All Products
Document Center

API Security

Last Updated: Nov 08, 2017

Now, you can configure security protection. API Gateway supports two security measures: backend signature and throttling policy.

The signature key is used for your backend authentication. After the API is bound to a signature key, the request sent by the gateway to your backend carries the signature information. You can perform signature verification on the request at the backend through symmetric encryption. For more information about adding a signature to the HTTP service, see Backend HTTP Service Signature.

The throttling policy is used to control the API traffic. When a throttling policy is configured for the API, the gateway controls the traffic per minute, hour, or day for APIs, users, and apps.

You can perform more API lifecycle management operations on the console, for example, API deprecation, API version switching, and API call monitoring and warning. For more information, see User Manual (Enable an API).