Help Center/ ROMA Connect/ API Reference/ Appendix/ APIC Features Supported by ROMA Connect Instances
Updated on 2023-06-29 GMT+08:00

APIC Features Supported by ROMA Connect Instances

If the instance you are using does not have related features, submit a service ticket to upgrade your instance.

Feature Name

Feature Description

Configurable

Feature Configuration Example

Configuration Parameter

Parameter Description

Default Value

Value Range

lts

Reporting of Shubao access logs

Yes

{"name":"lts","enable":true,"config": "{\"group_id\": ",\"topic_id\":\"\",\"log_group\":\"\",\"log_stream\":\"\"}"}

group_id

Log group ID.

-

-

topic_id

Log stream ID.

-

-

log_group

Name of a log group.

-

-

log_stream

Name of a log stream.

-

-

gateway_responses

Custom gateway responses

No

-

-

-

-

-

ratelimit

Request throttling limit configuration

Yes

{"name":"ratelimit","enable":true,"config": "{\"api_limits\": 500}"}

api_limits

Default request throttling value applied to all APIs. Set this parameter properly to meet service requirements. A small value may constantly throttle your services.

200 calls per second

1–1,000,000 calls per second

request_body_size

Configuration of the maximum request body size

Yes

{"name":"request_body_size","enable":true,"config": "104857600"}

request_body_size

Maximum size of the body allowed in an API request.

12 M

1–9536 MB

backend_timeout

Backend timeout configuration

Yes

{"name":"backend_timeout","enable":true,"config": "{"max_timeout": 500}"}

max_timeout

Maximum timeout duration for APIC to access a backend service.

60000 ms

1–600,000 ms

app_token

app_token authentication

Yes

{"name":"app_token","enable":true,"config": "{\"enable\": \"on\", \"app_token_expire_time\": 3600, \"app_token_uri\": \"/v1/apigw/oauth2/token\", \"refresh_token_expire_time\": 7200}"}

enable

Whether to enable app_token authentication.

off

on/off

app_token_expire_time

Validity period of the access token.

3600s

1–72,000s

refresh_token_expire_time

Validity period of the refresh token.

7200s

1–72,000s

app_token_uri

URI used for obtaining the token.

/v1/apigw/oauth2/token

-

app_token_key

Token encryption key.

-

-

app_basic

app_basic authentication

Yes

{"name":"app_basic","enable":true,"config": "on"}

-

-

off

on/off

app_secret

app_secret authentication

Yes

{"name":"app_secret","enable":true,"config": "on"}

-

-

off

on/off

backend_token_allow

Allowing tenants to transparently transmit tokens to the backend

Yes

{"name":"backend_token_allow","enable":true,"config": "{\"backend_token_allow_users\": [\"paas_apig_wwx548366_01\"]}"}

backend_token_allow_users

Regular expression for transparently transmitting the token to the common tenant whitelist of the tenant to match the domain name of the common tenant.

-

-

sign_basic

Basic signature keys

No

-

-

-

-

-

multi_auth

Two-factor authentication

No

-

-

-

-

-

backend_client_certificate

Backend two-way authentication

Yes

{"name":"backend_client_certificate","enable":true,"config": "{\"enable\": \"on\",\"ca\": \"\",\"content\": \"\",\"key\": \"\"}"}

enable

Whether to enable this function.

off

on/off

ca

CA file of two-way authentication.

-

-

content

Two-way authentication file.

-

-

key

Private key of two-way authentication.

-

-

ssl_ciphers

HTTPS cipher suites

Yes

{"name":"ssl_ciphers","enable":true,"config": "config": "{\"ssl_ciphers\": [\"ECDHE-ECDSA-AES256-GCM-SHA384\"]}"}

ssl_ciphers

Encryption and decryption suites supported. The ssl_ciphers parameter cannot be left blank and can contain only the options in the default value.

-

ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256

app_config

Extended configuration

No

-

-

-

-

-

green_tunnel

Green channels

No

-

-

-

-

-

app_route

IP access

Yes

{"name":"app_route","enable":true,"config": "on"}

-

-

off

on/off

default_group_hide

Hiding the default group. Note: After the default group is hidden, IP access is not supported. If you want to use the IP access function, you are advised to enable the app_route configuration.

Yes

{"name":"default_group_hide","enable":true,"config": "on"}

-

-

off

on/off

cascade

Cascading function

Yes

{"name":"app_route","enable":true,"config": "{\"enable\": \"on\", \"cascade_auth_key\": \"abcdefabcdefabcdefabcdefabcdef11\", \"cascade_instance_ids\":\"104e4816-1e9c-4345-be3a-14528727d0e3\"}"}

enable

Whether to enable the cascading function.

off

on/off

cascade_auth_key

Encryption key used to generate the cascading authentication token.

-

-

cascade_instance_ids

ID of the instance that can be used as the upper-level instance during cascading.

-

-

sandbox

IDA function sandbox configuration

Yes

{"name":"sandbox","enable":true,"config": "{\"max_cpu_time\": 30000, \"max_memory\": 1073741824}"}

max_cpu_time

Maximum CPU time that can be used by a function API. Unit: s.

60000 ms

1–1,000,000 ms

max_memory

Memory size allowed to be executed in a function API. Unit: byte.

256 M

1–9536 MB

livedata_config

Whether custom backend configurations are supported. If both sandbox and livedata_config exist, livedata_config is used preferentially.

Yes

{"name":"sandbox","enable":true,"config": "{\"max_cpu_time\": 30000, \"max_memory\": 1073741824, \"max_memory\": 1073741824, \"dataapi_return_type\": \"no_string\", \"gw_address_protocol\": \"http\", \"livedata_env\": \"offline\",\"procedure_async\": \"off\"}"}

max_cpu_time

Maximum CPU time that can be used by a function API. Unit: s.

60000 ms

1–1,000,000 ms

max_memory

Memory size allowed to be executed in a function API. Unit: byte.

256 M

1–9536 MB

livedata_env

Running mode of a custom backend. If this parameter is set to online, the custom backend API will be returned in the online format.

online

online/offline

gw_address_protocol

Default request protocol used in the DICT:gw_rest_float_addr variable.

none

http/https/none

procedure_async

Whether asynchronous execution is used during the stored procedure.

off

on/off

dataapi_return_type

Response format of a data API.

no_string

string/no_string

real_ip_from_xff

Whether to use the IP addresses in the X-Forwarded-For header for access control and request throttling

Yes

{"name": "real_ip_from_xff","enable": true,"config": {"enable": "on","xff_index": -1}}

enable

Whether to enable this function.

off

on/off

xff_index

Sequence number of the IP address in the X-Forwarded-For header. The value can be positive, negative, or 0.

  • If the value is 0 or positive, obtain the IP address of the corresponding index in the X-Forwarded-For header.
  • If the value is negative, obtain the IP address in the indicated reverse order in the X-Forwarded-For header.

For example, assume that the X-Forwarded-For header of a request received by API gateway contains three IP addresses: IP1, IP2, and IP3. If the value of xff_index is 0, IP1 is obtained. If the value is 1, IP2 is obtained. If the value is –1, IP3 is obtained. If the value is –2, IP2 is obtained.

-1

Valid Int32 value

apiclient_first_use_x_hw_id

Whether to preferentially use the X-HW-ID field to verify the ApiClient class of custom backends.

Yes

{"name":"apiclient_first_use_x_hw_id","enable":true,"config": "on"}

-

-

off

on/off

custom_log

Whether to support custom logs.

Yes

{"name":"custom_log","enable":true,"config": "{\"custom_logs\":[{\"location\":\"header\",\"name\":\"test\"},{\"location\":\"query\",\"name\":\"x-query-test001\"}]}"}

custom_logs

Parameter sets to print in custom logs. Max. sets: 10

-

-

location

Parameter location.

-

header/query/cookie

name

Parameter name.

-

-

real_ip_header_getter

Whether to obtain source IP addresses from custom headers for them to take effect in access control and request throttling policies.

Yes

{"name":"real_ip_header_getter","enable":true,"config": "{\"enable\": \"on\",\"header_getter\": \"header:testIP\"}"}

enable

Whether to enable the feature.

off

on/off

header_getter

Custom header for obtaining source IP addresses.

-

-

vpc_name_modifiable

Whether load balance channel names can be modified.

Yes

{"name":"vpc_name_modifiable","enable":true,"config": "on"}

-

-

on

on/off

default_group_host_trustlist

Whether to allow access to APIs in the DEFAULT group from the IP addresses that are not inbound access addresses of the current instance.

Yes

{"name":"default_group_host_trustlist","enable":true,"config": "{\"enable\":\"on\",\"hosts\":[\"123.2.2.2\",\"202.2.2.2\"]}"}

enable

Whether to enable the feature.

off

on/off

hosts

IP addresses that are not inbound access addresses of the current instance.

-

-

data_api_column_types_converted_to_string

Whether to allow data backends to support converting data column types to String.

Yes

{"name": "data_api_column_types_converted_to_string", "enable": true, "config": "{\"enable\":\"on\",\"column_types\":[\"nvarchar2\"]}"}

enable

Whether to enable the feature.

off

on/off

column_types

Types: data column types to be converted to String (only NVARCHAR2 is supported currently).

-

-