Help Center/ ROMA Connect/ User Guide/ Instances/ Managing Instances/ Modifying Instance Configuration Parameters
Updated on 2024-11-27 GMT+08:00
View PDF
Share

Modifying Instance Configuration Parameters

Overview

This section describes how to configure common parameters of components in an instance. By modifying configuration parameters, you can adjust related function configurations of components.

Constraints

  • Modifying instance configuration parameters will interrupt APIC. Do this during off-peak hours or when no service is running.
  • The Configuration Parameters tab is displayed only when APIC is included.

Modifying Configuration Parameters

On the Instance Information page of the ROMA Connect console, click the Configuration Parameters tab and view the configuration parameters of the instance. You can also change the values of Current Value.

Table 1 Configuration parameters

Parameter

Description

Parameter

Name of a parameter. You can move the cursor to next to a parameter name to view its description.

Default Value

Default value of a parameter.

Value Range

Value range of a parameter.

Current Value

Current value of a parameter.

Updated

Time when a parameter was last updated. If the parameter has never been modified, this parameter is left blank.

Operation

Click Edit to change the value of Current Value.

Parameter Description

The following table lists the instance configuration parameters of ROMA Connect.

Table 2 Parameters

Parameter

Description

ratelimit_api_limits

Default request throttling value applied to all APIs. If no request throttling policy is bound to an API, the total number of times the API can be called is determined by this parameter value. If a request throttling policy has been bound to an API, the total number of times the API can be called is determined by the bound policy.

request_body_size

Maximum size of the body allowed in an API request.

backend_timeout

Maximum timeout duration for ROMA Connect to send a request to a backend service.

app_token

Whether to enable app_token authentication. After this function is enabled, the obtained access token can be used in API requests for authentication during API calling.

  • app_token_expire_time indicates the validity period of the access token. Before the access token expires, you must obtain a new access token.
  • refresh_token_expire_time indicates the validity period of the refresh token. A refresh token is used to obtain a new access token.
  • app_token_uri indicates the URI used for obtaining an access token.
  • app_token_key indicates the encryption key of the access token.

app_api_key

Whether to enable app_api_key authentication. After this function is enabled, you can add the apikey parameter to an API request to carry the key of an integration application (or the AppKey of a client) for authentication during API calling.

app_basic

Whether to enable app_basic authentication. After this function is enabled, you can add the Authorization parameter to an API request to carry the key and secret of an integration application (or the AppKey and AppSecret of a client) for authentication during API calling.

app_jwt

Whether to enable app_jwt authentication. After this function is enabled, you can add the Authorization and Timestamp parameters to the API request to carry the key and secret (or AppKey and AppSecret of the client) of the integration application and the timestamp for authentication during API calling.

app_jwt_auth_header indicates the app_jwt authentication header, that is, the Header parameter of app_jwt authentication information carried in an API request. The default value is Authorization.

app_secret

Whether to enable app_secret authentication. After this function is enabled, you can add the X-HW-ID and X-HW-AppKey parameters to an API request to carry the key and secret of an integration application (or the AppKey and AppSecret of a client) for authentication during API calling.

public_key

Whether to enable the backend signature of the public_key type. After this function is enabled, signatures of the public_key type can be used in backend signature authentication.

public_key_uri_prefix indicates the URI prefix used to obtain the secret corresponding to public_key. The URI format is as follows: https://{APIC connection address}{public_key_uri_prefix}{public_key signature key name}.

app_route

Whether to support IP address access. After this function is enabled, APIs in non-DEFAULT groups can be called by using IP addresses.

NOTICE:

If an API is called in app_router mode, the application to which the API belongs and authorized applications cannot contain APIs with the same path. Delete APIs with the same path and create them again before using app_router.

cascade

Whether to enable the API cascading function. After this function is enabled, APIs can be called across instances.

  • cascade_auth_key indicates the encryption key used for authentication between APIs in the cascading relationship.
  • cascade_instance_ids indicates the ID list of cascading instances. Only instances specified by this parameter can establish the cascading relationship with the current instance.

default_group_hide

Whether to hide the DEFAULT group. After this function is enabled, the DEFAULT group is hidden.

livedata_config

Custom backend configuration.

  • sandbox_max_memory indicates the maximum memory required for executing a script of a function backend.
  • sandbox_max_cpu_time indicates the maximum CPU time required for executing a script of a function backend.
  • livedata_env indicates the running mode of a custom backend. If this parameter is set to online, the custom backend will return responses in the online format.
  • gw_address_protocol indicates the default request protocol transferred through the DICT:gw_rest_float_addr field in a function script.
  • procedure_async indicates whether the stored procedure is executed in asynchronous mode.
  • dataapi_return_type indicates the return format of a data backend.

backend_client_certificate

Whether to enable two-way authentication for a backend. After this function is enabled, you can configure the two-way authentication for a backend when configuring the backend information during API creation.

ssl_ciphers

HTTPS cipher suite that can be configured. You can select the cipher suites as required.

apiclient_first_use_x_hw_id

Whether to preferentially use the X-HW-ID field to verify the ApiClient class of the custom backend.

real_ip_from_xff

Whether to use the IP addresses in the X-Forwarded-For header as the criterion for access control and request throttling.

xff_index: Sequence number of an IP address in the X-Forwarded-For header. The value can be positive, negative, or 0.

  • If the value is 0 or positive, obtain the IP address of the corresponding index in the X-Forwarded-For header.
  • If the value is negative, obtain the IP address of the indicated reverse sequence in the X-Forwarded-For header.

For example, assume that the X-Forwarded-For header of a request received by API gateway contains three IP addresses: IP1, IP2, and IP3. If the value of xff_index is 0, IP1 is obtained. If the value is 1, IP2 is obtained. If the value is –1, IP3 is obtained. If the value is –2, IP2 is obtained.

custom_log

Whether to enable custom logs. After the custom log function is enabled, the specified location (header, query, and cookie) and parameter values are printed in the calling logs of all APIs in the ROMA Connect instance.

After this function is enabled, click Add to add the parameters to be printed in the calling logs.

NOTE:
  • Custom logs print only the content of requests initiated from clients and do not print the constants and system parameters defined in APIC.
  • Custom logs support up to 10 parameters. The total size of all parameter fields cannot exceed 2 KB.
  • Some special characters in parameter values printed by custom logs will be encoded. For example, a plus sign (+) will be encoded as a space, double quotation marks (") encoded as \x22, and a backslash (\) encoded as \x5C.

real_ip_header_getter

header_getter: Whether to obtain source IP addresses from custom headers for access control and request throttling policies to take effect.

vpc_name_modifiable

Whether to allow load balance channel name modification. When this function is enabled, you can modify the name of load balance channels. However, the VPC Channel Management - Project-Level API cannot be called currently.

default_group_host_trustlist

Whether to allow access to APIs in the default group from the IP addresses that are not inbound access addresses of the current instance. When this function is enabled, IP addresses can be added to access APIs in the default group.

  • Default Group API Access from Custom IP Addresses: whether APIs in the default group can be accessed from custom IP addresses.
  • IP Addresses: custom IP addresses to access the APIs in the default group. Separate multiple IP addresses with semicolons (;).

data_api_column_types_converted_to_string

Whether to allow data backends to support converting data column types to String. When this function is enabled, a selected data column type can be converted to String.

  • Configure Data Column Types: whether to allow data backend column types to be converted to String.
  • Types: data column types to be converted to String (only NVARCHAR2 is supported currently).

kafka_log_plugin_options

Size of the request body and response body that can be pushed by the Kafka log push plug-in.

  • request_body_size: maximum request body size
  • response_body_size: maximum response body size

sse_strategy

Whether to enable Server-Sent Events (SSE) transmission. It is disabled by default. Once enabled, the responses of backend APIs are output in streaming mode for character-based rendering.

NOTICE:

The sse_strategy configuration can be modified 1 minute after being completed.

request_custom_config

Configure client request parameters.

  • HTTP/2: Enabled by default.
  • request_body_timeout: Timeout for client request body. Default: 8s. Modify this parameter if the network condition is poor or the request body is too large.
NOTICE:

The client request configuration can be modified 1 minute after being completed.

gzip

Whether to compress responses using gzip to reduce public network traffic. By default, responses are not compressed. The configuration will take effect in 1 minute.

After enabling this parameter, set the compression level parameter comp_level. The greater the value is, the better responses are compressed. Default: 6.

NOTICE:
  • Use gzip to compress response body larger than 1 KB.
  • gzip supports the following file types: text/xml, text/plain, text/css, application/javascript, application/x-javascript, application/rss+xml, text/javascript, image/tiff, image/svg+xml, application/json, and application/xml.
  • After enabling gzip compression, you must add request header Accept-Encoding: gzip.
  • The gzip configuration can be modified 1 minute after being completed.

custom_auth_header

Whether to support custom authentication headers. By default, custom authentication headers are not supported. If you enable this parameter, the initial values of app_auth_header and backend_sign_header are empty, same as when the parameter is disabled.

If you set the Current Value of app_auth_header, the parameter with the same name as this value carries the app authentication information in the request header for APIs that use app authentication. If you set the Current Value of backend_sign_header, the parameter with the same name as this value carries the signature information in the backend request header for APIs bound with an HMAC or Basic Auth signature key policy.

NOTICE:

Configuring this parameter will affect all APIs that use app authentication or are bound with an HMAC or Basic Auth signature key policy in the instance.

api_uri_no_escape

Whether to escape the path in the API URL. This option is disabled by default, indicating that the path in the URL is escaped.

For details about the function of not escaping paths after api_uri_no_escape is enabled, see Table 3.

op_trusted_ips

This parameter is available only if Authentication Mode is set to IAM.

Specify the source IP addresses that are allowed to call your API. By default, op_trusted_ips of a new instance denies access from all source IP addresses. You need to add the source IP address segment to op_trusted_ips on the Configuration Parameters tab page.

NOTE:

Access control policies regulate API-level IP access, while the parameter here manages instance-level IP access.
Table 3 Functions affected if path is not escaped

Function

Description

API Frontend Definition Path

Path for Sending a Request

api_uri_no_escape Disabled

api_uri_no_escape Enabled

API definition

Path for APIC to match routes.

/{path}

/aa%2Faa

/aa/aa

/aa%2Faa

Parameter orchestration

Path used by backend service parameters.

-

-

/aa/aa

/aa%2Faa

HTTP-to-HTTPS redirection

Path used for redirection.

-

-

/aa/aa

/aa%2Faa

Backend policies

The policy condition is the path of the request input parameter.

-

-

/aa/aa

/aa%2Faa

Third-party authorizer

Path transferred to the third-party system after the API is bound to a third-party authentication policy.

-

-

/aa/aa

/aa%2Faa

Kafka log push policy

Request path used after the Kafka log push policy is bound to the API.

-

-

/aa/aa

/aa%2Faa

Load balance channel

Path used by APIC to forward requests when the load balance channel uses the URI hash.

-

-

/aa/aa

/aa%2Faa

FunctionGraph backend

Request path sent to a function when the backend type of the API is FunctionGraph.

-

-

/aa/aa

/aa%2Faa

Custom authentication

Path of the request sent to the function when the API authentication mode is set to Custom.

-

-

/aa/aa

/aa%2Faa
Parent topic: Managing Instances