You can access API Gateway either over the Internet or over an internal network. This topic describes how to access API Gateway over a VPC.

Instructions for using VPC subdomains

You can configure a VPC subdomain for each API group.

  • This subdomain can be used to access APIs in an API group over a VPC. There is no such limit of 1,000 API calls per day.
  • You cannot use a VPC subdomain to access APIs over HTTPS. To achieve HTTPS-based access, bind your domain name to the API group.
  • To bind your domain name to the API group, add a CNAME record to resolve your domain name to the VPC subdomain.

The activation method and effective scope of a VPC subdomain vary according to instance types. For more information, see the following descriptions.

Internal endpoint of a shared instance

Users located in the same region can access a shared API Gateway instance over their own VPCs.

Procedure

  1. Log on to theAPI Gateway console.
  2. Navigate through Publish APIs > API Groups.
  3. On the Group List page, find the target API group and click the group name.
  4. On the Group Details page that appears, click Enable VPC Intranet Subdomain. API Gateway automatically assigns a VPC subdomain to this API group. You can use this domain to access required APIs in this API group.

Internal endpoint of a dedicated instance

A dedicated API Gateway instance supports only one VPC. Users in other VPCs cannot access APIs configured for the instance. This access method is more secure.

Procedure

1. Log on to theAPI Gateway console.

2. In the left-side navigation pane, click Instances.

3. Find the target instance and configure a VPC through which users can access APIs under the instance.

4. In the left-side navigation pane, click API Groups.

5. Find the target API group and click the group name.

6. On the Group Details page, click Enable VPC Intranet Subdomain. You can also use a CNAME record to resolve your domain name to the VPC subdomain and then bind your domain name to the API group.

Usage notes:

  • If no VPC is configured for the dedicated instance, VPC subdomains cannot be enabled for API groups under the instance.
  • If the VPC configured for the dedicated instance has changed, VPC subdomains for all API groups under the instance are disabled.
  • If an API group that is configured with a VPC subdomain is to be migrated from a shared instance (classic network or VPC) to a dedicated instance, you must configure a VPC for the dedicated instance before you can migrate the instance. Note that you can access APIs only through the configured VPC.