Plug-ins are only available for API operations on shared and dedicated instances in virtual private clouds (VPCs). You cannot use plug-ins for API operations on shared instances on the classic network.
The latest version of API Gateway that was released in 2019 provides plug-ins to support existing features such as throttling, IP address-based access control, backend signature, and JSON Web Token (JWT) authorization. Plug-ins of the JWT Authorization type function the same as the OpenId Connect feature. In addition, plug-ins also support the following new features: cross-origin resource sharing (CORS), caching, routing, parametric access control, error mapping, and circuit breakers. API Gateway will provide more plug-ins in the future.
1. Usage notes
Only one plug-in of each type can be bound to an API operation.
You can bind a plug-in only to an API operation that is in the same region as the plug-in. Each user can create a maximum of 1,000 plug-ins in each region.
Plug-in configurations and configurations of API operations are managed separately. Configurations of a plug-in take effect only after you bind the plug-in to a published API operation.
Before you bind a plug-in to an API operation, you must publish the API operation.
A plug-in can be bound, unbound, and updated with immediate effect. You do not need to re-publish the relevant API operation. For an API operation that requires high security, we recommend that you publish the API operation to the test environment and test plug-ins on the API operation first.
After an API operation is unpublished, the plug-in that is bound to the API operation is still bound. When the API operation is re-published, the plug-in still takes effect.
If a plug-in is bound to a published API operation or an API operation that is unpublished but not deleted, you cannot delete the plug-in.
2. Plug-ins supported by API Gateway
API Gateway supports the following types of plug-ins. You can click each plug-in type to view information about the plug-in type.
3. Quick start
Log on to the API Gateway console. In the left-side navigation pane, choose Publish APIs > Plugin.

On the Plugin list page, click Create Plugin. On the Create Plugin page, set the parameters as required and click Create.

After you create the plug-in, the plug-in appears on the Plugin list page. Find the plug-in and click Bind API in the Operation column.

The plug-in takes effect immediately after you bind it to an API operation.
4. API reference
You can use the following API operations to manage plug-ins in API Gateway:
Create a plug-in: Create an Plugin
Modify a plug-in: Modify an Plugin
Delete a plug-in: Delete the Plugin
Query plug-ins: Describe an Plugin
Bind a plug-in to an API operation: Attach Plugin
Unbind a plug-in from an API operation: Detach Plugin
Query the API operations that are bound to a plug-in: API for binding under query Plug-ins
Query the plug-ins that are bound to an API operation: Describe Plugins by API
5. Limits
For each plug-in, you can configure a maximum of 16,380 bytes of metadata.
Each user can create a maximum of 1,000 plug-ins in each region.