All Products
Document Center

API Gateway:Overview

Last Updated:Sep 26, 2021

Plug-ins are only available for API operations on shared and dedicated instances in virtual private clouds (VPCs). You cannot use plug-ins for API operations on shared instances on the classic network.


The latest version of API Gateway that was released in 2019 provides plug-ins to support existing features such as throttling, IP address-based access control, backend signature, and JSON Web Token (JWT) authorization. Plug-ins of the JWT Authorization type function the same as the OpenId Connect feature. In addition, plug-ins also support the following new features: cross-origin resource sharing (CORS), caching, routing, parametric access control, error mapping, and circuit breakers. API Gateway will provide more plug-ins in the future.

1. Usage notes

  • Only one plug-in of each type can be bound to an API operation.

  • You can bind a plug-in only to an API operation that is in the same region as the plug-in. Each user can create a maximum of 1,000 plug-ins in each region.

  • Plug-in configurations and configurations of API operations are managed separately. Configurations of a plug-in take effect only after you bind the plug-in to a published API operation.

  • Before you bind a plug-in to an API operation, you must publish the API operation.

  • A plug-in can be bound, unbound, and updated with immediate effect. You do not need to re-publish the relevant API operation. For an API operation that requires high security, we recommend that you publish the API operation to the test environment and test plug-ins on the API operation first.

  • After an API operation is unpublished, the plug-in that is bound to the API operation is still bound. When the API operation is re-published, the plug-in still takes effect.

  • If a plug-in is bound to a published API operation or an API operation that is unpublished but not deleted, you cannot delete the plug-in.

2. Plug-ins supported by API Gateway

API Gateway supports the following types of plug-ins. You can click each plug-in type to view information about the plug-in type.

3. Quick start

  • Log on to the API Gateway console. In the left-side navigation pane, choose Publish APIs > Plugin.

  • On the Plugin list page, click Create Plugin. On the Create Plugin page, set the parameters as required and click Create.

  • After you create the plug-in, the plug-in appears on the Plugin list page. Find the plug-in and click Bind API in the Operation column.

  • The plug-in takes effect immediately after you bind it to an API operation.

4. API reference

You can use the following API operations to manage plug-ins in API Gateway:

5. Limits

  • For each plug-in, you can configure a maximum of 16,380 bytes of metadata.

  • Each user can create a maximum of 1,000 plug-ins in each region.