After you develop a plug-in, you can upload the plug-in as a custom plug-in on the Plug-in page in the Cloud-native API Gateway console. You can view and use the uploaded plug-in by using your Alibaba Cloud account or the credentials of a Resource Access Management (RAM) user that has permissions on the cloud-native gateway. The built-in plug-ins and uploaded plug-ins are enabled in the same way.
Procedure
Log on to the Cloud-native API Gateway console.
In the left-side navigation pane, click Plug-in. In the top navigation bar, select a region.
On the Plug-in page, click Publish Plug-in in the upper-right corner.
In the Publish Plug-in panel, configure the parameters and click Upload. The upload may take about 30 seconds.
Parameter
Description
Select Language
Select the programming language that is used to develop the plug-in.
Plug-in ID
Specify the ID of the plug-in.
Plug-in Name
Specify the name of the plug-in.
Plug-in Description
Enter a description of the plug-in. After you configure this parameter, the description is displayed on the plug-in card.
Version Description
Enter a description of the plug-in version.
WASM File
Upload the plug-in binary file that is compiled and created on your on-premises machine. The file name extension must be .wasm.
Execution Stage
Select a stage from the drop-down list. The plug-in execution stages are implemented in the following order: Authorization > Authentication > Statistics > Default. If the execution of the plug-in does not depend on the execution order of other plug-ins, select Default from the drop-down list.
Execution Priority
Specify the execution priority of the plug-in in the specified stage. A larger value indicates a higher priority. If you want to specify a value, we recommend that you enter an integral multiple of 10.
Adapt to Gateway Version
Select Any Version or Specified Version.
Any Version: You can install the plug-in to an instance of any version.
Specified Version: You can install the plug-in only to an instance of a specific or later version.
Plug-in and policy priorities
In the following table, the plug-in or policy that is listed higher up has a higher execution priority than those listed lower down.
Item | Type | Execution stage | Priority | Remarks |
IP address blacklist or whitelist | Policy | RBAC Filter | ||
http-real-ip | Plug-in | Authorization | 980 | Throttling |
ModelRouter | Plug-in | Authorization | 900 | Built in an AI API |
ModelMapper | Plug-in | Authorization | 800 | Built in an AI API |
frontend-gray | Plug-in | Authorization | 450 | Transmission |
geo-ip | Plug-in | Authorization | 440 | Transmission |
DeGraphQL | Plug-in | Authorization | 430 | Transmission |
cache-control | Plug-in | Authorization | 420 | Transmission |
Request/Response conversion | Plug-in | Authorization | 410 | Transmission |
oauth | Plug-in | Authorization | 350 | Authentication |
jwt-auth | Plug-in | Authorization | 340 | Authentication |
hmac-auth | Plug-in | Authorization | 330 | Authentication |
basic-auth | Plug-in | Authorization | 320 | Authentication |
key-auth | Plug-in | Authorization | 310 | Authentication |
External authentication | Plug-in | Authorization | 300 | Authentication |
OPA | Plug-in | Authorization | 225 | Authentication |
Request validation | Plug-in | Authorization | 220 | Transmission |
IP address block | Plug-in | Authorization | 210 | Security |
JWT Logout | Plug-in | Authorization | 50 | Authentication |
General response caching | Plug-in | Authorization | 10 | Transmission |
CORS | Plug-in | Authentication | 340 | Security |
waf | Plug-in | Authentication | 330 | Security |
request-block | Plug-in | Authentication | 320 | Security |
bot-detect | Plug-in | Authentication | 310 | Security |
ai-data-masking | Plug-in | Default | 991 | AI |
ai-statistics | Plug-in | Default | 990 | AI |
ai-security-guard | Plug-in | Default | 850 | AI |
ai-cache | Plug-in | Default | 800 | AI |
ai-quota | Plug-in | Default | 750 | AI |
ai-intent | Plug-in | Default | 700 | AI |
ai-history | Plug-in | Default | 650 | AI |
ai-token-ratelimit | Plug-in | Default | 600 | AI |
ai-prompt-template | Plug-in | Default | 500 | AI |
ai-prompt-decorator | Plug-in | Default | 450 | AI |
ai-network-search | Plug-in | Default | 440 | AI |
ai-transformer | Plug-in | Default | 410 | AI |
ai-rag | Plug-in | Default | 405 | AI |
traffic-tag | Plug-in | Default | 400 | Throttling |
ai-json | Plug-in | Default | 150 | AI |
ai-proxy | Plug-in | Default | 110 | AI |
canary-header | Plug-in | Default | 100 | Throttling |
cluster-key-rate-limit | Plug-in | Default | 20 | Throttling |
key-rate-limit | Plug-in | Default | 10 | Throttling |
Concurrency control/throttling/circuit breaking | Policy | Sentinel Filter | ||
Timeout/retry/traffic replication/header modification/HTTP rewrite/CORS | Policy | Router Filter |
FAQ
What are the possible causes of plug-in publish failures?
In most cases, plug-ins fail to be published because the .wasm file of the plug-in is in an invalid binary format. For a demo for loading the .wasm file to your on-premises environment, see Develop plug-ins in Go.