This topic describes the release notes for API Gateway and provides links to the relevant references.
For the latest news about Alibaba Cloud services, visit the Product Updates page.
2022-08
Feature | Description | Region | References |
Third-party authentication plug-in | Third-party authentication plug-ins are supported. API Gateway calls the user's authentication service before calling the backend service. After receiving a success response from the authentication service, API Gateway calls the backend service. Authentication results can be cached, authentication request parameters can be mapped, and authentication responses can be customized in third-party authentication. | All regions | |
Mixed HTTP/HTTP-VPC backends | Custom mixed HTTP/HTTP-VPC backends are supported. You can configure different backend types for different environments. | All regions | |
Custom domain names in VPC authorizations | Custom values of the Host parameter are supported for VPC backend services for use in different environments. Custom values of the Host parameter are also supported in VPC authorizations. | All regions | Create an API operation with a resource in a VPC as the backend service |
2022-07
Feature | Description | Region | References |
Automatic HTTP-to-HTTPS redirection | Automatic redirection of HTTP requests to HTTPS requests is supported. You can configure this feature in your domain name configurations. | All regions | |
Access from domain names of Application Load Balancers (ALBs) in VPC authorizations | Auto-scaling domain names of ALBs can be configured as URLs of backend services in VPC authorization configuration. API Gateway automatically adapts when an ALB scales. | All regions | Create an API operation with a resource in a VPC as the backend service |
Optimized naming rules for API groups and APIs | Underscores (_), hyphen (-), spaces, and periods (.) can be used in the names of API groups and APIs. | All regions |
2022-06
Feature | Description | Region | References |
Configuration of inbound VPCs for dedicated instances | The source vSwitch can be specified for inbound requests when you bind an inbound VPC to a dedicated instance. | All regions | |
Configuration of access keys (AKs) and AppCodes for apps | Custom AKs and AppCodes are supported when you create apps. You can also change the AKs and AppCodes for apps that are already in production. The change takes effect immediately | All regions |
2022-05
Feature | Description | Region | References |
HTTPS two-way authentication | The verification depth of intermediate certificates can be configured for HTTPS two-way authentication. APG Gateway verifies the certificates in requests based on the verification depth configured. | All regions | |
Four blacklist and whitelist levels for dedicated instances | Blacklists and whitelists can be configured at four levels for dedicated instances. This feature helps you block undesired requests. | All regions | |
Extension of validity periods for app authorizations | The validity periods of app authorizations can be extended. | All regions |
2022-04
Feature | Description | Region | References |
VPC access authorization | The Host parameter can be configured when you configure VPC access authorizations. The Host parameter is added to the requests that are forwarded by API Gateway to backend services deployed in the VPC. | All regions | Create an API operation with a resource in a VPC as the backend service |
Plug-ins of the Routing type | Plug-ins of the Routing type allow you to set the weight of routing options. Requests are distributed to the routing options that meet the criteria according to the configured weight ratio. | All regions |
2022-03
Feature | Description | Region | References |
Configuration of EventBridge as a backend service | EventBridge can be integrated with API Gateway as a backend service. After you integrate EventBridge as a backend service, you can read the event buses configured in EventBridge. | All regions |
2022-02
Feature | Description | Region | References |
API group synchronization | Model data can also be synchronized when metadata is synchronized between API groups. | All regions |
2022-01
Feature | Description | Region | References |
JWT authentication plug-in | The token can be read from the Cookie header in a request by using the JWT authentication plug-in. | All regions | |
Backend service | A backend service can be referenced by multiple APIs. If you modify the definition of this backend service, the change is pushed to all APIs that reference the service. | All regions |
2021-12
Feature | Description | Region | References |
Integration with Log Service | The requested plug-ins and the request context can be recorded in API call logs. | All regions | |
Plug-ins of the IP Access Control type | Plug-ins of the IP Access Control type can be used to allow or reject the originating IP addresses or the direct IP addresses. | All regions | |
Console optimization | VPC authorizations can be filtered by specifying the IP address, VPC ID, or port number. Plug-ins can be searched for by name in fuzzy search mode. | All regions |
2021-11
Feature | Description | Region | References |
Cross-zone resources for upgrading the specifications of a dedicated instance | If you want to upgrade the specifications of a dedicated instance but the resources are insufficient in the zone where the instance resides, resources in other zones can be applied for the upgrade. | All regions | |
Support for multiple HTTPS security policies for internal domain names of a dedicated instance | Multiple HTTPS security policies are supported by the internal domain names that are bound to the API groups in a dedicated instance. The HTTPS security policy used by an internal domain name can be the same as that used by the dedicated instance. | All regions |
2021-10
Feature | Description | Region | References |
Removal of the Server header from responses that is generated by API Gateway. This feature is available only for dedicated instances. | For dedicated instances, the Server header generated by API Gateway in the response can be hidden. | All regions | |
Debugging by using an AppCode | An AppCode can be used for debugging on the Debug API page of the API Gateway console. | All regions |
2021-09
Feature | Description | Region | References |
Native support for using Object Storage Service (OSS) as the backend service | OSS can be configured as the backend service. If you activate API Gateway and OSS in the same region, APIs can access OSS over the internal network. | All regions | |
Modifying VPC authorization settings and publishing multiple related APIs at a time | The APIs that are referenced can be published at a time when you modify or delete VPC authorization settings? | All regions |
2021-08
Feature | Description | Region | References |
Specifications change for dedicated instances | The specifications of a dedicated instance can be losslessly upgraded or downgraded. | All regions | |
Instance monitoring | The monitoring data of each dedicated instance can be viewed in the API Gateway console. | All regions | |
Basic authentication | Basic authentication | All regions |
2021-07
Feature | Description | Region | References |
Custom internal domain names | Custom internal domain names can be bound to API groups. After you bind a custom internal domain name to an API group, the APIs in the group can be called only over the internal network. | All regions | |
Fuzzy search on the Authorizations page | On the Authorizations page, VPC authorizations can be searched for by authorization name in fuzzy search mode. | All regions | |
The unit of milliseconds supported by plug-ins of the Circuit Breaker type | The unit of milliseconds can be used in conditional expressions that you configure for plug-ins of the Circuit Breaker type. | All regions |
2021-06
Feature | Description | Region | References |
BasePath parameter | The BasePath parameter can be set for API groups. The BasePath value must be used together with the Path value of an API in the API group for all requests. | All regions | |
Support for the Array type in Swagger files | The Array type is supported in Swagger files. | All regions | |
End-to-end log tracing | B3 Propagation and EagleEye are supported to implement end-to-end log tracing. By default, B3 Propagation headers and EagleEye-related headers are passed through. | All regions |
2021-05
Feature | Description | Region | References |
API filtering based on the request path and method | On the APIs page, APIs can be filtered based on the request path and method. | All regions | |
Adding tags for multiple APIs at a time | On the APIs page, tags can be added to multiple APIs at a time. | All regions |
2021-04
Feature | Description | Region | References |
API Gateway logs | The content of the decrypted JSON Web Tokens (JWTs) can be included in logs that are delivered to Log Service. This feature can be used only for dedicated instances. | All regions | |
Multiple shared instances | Multiple shared instances are supported. | All regions | |
Synchronizing API metadata for a group and changing the backend service in a VPC for multiple APIs | The metadata of APIs in an API group can be synchronized, and the backend service type can be changed for multiple APIs at a time. | All regions |
2021-03
Feature | Description | Region | References |
Binding a VPC of another Alibaba Cloud account | A VPC of another Alibaba Cloud account can be bound to an instance. | All regions |
2021-02
Feature | Description | Region | References |
API metadata synchronization for API groups and metadata comparison | The metadata of APIs in an API group can be synchronized to another API group within the same Alibaba Cloud account. Before synchronization, the metadata of APIs in the source API group can be compared with that of existing APIs in the destination API group. | All regions | |
Wildcard domain names for plug-ins of the CORS type | Wildcard domain names are supported by plug-ins of the CORS type. | All regions |
2021-01
Feature | Description | Region | References |
API filtering for Swagger file import | API filtering is supported. If you import Swagger files that define multiple APIs, you can select specific APIs to create them. | All regions | |
Binding one domain name to multiple instances | One domain name can be bound to multiple instances. | All regions |
2020-12
Feature | Description | Region | References |
Protection against HTTP flood attacks | Throttling plug-ins can be used to block requests from different aspects, such as IP address and parameter from clients. This helps protect against HTTP flood attacks. | All regions | |
90 seconds as the timeout period of the backend service for dedicated instances | For dedicated instances, the timeout period of the backend service can be set to 90 seconds. | All regions |
2020-11
Feature | Description | Region | References |
End-to-end log tracing | API Gateway is integrated with Tracing Analysis. You are allowed to specify the sampling mode and sampling rate in the API Gateway console. | All regions |
2020-10
Feature | Description | Region | References |
Parameter configuration for plug-ins of the CORS type | Plug-ins of the CORS type can be configured by using parameters. | All regions | |
IPv6 | API calls from IPv6 addresses are supported by the backend service of dedicated instances. | All regions |
2020-09
Feature | Description | Region | References |
Increased limit for the size of an HTTP request body | For dedicated instances, the allowed maximum size of an HTTP request body is increased to 32 MB. For shared instances, the maximum size can be only 8 MB. | All regions | |
Reading parameters from multiple parts of a form | Parameters from multiple parts of a form can be read. | All regions | |
Monitoring data in the API Gateway console | The monitoring data about API calls can be collected by region and API group. | All regions |
2020-08
Feature | Description | Region | References |
Support for published APIs at the backend service | APIs that are published in the API Gateway console can be configured at the backend service. APIs that are created within the same account or within different accounts can be called. | All regions | |
API version comparison | Differences between the current version and an earlier version of an API can be checked. | All regions | |
Support for Function Compute as a backend service | API Gateway, which is developed based on cloud-native technologies, can communicate with Function Compute that provides an HTTP trigger over a VPC in simple configuration mode. | All regions | Use Function Compute as the backend service of an API operation |
IP address whitelist and blacklist obtained based on the values of the X-Forwarded-For header | An IP address blacklist or whitelist can be configured based on the values of the X-Forwarded-For header. This feature applies to scenarios in which API Gateway connects to middleware such as Web Application Firewall (WAF). | All regions | |
Support for caching of filter conditions on the APIs page | Filter conditions on the APIs page can be retained to facilitate API management. | All regions |
2020-07
Feature | Description | Region | References |
Cross-origin header | The cross-origin header origin:app://. is supported. | All regions | |
Resource tags added to the console | Tags for all resources on API Gateway can be edited. Resources can be queried by tag, and permissions on resources can be granted by tag. | All regions | |
DNS records of the TXT type used to verify the ownership of domain names | When domain names are bound to API groups, a Domain Name System (DNS) record of the TXT type can be added to verify the ownership of the domain names. | All regions | |
Optimized Swagger file import | Global variables can be configured. Global variables can be used to import native Swagger specifications to API Gateway for creating APIs. | All regions |
2020-06
Feature | Description | Region | References |
Connection quota added for shared instances | For a shared instance, each user can use a maximum of 500 connections. | All regions | |
Default certificates supported for dedicated instances | Default certificates are supported for dedicated instances to improve the user experience on the client that does not support the server name indication (SNI) of an earlier version. | All regions | |
Overview page added to the console | The Overview page is added to show how to use the API Gateway console, plan API groups, and view API usage. | All regions |
2020-05
Feature | Description | Region | References |
Dedicated instances supported by Alibaba Finance Cloud | Dedicated instances are supported by Alibaba Finance Cloud. | China East 1 Finance, China East 2 Finance, and China South 1 Finance | |
Optimized API Gateway SDK for Java | API Gateway SDK for Java is optimized. Parameters of the Array type are supported. Content-MD5 and X-Ca-Nonce headers can be configured not to be transmitted. | All regions | |
Access to the ID and IP address of VPCs | The ID and IP address of a VPC can be obtained when users access API Gateway over the VPC. | All regions | |
Plug-in binding on the API details page | Plug-ins can be bound and managed on the API details page. | All regions | |
Publishing or unpublishing multiple APIs at the same time | Multiple APIs can be published or unpublished at the same time in the API Gateway console. | All regions |
2020-04
Feature | Description | Region | References |
Shared instances supported by Alibaba Finance Cloud | Shared instances are supported by Alibaba Finance Cloud. | China East 1 Finance, China East 2 Finance, and China South 1 Finance | |
Troubleshooting | The troubleshooting feature is provided for you to query logs and troubleshoot errors by request ID. | All regions | |
Log configuration for users of dedicated instances | Users who use dedicated instances are allowed to record business information in logs. | All regions | |
Pass Host Header parameter | The HOST headers of all APIs in an API group can be passed through to the backend service after you select Pass Host Header. | All regions | |
Trace logs added on the Debug API page | End-to-end logs for debugging can be queried by request ID. | All regions | |
Querying authorized APIs by API name | Authorized APIs can be queried by API name. | All regions | |
Support for deployment of dedicated instances in all regions outside the Chinese mainland | Dedicated instances can be deployed in all regions outside the Chinese mainland. | All regions |