HTTPS is a protocol integrating HTTP and SSL. It encrypts information and data to guarantee data transmission security. HTTPS is widely used today.
The API gateway also supports HTTPS to encrypt your API requests. The encryption can be API-level, that is, you can configure your APIs to support only HTTP or HTTPS or support both of them.
Prepare the following materials:
- A self-owned controllable domain name
- An SSL certificate applied for this domain name
The SSL certificate contains XXXXX.key and XXXXX.pem, which can be opened using the text editor.
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
After preparing the preceding materials, log on to the API gateway console and click Open API > Group Management. Click the group to which the SSL certificate is to be bound and check the group details.
Before binding the SSL certificate, bind an Independent domain name to the API group.
Independent domain name - Add an SSL certificate.
- Certificate name: Indicates the custom name for further identification.
- Certificate content: Indicates the complete content of the certificate. You must copy all content in XXXXX.pem.
- Private key: Indicates the private key of the certificate. You must copy the content in XXXXX.key.
Click OK to complete binding of the SSL certificate.
After binding the SSL certificate, you can enable access over HTTP, HTTPS, or HTTP and HTTPS for APIs. For security considerations, we recommend that you configure all APIs to support access over HTTPS.
You can select Open API > API list to locate the corresponding API and click API definition > Edit > Basic request definition to modify the API.
The API supports the following protocols:
- HTTP: The API only supports access over HTTP.
- HTTPS: The API only supports access over HTTPS.
- HTTP and HTTPS: The API supports access over both HTTP and HTTPS.
After the adjustment, the API configuration is complete. Your API supports access over HTTPS.