A signature key is the Key-Secret pair you create, based on which the backend service verifies the request received from the gateway. Pay attention to the following points:
- An unchangable region must be selected during key creation. The key can only be bound to APIs in the same region.
- One API can be bound with only one key. The key can be replaced, modified, bound to, or unbound from the API.
- After binding a key to an API, the signature information is added to all the requests sent from the gateway to the API at your service backend. You must resolve the signature information through symmetric calculation at the backend to verify the gateway’s identity. For more information about adding signature to the HTTP service, see Backend HTTP Service Signature.
To modify the Key-Secret pair once a key is leaked or to substitute a key bound to an API with another key, proceed the following steps:
- Configure the backend to support two keys: the original key and to-be-modified or replaced key, so that the request during the switching process can pass signature verification regardless the key modification or replacement.
- After the backend is configured, modify the key. Verify that the new Key and Secret take effect and delete the leaked or obsolete key.