API Gateway (APIG)
API Gateway (APIG) is a high-performance, high-availability, and high-security API hosting service that helps you build, manage, and deploy APIs at any scale. With just a few clicks, you can integrate internal systems, and selectively expose capabilities with minimal costs and risks.
API Gateway helps you to monetize your service and data capabilities, you can open them up by creating APIs in APIG. Then you can provide the APIs for API callers using offline channels.
You can also obtain open APIs from APIG to reduce your development time and costs.
You can quickly create APIs by configuring the required settings on the API Gateway console. API Gateway provides an inline debugging tool to simplify API development and allows you to publish an API in multiple environments for easy testing and fast iteration.
API Gateway provides full-lifecycle API management, including design, development, test, publish, and O&M, to help you quickly build, manage, and deploy APIs at any scale.
API Gateway provides multiple measures to secure API calling, such as Secure Sockets Layer (SSL) transfer, strict access control, IP address blacklist/whitelist, authentication, anti-replay, anti-attack, and multiple audit rules. In addition, API Gateway implements flexible and refined quota management and request throttling to help you flexibly and securely open your backend services.
API Gateway (APIG) is a fully managed service that enables you to securely build, manage, and deploy APIs at any scale with high performance and availability. With APIG, you can easily integrate your internal service systems and selectively expose your service capabilities through its API opening and API calling functions. More information here.
API Gateway combines synchronous and asynchronous traffic control and multiple algorithms to throttle requests at the second level. You can flexibly define request throttling policies to ensure stability and continuity of API services.
API Gateway monitors the number of API calls, data latency, and number of errors, helping you identify potential service risks.
SDKs of different programming languages (such as Java, Go, Python, and C) are available for access from clients. Because the backends do not need to be modified, only one system is required to adapt to different service scenarios (such as mobile devices and IoT).
API lifecycle management
The lifecycle of an API involves creating, publishing, removing, and deleting the API. API lifecycle management enables you to expose service capabilities quick and efficient.
Cloud native gateway
APIG integrates traffic ingress (Kubernetes Ingress) and microservice governance (Kubernetes Gateway API) in one gateway, improving performance, simplifying the architecture, and reducing deployment and O&M costs.
Built-in debugging tool
With the built-in debugging tool, you can debug APIs using different HTTP headers and request bodies. This tool simplifies the API development process and reduces the API development and maintenance costs.
Version management
An API can be published in different environments. Publishing an API again in the same environment will override the API's previous version. APIG displays the publication history (including the version, description, date and time, and environment) of each API. You can roll back an API to any historical version to meet dark launch and version upgrade requirements.
Environment variables
Environment variables are manageable and specific to environments. Variables of an API will be replaced by the values of the variables in the environment where the API will be published. You can create variables in different environments to call different backend services using the same API.
Request throttling
- For different services and users, you can control the request frequency at which an API can be called by a user, an app, and an IP address. This ensures that backend services can run stable.
- The throttling can be accurate to the second, minute, hour, or day.
- Excluded apps and tenants can be configured to limit the number of API calls from specific apps and tenants, respectively.
Monitoring and alarm
APIG provides visualized, real-time API monitoring, and displays multiple metrics, including number of requests, invocation latency, and number of errors. The metrics help you understand the API usage, allowing you to identify potential service risks.
Access control
Access control policies are one of the security measures provided by APIG. They allow or deny API access from specific IP addresses or accounts.
VPC channels
VPC channels can be created for accessing resources in Virtual Private Clouds (VPCs) and exposing capabilities of backend services deployed in VPCs. A VPC channel forwards API requests to different servers for load balancing.
Signature keys
A signature key consists of a key & secret and takes effect only after being bound to APIs. Signature keys are used by backend services to verify the identity of APIG and ensure secure access.
Mock response
Mock backends simulate API responses for circuit breakers, service degradation, and redirection.
APIG Specifications of dedicated gateways
Edition | Maximum Number of Requests per Second |
Basic | 2000 |
Professional | 4000 |
Enterprise | 6000 |
Platinum | 10,000 |
APIG restrictions
Item | Default Restriction | Modifiable |
Gateways | 5 | Ja |
API Groups | 1500 | Ja |
APIs | Number of APIs for each gateway edition:
| Ja |
Backend policies | 5 | Ja |
Apps | 50. The app quota includes the apps you have created. | Ja |
Request throttling policies |
| Ja |
Environments | 10 | Ja |
Signature keys | 200 | Ja |
Access control policies | 100 | Ja |
VPC channels | 200 | Ja |
Variables | You can create a maximum of 50 variables for an API group in each environment. | Ja |
Independent domain names | A maximum of five independent domain names can be bound to an API group. | Ja |
Cloud servers | A maximum of 10 cloud servers can be added to a VPC channel. | Ja |
Parameters | A maximum of 50 parameters can be created for an API. | Ja |
API publication records | A maximum of 10 publication records of an API can be retained for each environment. | Ja |
API access rate | Up to 6000 times per second | Ja |
Excluded apps | A maximum of 30 excluded apps can be added to a request throttling policy. | Ja |
Excluded tenants | A maximum of 30 excluded tenants can be added to a request throttling policy. | Ja |
Access to a subdomain name | A subdomain name can be accessed up to 1000 times a day. | Nein |
Maximum size of an API request package | 12 MB | Ja |
TLS protocol | TLS 1.1 and TLS 1.2 are supported. TLS 1.2 is recommended. | Ja |
Custom authorizers | 50 | Nein |
Plug-ins | 500 | Ja |
Internal System Decoupling
As enterprises develop rapidly with quick business changes, internal systems of enterprises need to keep pace with the development. However, it is difficult to ensure system universality and stability because internal systems are dependent on each other. APIG uses standard RESTful APIs to simplify the service architecture, decouples internal systems, and separates the frontend from backend. Existing capabilities can be reused to avoid repetitive development.
Enterprise Capabilities Opening
An enterprise cannot develop without partners' capabilities, such as a third-party payment platform and partner account login. APIG enables you to selectively expose capabilities to partners by using standard APIs and share services and data with partners to build a new ecosystem.
