All Products
Document Center

API Gateway:Backend Signature

Last Updated:May 27, 2020

What is backend signature?

A backend signature (formerly signature key) is a key-secret pair that you create and issue to API Gateway. This pair works similarly to the way an account and password work. Backend services verify the requests received from API Gateway based on the key-secret pair.

The original signature key feature has been integrated into the plug-in system. The original signature key interface and console are still in use. The original signature key feature and the backend signature plug-ins belong to the same plug-in type and are subject to the binding restrictions of that type.

When you create or modify keys in the original signature key interface or console, the data changes are synchronized to the plug-in system. However, the changes you made in the plug-in system cannot be synchronized to the original signature key interface or console.

Usage instructions

After you bind a key to an API, the signature information is added to all the requests for the API that API Gateway sends to your backend service. The backend service must parse the signature information through symmetric calculation to authenticate API Gateway. For more information about HTTP signature, see Backend signature demo.

If you want to replace the key bound to an API, modify key and secret in the backend signature plug-in bound to the API. The new key takes effect immediately after it is bound to the API.

Plug-in configurations

You can configure backend signature plug-ins in the JSON or YAML format as these two formats use the same schema. You can use the yaml to json tool to convert the configuration format of a backend signature plug-in. The following table describes a plug-in configuration template in the YAML format.

  1. ---
  2. key: SampleKey
  3. secret: SampleSecret