{\"enable\": \"on\", \"auth_header\": \"Authorization\"}"}

enable

Whether to enable app_jwt authentication.

Off

On/Off

auth_header

app_jwt authentication header.

Authorization

-

public_key

Public_key backend signatures

Yes

{"name":"public_key","enable":true,"config": "{\"enable\": \"on\", \"public_key_uri_prefix\": \"/apigw/authadv/v2/public-key/\"}"}

enable

Whether to enable public_key authentication.

Off

On/Off

public_key_uri_prefix

URI prefix used for obtaining the public key.

/apigw/authadv/v2/public-key/

-

backend_token_allow

Allowing tenants to transparently transmit tokens to the backend

Yes

{"name":"backend_token_allow","enable":true,"config": "{\"backend_token_allow_users\": [\"user_name\"]}"}

backend_token_allow_users

Regular expression for transparently transmitting the token to the common tenant whitelist of the tenant to match the domain name of the common tenant.

-

-

sign_basic

Basic signature keys

No

-

-

-

-

-

multi_auth

Two-factor authentication

No

-

-

-

-

-

backend_client_certificate

Backend two-way authentication

Yes

{"name":"backend_client_certificate","enable":true,"config": "{\"enable\": \"on\",\"ca\": \"\",\"content\": \"\",\"key\": \"\"}"}

enable

Whether to enable this feature.

Off

On/Off

ca

CA file of two-way authentication.

-

-

content

Two-way authentication file.

-

-

key

Private key of two-way authentication.

-

-

ssl_ciphers

HTTPS cipher suites

Yes

{"name":"ssl_ciphers","enable":true,"config": "config": "{\"ssl_ciphers\": [\"ECDHE-ECDSA-AES256-GCM-SHA384\"]}"}

ssl_ciphers

Encryption and decryption suites supported. The ssl_ciphers parameter cannot be left blank and can contain only the options in the default value.

-

ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256

route

Custom routes

No

-

-

-

-

-

cors

Plug-ins

No

-

-

-

-

-

real_ip_from_xff

X-Forwarded-For header for identifying IP addresses during access control and request throttling

Yes

{"name": "real_ip_from_xff","enable": true,"config": {"enable": "on","xff_index": -1}}

enable

Whether to enable this feature.

Off

On/Off

xff_index

Sequence number of an IP address in the X-Forwarded-For header. The value of this parameter can be 0 or a positive or negative number. If the value is 0 or a positive number, the IP address of the corresponding index is obtained from the X-Forwarded-For header. If the value is a negative number, the IP address in reverse index order is obtained from the X-Forwarded-For header. For example, assume that the X-Forwarded-For header of a request received by API gateway contains three IP addresses: IP1, IP2, and IP3. If the value of xff_index is 0, IP1 is obtained. If the value of xff_index is 1, IP2 is obtained. If the value of xff_index is –1, IP3 is obtained.

-1

Valid Int32 value

app_route

IP address access

Yes

{"name":"app_route","enable":true,"config": "on"}

-

-

Off

On/Off

vpc_name_modifiable

Load balance channel name modification

Yes

{"name":"vpc_name_modifiable","enable":true,"config": "on"}

-

-

on

On/Off

default_group_host_trustlist

Access to the DEFAULT group from IP addresses that are not inbound access addresses of the current gateway

Yes

{"name":"default_group_host_trustlist","enable": true,"config": "{\"enable\":\"on\",\"hosts\":[\"123.2.2.2\",\"202.2.2.2\"]}"}

enable

Whether to enable this feature.

-

On/Off

hosts

IP addresses that are not inbound access addresses of the current gateway.

-

-

throttle_strategy

Request throttling

Yes

{"name":"throttle_strategy","enable":true,"config": "{\"enable\": \"on\",\"strategy\": \"local\"}"}

enable

Whether to enable this feature.

Off

On/Off

strategy

Request throttling mode.

-

cluster/local

custom_log

Printing custom request headers, query strings, and cookies in logs

Yes

{"name":"custom_log","enable":true,"config": "{\"custom_logs\":[{\"location\":\"header\",\"name\":\"a1234\"}]}"}

custom_logs

Custom logs.

-

Max. 10 items.

location

Location.

header/query/cookie

name

Name.

-

real_ip_header_getter

Using a custom header to obtain source IP addresses

Yes

{"name":"real_ip_header_getter","enable":true,"config": "{\"enable\": \"on\",\"header_getter\": \"header:testIP\"}"}

enable

Whether to enable this feature.

Off

On/Off

header_getter

Custom header for obtaining source IP addresses.

-

-

policy_cookie_param

Using cookies in backend policy conditions

Yes

{"name":"policy_cookie_param","enable":true,"config": "on"}

-

-

Off

On/Off

app_quota

Client quotas

No

-

-

-

-

-

app_acl

Request throttling policies

No

-

-

-

-

-

set_resp_headers

Response header management plug-ins

No

-

-

-

-

-

vpc_backup

Primary/Standby VPC channels

No

-

-

-

-

-

sign_aes

AES signature keys

No

-

-

-

-

-

kafka_log

Adding, deleting, modifying, and querying Kafka log push plug-ins

No

-

-

-

-

-

backend_retry_count

Backend retry configuration

No

-

-

-

-

-

policy_sys_param

Using system parameters in backend policy conditions

No

-

-

-

-

-

breaker

Circuit breakers

No

-

-

-

-

-

content_type_configurable

Returning request parameter type (Content-Type) when querying APIs

No

-

-

-

-

-

rate_limit_plugin

Request throttling plug-ins

No

-

-

-

-

-

breakerv2

Circuit breakers for degrading services in case of overload

No

-

-

-

-

-

sm_cipher_type

Encrypting local sensitive data with commercial cryptographic algorithms

No

-

-

-

-

-

rate_limit_algorithm

Request throttling algorithm switchover

No

-

-

-

-

-

gzip

Response compression using gzip

Yes

{

"name" : "gzip",

"config" : {\"comp_level\":6},

"enable" : true

}

comp_level

gzip compression level (1 to 9). The higher the level, the more compressed but takes a longer time.

6

1–9

sse_strategy

SSE transmission

Yes

{

"name": "sse_strategy",

"enable": true,

"config": "on"

}

-

-

Off

On/Off

authorizer_context_support_num_bool

Whether the value of the key-value pair in the context returned for custom authentication can be a number or Boolean value.

No

-

-

-

-

-

custom_auth_header

Custom authentication headers for app authentication and signature key policies.

Yes

1: {

"name": "custom_auth_header",

"enable": true,

"config": "{\"app_auth_header\":\"app-header\", \"backend_sign_header\":\"back-header\"}"

}

app_auth_header

Used to specify the signature information for app authentication in the request header.

-

Leave this parameter blank, or enter 3 to 64 letters, digits, hyphens (-), and underscores (_), and start with a letter. Do not start with x-apig- or x-sdk-, and do not use x-stage or authorization. The value is case-insensitive.

backend_sign_header

Used to specify the signature information of signature key policies (Basic, Auth, HMAC) to pass to the backend.

-

request_custom_config

Configuring client request parameters

Yes

{

"name": "request_custom_config",

"enable": true,

"config": "{\"http2\":\"on\",\"client_body_timeout\":10}"

}

http2

Whether to enable HTTP/2.

on

on/off

client_body_timeout

Client request body timeout.

8s

1-60s

gateway_responses_support_header

Custom group response supports custom header.

No

-

-

-

-

-

api_uri_no_escape

Unescaping request parameters of the request path in the API.

Yes

{"name":"api_uri_no_escape","enable":true,"config":""}

enable

Whether to enable this feature.

false

true/false

ip_control

Access control

Yes

{"enable": true,"name":"ip_control","config":"{\"control_type\":\"white\",\"white_ip_list\":\"\",\"black_ip_list\":\"\"}"}

control_type

Control type.

black

black/white

white_ip_list

IP address whitelist.

-

-

black_ip_list

IP address blacklist.

-

-