API Gateway provides the following features:
API lifecycle management
Provides a full range of management functions and productivity tools for each phase of the API lifecycle. The lifecycle management functions include API design, development, testing, publishing, O&M, monitoring, security control, and unpublishing.
Supports HTTPS offloading, SSL offloading, and client access based on HTTP/2 or WebSocket.
Uses wildcard domain names to call APIs.
Supports parameter cleansing and the verification of parameter types and values. The verification covers ranges, enumerated values, and regular expressions. Requests with invalid parameter types or values are denied by API Gateway.
Sets up mappings between request and response parameters.
Multiple authentication methods for security protection
Supports HMAC-SHA-1 and HMAC-SHA-256 algorithms.
Supports HTTPS two-way authentication, full-link CA certificate verification, and full-link signature verification.
Supports IP address-based and parameter-based access control. You can use custom expressions to limit the values of system parameters and the parameters in HTTP requests and responses.
Provides multiple security mechanisms for protection against request replay and request tampering. API Gateway works with Web Application Firewall (WAF) and Anti-DDoS Pro to build a full-link API security protection system.
Supports multiple types of backend services and can interconnect with existing business systems. API Gateway is suitable for backend services such as HTTP and HTTPS services, mock services, resources in Virtual Private Clouds (VPCs), and Function Compute.
Seamlessly interconnects with the database management and big data services of Alibaba Cloud, such as DataWorks, Dataphin, and Data Management (DMS). This way, you can use API Gateway to process huge amounts of data from various sources.
Supports access over VPCs.
Supports centralized management of the APIs for cloud and on-premises resources.
Publishing and routing
Provides the API publishing feature and supports quick online version switching.
Allows you to manage APIs in different environments and meets the requirements of parallel API calling in routine R&D, staging tests, and production.
Supports canary release.
Allows you to create routing rules based on the parameters specified in HTTP requests to improve system flexibility.
Caches API response data to improve access efficiency and mitigate the pressure on backend services.
Provides default breakers and custom degradation policies to prevent avalanche effects in extreme cases.
Supports refined throttling. In addition to controlling API access frequency and app request frequency, you can check the logic of parameters in HTTP requests and parameters in system contexts to perform parameter-based throttling.
Monitoring and alerting
Delivers API calling logs to Log Service for query and analysis based on all logs.
Provides dashboards to monitor metrics and understand the API calling status. The metrics include the number of calls, response time, and error rate.
Supports the configuration of different alerting conditions. If an exception occurs during an API call, the system sends notifications to the administrator immediately by using text messages or other means.
Debugging and calling
Provides GUI-based debugging tools.
Tracks the API calling process to quickly identify and troubleshoot faults.
Automatically generates SDKs in multiple programming languages and generates related API documentation to facilitate API calling.
Provides all APIs that are managed by using API Gateway.
Supports the import and export of Swagger 2.0 files, and interconnects with your O&M system and CI/CD system for API management and control.
Supports Terraform orchestration.
Allows you to publish your APIs to Alibaba Cloud API Marketplace and offers multiple billing methods. This feature is available only in the China site (aliyun.com)