Based on HTTP and the Secure Sockets Layer (SSL) protocol, HTTPS is used to encrypt information and data to secure data transmission. HTTPS is widely used today.
API Gateway supports HTTPS-based encryption of API requests. When you configure an API operation, you can specify that the API operation supports HTTP requests, HTTPS requests, or both.
If you want an API operation to support HTTPS requests, perform the following steps:
Step 1: Make preparations
Prepare the following items:
- An independent domain name.
- An SSL certificate that is applied for the independent domain name.
A custom certificate that is converted from the SSL certificate. The content and the private key files of the custom certificate must be in the PEM format. For more information, see Certificate format. The Tengine service that is used by API Gateway is based on NGINX and PEM is the only certificate format that is supported by NGINX. Therefore, API Gateway also supports only the PEM certificate format.
An SSL certificate contains two files: XXXXX.key and XXXXX.pem, both of which can be opened in a text editor. The following code snippets show examples of the KEY file and the PEM file of an SSL certificate:
-----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA8GjIleJ7rlo86mtbwcDnUfqzTQAm4b3zZEo1aKsfAuwcvCud .... -----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE----- MIIFtDCCBJygAwIBAgIQRgWF1j00cozRl1pZ+ultKTANBgkqhkiG9w0BAQsFADBP ... -----END CERTIFICATE-----
Step 2: Bind the SSL Certificate to an API group
Log on to the API Gateway console. In the left-side navigation pane, choose Publish APIs > API Groups. On the Group List page, find the target API group and click the group name. The Group Details page appears.
After you bind the independent domain name, click Select Certificate in the SSL Certificate column. In the Select Certificate dialog box, click Create Certificate. In the Create Certificate dialog box, set relevant parameters, as shown in the following figure.
- Certificate Name: the name of the certificate. We recommend that you set an informative name for easy identification.
- Certificate Content: the complete content of the certificate. Copy the content in the XXXXX.pem file to this field.
Private Key: the private key of the certificate. Copy the content in the XXXXX.key file to this field. Click OK.
Step 3: Adjust the API configuration
After you bind the SSL certificate to the API group, you can adjust the Protocol parameter that is configured for the API operation. Valid values of the Protocol parameter are HTTP, HTTPS, and WEBSOCKET. You can select one or more protocols for each API operation. We recommend that you set the Protocol parameter to HTTPS for security considerations.
In the left-side navigation pane, choose Publish APIs > APIs. On the API List page, find the target API operation and click its name. On the API Definition page, click Edit in the upper-right corner. In the wizard that appears, go to the Define API Request step.
You can set the Protocol parameter to the following values:
- HTTP: supports only HTTP requests.
- HTTPS: supports only HTTPS requests.
- HTTP and HTTPS: support both HTTP and HTTPS requests.
Set the Protocol parameter to HTTPS so that the API operation supports only HTTPS requests.