Now, you can configure security protection. API Gateway supports two security measures: backend signature and traffic control policy.
The signature key is used for your backend authentication. After the API is bound to a signature key, the request sent by the gateway to your backend carries the signature information. You can perform signature verification on the request at the backend through symmetric encryption. For details about adding a signature to the HTTP service, refer to Backend HTTP Service Signature.
The traffic control policy is used to control the API traffic. When a traffic control policy is configured for the API, the gateway controls the traffic per minute, hour, or day for APIs, users, and apps.
You can perform more API lifecycle management operations on the console, for example, API deprecation, API version switching, and API call monitoring and warning. For more details, refer to User Manual (Enable an API).