All Products
Search
Document Center

API Gateway:Access a domain name by using HTTPS

Last Updated:Dec 14, 2022

You can bind your domain name to an API group hosted on API Gateway. API Gateway locates a unique API group by domain name and locates a unique API operation in the API group by using Path and HTTPMethod.

By default, API Gateway provides a public second-level domain name for each API group. A client can use the system-assigned domain name to make 100 API calls in regions outside the Chinese mainland and 1,000 API calls in regions inside the Chinese mainland. If you want to publish API operations in a production environment, you must bind an independent domain to the destination API group. The number of API calls is not limited for independent domains.

An independent domain name that you want to bind to an API group must meet the following requirements:

  • You must apply for an ICP filing or access the independent domain name at Alibaba Cloud ICP Filing.

  • Before you bind the independent domain name to the target API group, you must add a CNAME record for the independent domain name to the second-level domain name of the group.

  • The independent domain name has not been bound to an API group hosted on API Gateway by other users. If the independent domain name has been bound by other users, it must be verified when you attempt to bind it. If the API operations in the API group need to support HTTPS, you must import or upload an SSL certificate for the independent domain name.

1. Procedure for binding a domain name to an API group

To bind your domain name to an API group hosted on API Gateway, follow these steps:

  • Log on to the API Gateway console and bind your domain name to the API group.

  • Add a CNAME record for your domain name to the public second-level domain name provided by API Gateway to divert the traffic.

1.1 Bind a domain name to an API group

1. Log on to the API Gateway console. In the left-side navigation pane, choose Open API > API Groups. On the page that appears, click the group to which you want to bind the domain name. The Group Details page appears.

2. In the lower-right part of the Group Details page, click Bind Domain Name.

image

3. In the Bind Domain Name dialog box, enter your domain name and click Confirm.

image

1.1 Add a CNAME record

To add a CNAME record for your domain name to the public second-level domain name provided by API Gateway, follow these steps:

1. On the Group Details page, obtain the second-level domain name in the Basic Information section.

image

2. Log on to the DNS management platform. If you use Alibaba Cloud DNS, visit https://dns.console.aliyun.com. On the Manage DNS page of the Alibaba Cloud DNS console, click the target domain name to go to the DNS Settings page.

3. Add or modify a record for the domain name that you want to bind to the API group.

4. In the Add Record or Edit Record dialog box, set Type to CNAME and Value to the public second-level domain name that you obtained in step 2.

5. Click OK. After binding is complete, you can view the public second-level domain name on the DNS Settings page.

2. Procedure for uploading an SSL certificate for a domain name

After a domain name is bound to an API group, you can use the domain name to call all the API operations that belong to this API group over HTTP. If you want to call API operations over HTTPS, you must upload an SSL certificate for the domain name. The certificate can be uploaded in either of the following ways: API Gateway automatically imports an SSL certificate from the Alibaba Cloud SSL Certificates Service or allows you to manually upload the SSL certificate that you obtained from other certificate service providers.

2.1 Generate an SSL certificate for a domain name

To generate a free SSL certificate by using the Alibaba Cloud SSL Certificates Service, follow these steps:

1. Log on to the Alibaba Cloud SSL Certificates console.

2. Click Purchase Certificate. On the Buy Now page, purchase the certificate and bind the domain name. For more information, see Get started with SSL Certificates Service. Go to the Group Details page of the corresponding API group in the API Gateway console.

2.2 Import or upload the SSL certificate for the domain name

After you purchase or prepare a SSL certificate, import or upload the certificate for the domain name that you bound to the target API group in the API Gateway console. The following sections describe the certificate import and upload procedures.

2.2.1 Import an SSL certificate

If you purchase a certificate by using the Alibaba Cloud SSL Certificates Service, follow these steps to import the certificate for the domain name that you bound to the target API group hosted on API Gateway:

1. Go to the Group Details page in the API Gateway console. In the list of bound domain names, find the target domain name and click Select Certificate in the SSL Certificate column.

image

2. In the Select Certificate dialog box, click Search for Certificate. Then, select the required certificate from the search results and click Synchronize Certificate.

image

2.2.2 Upload an SSL certificate

If your SSL certificate is not purchased from Alibaba Cloud, you can upload your certificate to API Gateway. Follow these steps to upload an SSL certificate:

1. Go to the Group Details page in the API Gateway console. In the list of bound domain names, find the target domain name and click Select Certificate in the SSL Certificate column.

2. In the Select Certificate dialog box, click Add Certificate.

image

3. On the page that appears, enter the certificate content as prompted.image4. After the certificate is uploaded, you can see that the Select Certificate link of the domain name is changed to Update Certificate.

image

After the certificate is uploaded, you can access the target domain name by using HTTPS.