All Products
Search

This Product

    API Gateway:Create gateway instances

    Document Center

    API Gateway:Create gateway instances

    Last Updated:Jul 10, 2025

    Cloud-native API Gateway instances enable service exposure, traffic management, security protection, and API lifecycle management. This topic describes how to create a Cloud-native API Gateway instance.

    Basic configuration

    First-time activation requires authorization

    System policies:

    AliyunServiceRoleForNativeApiGw: Allows access to other cloud services such as ACK, VPC, SLB, and MSE.

    AliyunServiceRolePolicyForNativeApiGwInvokeFC: Allows access to Function Compute (FC) service.

    1. Log on to the Cloud-native API Gateway console, click System Management in the left-side navigation pane, and then click Create Instance on the Instance page. On the Cloud-native API Gateway purchase page, configure the following parameters:

      • Product Type: Supports Pay-as-you-go and Subscription. For more information, see Billing overview.

        • Pay-as-you-go: Billing is calculated hourly. If the usage duration is less than one hour, you are charged for one hour. Settlement occurs once per hour.

        • Subscription: Billing is calculated monthly. A yearly subscription is calculated as 12 months.

      • Region: Select the region where the gateway is located. This must be the same region where your backend service is located. The region cannot be changed after the instance is created.

      • Instance Name: Customize the gateway name. We recommend that you use a name that indicates the environment or the environment and business type, such as test or order-prod. The name can be up to 64 characters in length.

      • Instance Specification: Select a node specification based on your actual business requirements after performing capacity assessment.

        Capacity thresholds of different node specifications

        The following table describes the capacity thresholds of different instance specifications. If the values of the gateway capacity metrics are less than the warning thresholds, your service-level agreement (SLA) requirements can be completely met. For your key business, we recommend that you keep the values of the gateway capacity metrics to be less than the security thresholds. This ensures the stability of your system.

        • Secure thresholds: On and beyond secure thresholds, your gateway instance can ensure high throughput and low latency even when traffic is doubled.

        • Warning thresholds: When your instance hits warning thresholds, it endures increased latency and is subject to stability risks in cases of traffic surges.

        • No SLA guarantees are provided for single-node instances, which are typically recommended for testing scenarios. Make sure that you use multi-node instances for production business.

        Instance Specification

        Client Connections

        HTTPS New Connections per Second

        CPU Usage

        Memory Usage

        Secure Threshold

        Warning Threshold

        Secure Threshold

        Warning Threshold

        Secure Threshold

        Warning Threshold

        Secure Threshold

        Warning Threshold

        apigw.dev.x1

        12,000

        24,000

        400

        800

        30%

        60%

        75%

        75%

        apigw.small.x1

        24,000

        48,000

        800

        1,600

        30%

        60%

        75%

        75%

        apigw.small.x2

        48,000

        96,000

        1,600

        3,200

        30%

        60%

        75%

        75%

        apigw.small.x4

        96,000

        192,000

        3,200

        6,400

        30%

        60%

        75%

        75%

        apigw.medium.x1

        192,000

        384,000

        6,400

        12,800

        30%

        60%

        75%

        75%

        apigw.medium.x2

        384,000

        768,000

        12,800

        25,600

        30%

        60%

        75%

        75%

        apigw.medium.x3

        576,000

        1,152,000

        19,200

        38,400

        30%

        60%

        75%

        75%

        apigw.large.x1

        768,000

        1,536,000

        25,600

        51,200

        30%

        60%

        75%

        75%

        apigw.large.x2

        1,536,000

        3,072,000

        51,200

        102,400

        30%

        60%

        75%

        75%

        apigw.large.x3

        2,304,000

        4,608,000

        76,800

        153,600

        30%

        60%

        75%

        75%

        apigw.large.x4

        3,072,000

        6,144,000

        102,400

        204,800

        30%

        60%

        75%

        75%

      • Resource Group: Select an existing resource group or the default resource group. Use resource groups to categorize and manage cloud account resources. Perform access control, resource provisioning, and monitoring at the group level, eliminating the need to manage individual resources separately. To create a new resource group, click Create Resource Group.

      • Network Type: Supports Public, Private, and Public + Private.

        • Public: If you select Public, Cloud Data Transfer (CDT) provides BGP (Multi-ISP) services for your access and charges public traffic fees. For more information, see Internet data transfers.

        • Private: Data transferred over the private network is free of charge.

        • Public + Private: If you select Public + Private, data can be transferred over the Internet or the private network. Data transferred over the Internet is charged public traffic fees by CDT, which provides BGP (Multi-ISP) services for your access. Data transferred over the private network is free of charge.

      • Virtual Private Cloud: Select the virtual private cloud (VPC) in which your instance runs. The Cloud-native API Gateway instance must reside in the same VPC as the service to be accessed by the instance.

      • Select Zone: Supports Auto-assign or Manually Select.

        • Auto-assign: Select a VSwitch for deploying gateway nodes, and the system will automatically allocate two zones to deploy the gateway nodes.

        • Manually Select: Manually select the Zones and VSwitches for deploying gateway nodes.

    2. After completing the configuration, click Buy Now. On the Confirm Order page, check the configuration details of the Cloud-native API Gateway and click Activate Now.

      Instance creation may require one to five minutes to complete.

    3. On the Instance page of the Cloud-native API Gateway console, check the status of the created gateway instance. When the status shows Running, the gateway has been successfully created.

    Advanced features

    When creating a gateway instance, you can configure the following operations if you need to use log data for monitoring and analysis, or need to compress requests and responses to reduce gateway traffic. Note that Gzip hardware acceleration can only be enabled during instance creation and cannot be enabled afterward, while there are no restrictions for log service.

    Enable Gzip hardware acceleration

    Gzip hardware acceleration refers to the technology that uses dedicated hardware devices to quickly compress and decompress data. By offloading Gzip format decompression tasks from the CPU to dedicated hardware devices, it significantly improves processing efficiency and reduces CPU load.

    Procedure

    1. On the Cloud-native API Gateway purchase page, after completing the Basic configuration, configure the following parameters and click Activate Now:

      • Region: Gzip hardware acceleration is supported in the following regions: Hangzhou, Beijing, Shanghai, Shenzhen, Ulanqab, China (Hong Kong), and Singapore.

        Currently, some zones in the supported regions may not support this feature. Please refer to the product purchase page for specific availability.

      • Instance Specification: Select apigw.medium.x1 or higher specifications.

      • Gzip Hardware Acceleration: Select to enable Gzip hardware acceleration.

        image

    2. After the instance is created successfully, click the target instance ID/name, click Parameter Configuration in the left-side navigation pane, and edit the EnableGzipHardwareAccelerate parameter in the Gateway Engine Parameters section.

      If you did not select Enable Gzip Hardware Acceleration during purchase, you cannot enable this configuration.

    3. After enabling, the client must be able to process Gzip-compressed data. For supported clients, add Accept-Encoding: gzip in the request header.

    Performance reference

    How much traffic can be saved after enabling Gzip compression compared to before?

    When using Gzip compression, the compression ratio (the ratio of compressed data size to uncompressed data size) is largely affected by the data itself. A lower compression ratio indicates better compression effect, while a higher compression ratio indicates worse compression effect.

    Typically, if the data contains many repetitive patterns or structures (such as letters, words, and punctuation in text), Gzip compression works better, resulting in a lower compression ratio. Conversely, for data with high randomness and high entropy (such as images, videos, compressed files, etc.), because of their low internal repetitiveness, the compression ratio is usually higher, and the compression effect is limited.

    Different customers have significant differences in compression ratios when using Gzip compression due to their different business attributes. According to statistics from instances with Gzip enabled in core regions, most instances have compression ratios between 10% and 50%, meaning that after enabling Gzip, these users can save more than 50% of traffic on average.

    How much instance resources can be saved by using hardware acceleration when Gzip is already enabled?

    After enabling Gzip hardware acceleration, the gateway will use dedicated hardware devices for compression, thereby saving CPU resources. The following stress test data compares the CPU consumption between a single-node instance with Gzip hardware acceleration enabled and a 4-node instance using software Gzip when handling the same QPS traffic.

    For example, the compressed data is a JSON text of approximately 120k in size:

    QPS

    Hardware accelerated Gzip/apigw.medium.x1/single node CPU consumption

    Software Gzip/apigw.medium.x1/4 nodes CPU consumption

    2,000

    9%

    11%

    5,000

    26%

    28%

    10,000

    56%

    56%

    13,000

    69%

    72%

    From the table data, we can see that the CPU consumption of enabling Gzip hardware acceleration/single node is basically on par with that of software Gzip/4 nodes. This means that what originally required 4 nodes to handle can now be handled by just 1 node after enabling Gzip hardware acceleration, saving approximately 75% of instance resources.

    Enable log delivery for a cloud-native gateway

    If you need to collect, store, and analyze gateway operation logs, you can activate Simple Log Service (SLS) during gateway instance creation for log analysis and dashboard monitoring.

    While completing the Basic configuration, select Use Simple Log Service (SLS), and the system will activate Simple Log Service (SLS) for you and enable gateway log delivery.

    After enabling log delivery, you can view gateway logs in Observability > Log Center.

    Log field descriptions

    Field

    Type

    Description

    __time__

    long

    The time when the log is generated.

    cluster_id

    string

    The ID of the gateway that you purchased.

    authority

    string

    The host header in the request.

    bytes_received

    long

    The size of the request body, excluding the request header.

    bytes_sent

    long

    The size of the response body, excluding the response header.

    downstream_local_address

    string

    The address of the gateway pod.

    downstream_remote_address

    string

    The address of the client that is connected to the gateway.

    duration

    long

    The total time taken for the request. Unit: milliseconds.

    method

    string

    The HTTP method.

    path

    string

    The path in the HTTP request.

    protocol

    string

    The HTTP protocol version.

    request_id

    string

    The gateway generates an ID for each request and places it in the x-request-id header. The backend can record and troubleshoot based on this field.

    requested_server_name

    string

    The server name that is used to establish an SSL connection.

    response_code

    long

    The HTTP response status code.

    response_flags

    string

    The reason for a failure of the request.

    route_name

    string

    The route name.

    start_time

    string

    The start time of the request. Specify this parameter in the Coordinated Universal Time (UTC) format.

    trace_id

    string

    The ID of the trace.

    upstream_cluster

    string

    The upstream cluster.

    upstream_host

    string

    The upstream IP address.

    upstream_local_address

    string

    The local address that connects to the upstream.

    upstream_service_time

    long

    The amount of time (in milliseconds) that is taken for the gateway to access the network of the upstream service and for the upstream service to process requests.

    upstream_transport_failure_reason

    string

    The reason for a failure to connect to the upstream service.

    user_agent

    string

    The User-Agent header in the HTTP request.

    x_forwarded_for

    string

    The x-forwarded-for header in the HTTP request, which is typically used to indicate the originating IP address of the HTTP request.

    What to do next

    • Cloud-native API Gateway supports multiple API types, including REST API, HTTP API, and WebSocket API. You can configure routing rules or policies for different types of APIs based on your business requirements.

    • You can create a service to add a backend service to your instance. Then, the instance can obtain and centrally manage the endpoints of backend services.

    • If you require routing to allow external access to your internal service, see Access applications in ACK by using an HTTP API.

    • For more information about the frequently asked questions when using Cloud-native API Gateway, see FAQ.