A backend signature (formerly signature key) is a key-secret pair that you create and issue to API Gateway. This pair works similarly to the way an account and password work. Backend services verify the requests received from API Gateway based on the key-secret pair.
The original signature key feature has been integrated into the plug-in system. The original signature key interface and console are still in use. The
original signature key feature and the
backend signature plug-ins belong to the same plug-in type and are subject to the binding restrictions of that type.
When you create or modify keys in the
original signature key interface or console, the data changes are synchronized to the plug-in system. However, the changes you made in the plug-in system cannot be synchronized to the original signature key interface or console.
After you bind a key to an API, the signature information is added to all the requests for the API that API Gateway sends to your backend service. The backend service must parse the signature information through symmetric calculation to authenticate API Gateway. For more information about HTTP signature, see Backend signature demo.
If you want to replace the key bound to an API, modify
secret in the backend signature plug-in bound to the API. The new key takes effect immediately after it is bound to the API.
You can configure backend signature plug-ins in the JSON or YAML format as these two formats use the same schema. You can use the
yaml to json tool to convert the configuration format of a backend signature plug-in. The following table describes a plug-in configuration template in the YAML format.