Overview
This document summarizes practices in common application scenarios of API Gateway (APIG). Each practice case is given detailed solution description and operation guidance, helping you easily build your services based on APIG.
Practice |
Description |
---|---|
You can use APIG to selectively expose your workloads and microservices in Cloud Container Engine (CCE). |
|
Selectively Exposing Service Capabilities of a Data Center Using a Dedicated Gateway |
You can use APIG to set up a connection between your on-premises data center and the gateway (or the VPC bound to the gateway). |
Custom authentication is implemented using the FunctionGraph service. You can create a FunctionGraph function so that APIG can invoke it to authenticate requests for your API. |
|
Exposing Backend Services Across VPCs Using a Dedicated Gateway |
If the VPC of your backend server is different from that of your gateway, you can expose your backend service through cross-VPC interconnection. |
To protect APIG and your backend servers from malicious attacks, deploy Web Application Firewall (WAF) between APIG and the external network. |
|
Using Request Throttling 2.0 for Fine-grained Request Throttling |
As users and their demands become more diversified, the traditional policies cannot meet the requirements for more refined rate limiting. To resolve this issue, APIG has launched request throttling 2.0, which is a type of plug-in policy. The 2.0 policies enable you to configure more refined throttling, for example, to throttle requests based on a certain request parameter or tenant. |
APIG allows you to configure a custom authorizer for two-factor authentication. |
|
HTTP APIs are insecure in transmission and authentication. You can upgrade them for access over HTTPS while ensuring HTTP compatibility. |
|
When you use a gRPC service, you can create an API in APIG to route requests for the service. |
|
Configuring One-Way or Two-Way Authentication Between the Dedicated Gateway and Client |
If the API frontend supports HTTPS, you need to add an SSL certificate for the independent domain name bound to the API group. An SSL certificate is used for data encryption and identity authentication. If an SSL certificate contains a CA certificate, client authentication (two-way authentication) is enabled by default. Or one-way authentication will be used. |
Calling Different Backend Services Using a Dedicated Gateway |
APIG allows you to define multiple backend policies and forward API requests to different backends based on these different policies. For example, to distinguish special calls from regular calls, you can define a policy backend that uses frontend custom authentication parameters. |
Forwarding WebSocket Service Requests Using a Dedicated Gateway |
You can create WebSocket APIs in the same way as you create HTTP APIs. WebSocket is a protocol for full-duplex communication over a single TCP connection. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot