Applications are identities that you use to call API operations. Each application has a key pair that consists of an AppKey and an AppSecret. When you call an API operation in an application, the AppKey is specified as a header field in the request and the AppSecret is used to calculate a signature string that is attached to the request.

  1. In API Gateway, you must create an application before you call an API operation. After you create an application, the system automatically assigns a key pair that consists of an AppKey and an AppSecret to the application. The key pair is needed when you call an API operation by using the application. For information about how to calculate and pass an encrypted signature, see Request signature.
  2. Whoever obtains the AppKey and AppSecret pair of an application has all permissions on the application. You must keep AppKey and AppSecret pairs properly. If you accidentally lose an AppKey and AppSecret pair, you must reset the pair in the API Gateway console.
  3. You can create multiple applications and authorize the applications to call different API operations based on your business requirements. Note that only an application, instead of an Alibaba Cloud account or a Resource Access Management (RAM) user, can be authorized to call an API operation.
  4. In the API Gateway console, you can create, modify, or delete applications, view details of applications, and manage key pairs. You can also view the API operations that each application is authorized to call.