Help Center/ API Gateway/ Best Practices/ API Security/ APIG Security Best Practices
Updated on 2025-05-28 GMT+08:00

APIG Security Best Practices

Security is a shared responsibility between Huawei Cloud and you. Huawei Cloud is responsible for the security of cloud services. As a tenant, you need to properly use the security capabilities provided by cloud services to protect data. For details, see .Shared Responsibility.

This document provides security best practices for APIG to improve overall security capabilities. By following this guide, you can continuously assess the security status, effectively integrate various security features of APIG, and ensure data stored in APIG is not leaked or tampered with, while also safeguarding data transmission.

Make security configurations from the following dimensions to meet your service needs.

Identity Authentication and Access Control

DDoS Protection

Data Transmission Security

  • APIG allows you to create HTTP/HTTPS APIs. By default, HTTPS is used.
  • APIG supports TLS 1.1 and TLS 1.2. TLS 1.2 is recommended. For details, see the parameter Minimum TLS Version in Configuring the Domain Name for Calling APIs.
  • APIG supports secure cipher suites by default. You can set the ssl_ciphers parameter to select a cipher suite.

Audit and Logs

  • By default, APIG uses CTS to record API execution logs. You can view the latest operation logs of tenants on the CTS console. For details, see Audit and Logs.
  • APIG can be integrated with LTS. You are advised to enable log analysis on the APIG console to quickly obtain and analyze API call logs. For details, see Viewing API Call Logs.