All Products
Document Center


Last Updated: Nov 08, 2017

Before using API Gateway, we recommend that you familiarize yourself with the following terms.

Term Explanation
App A user needs to create an app as the identity to call an API.
AppKey, AppSecret Each app has a key pair, which is encrypted as signature information in the request.
Encrypted signature An API request carries secure signature information, based on which API Gateway verifies the requester’s identity.
Authorization The API service provider grants an app permission to call an API. Only authorized apps can call APIs.
API lifecycle The API service provider manages an API in stages, including API creation, testing, release, deprecation, and version switching.
API definition When creating an API, the API service provider has to set rules for the API such as backend service, request format, received format, and returned format.
Parameter mapping When the parameters in a user’s request are inconsistent from those at the API backend, the API service provider can configure parameter mapping.
Parameter verification The API service provider sets verification rules for input parameters. Based on such rules, API Gateway filters invalid requests.
Constant parameters You do not must input such parameters, however, the backend service must always receive them.
System parameters You can configure the gateway to include certain system parameters such as CaClientIP (request IP address) into the request sent to your backend.
API group The API service provider manages APIs through the group. Before creating an API, you first must create a group.
Second-level domain name When creating a group, the system binds the group with a second-level domain name for testing API calls.
Independent domain name When opening an API, you must bind an independent domain name to the group. Customers must access the independent domain name to call the API.
Signature key The API service provider can create a signature key and bind it to the API. When sending a request to the service provider’s backend, the gateway carries the signature information for backend security verification.
Throttling policy The API service provider uses a throttling policy to control the traffic of APIs, users, and apps at the minute, hour, or day level.