Release notes

JWT authentication plug-in

The token can be read from the Cookie header in a request by using the JWT authentication plug-in.

All regions

JWT authentication

Backend service

A backend service can be referenced by multiple APIs. If you modify the definition of this backend service, the changes are made to all APIs that reference it.

All regions

Use a backend service to create and manage APIs

Integration with Log Service

The requested plug-ins and the request context can be recorded in API call logs.

All regions

Use Log Service to manage logs of API calls

Plug-ins of the IP Access Control type

Plug-ins of the IP Access Control type can be used to allow or reject the originating IP addresses or the direct IP addresses.

All regions

Plug-ins of the IP Access Control type

Console optimization

Virtual private cloud (VPC) authorizations can be filtered by specifying the IP address, VPC ID, or port number. Plug-ins can be searched for by name in fuzzy search mode.

All regions

Across-zone resources for upgrading the specifications of a dedicated instance

If you want to upgrade the specifications of a dedicated instance but the resources are insufficient in the zone where the instance resides, resources in other zones can be applied for the upgrade.

All regions

Multiple HTTPS security policies supported internal domain names

Multiple HTTPS security policies are supported by the internal domain names that are bound to the API groups in a dedicated instance. The HTTPS security policy used by an internal domain name can be the same as that used by the dedicated instance.

All regions

Removal of the Server header from responses (only dedicated instances)

For dedicated instances, the Server header generated by API Gateway can be removed from responses.

All regions

Debugging by using an AppCode

An AppCode can be used for debugging on the Debug API page of the API Gateway console.

All regions

Native support for using Object Storage Service (OSS) as the backend service

OSS can be configured as the backend service. If you activate API Gateway and OSS in the same region, APIs can access OSS over the internal network.

All regions

Modifying VPC authorizations and publishing multiple related APIs at a time

VPC authorizations can be modified and deleted. The APIs associated with a modified VPC authorization can be published at a time.

All regions

Specifications change for dedicated instances

The specifications of a dedicated instance can be losslessly upgraded or downgraded.

All regions

Change instance specifications

Instance monitoring

The monitoring data of each dedicated instance can be viewed in the API Gateway console.

All regions

Use API Gateway for monitoring

Basic authentication

Basic authentication

All regions

Custom internal domain names

Custom internal domain names can be bound to API groups. After you bind a custom internal domain name to an API group, the APIs in the group can be called only over the internal network.

All regions

Bind a domain name to an API group

Fuzzy search on the Authorizations page

On the Authorizations page, VPC authorizations can be searched for by authorization name in fuzzy search mode.

All regions

Hiding of the Server header

For dedicated instances, the Server header in responses can be hidden.

All regions

The unit of milliseconds supported by plug-ins of the Circuit Breaker type

The unit of milliseconds can be used in conditional expressions that you configure for plug-ins of the Circuit Breaker type.

All regions

BasePath parameter

The BasePath parameter can be set for API groups. If you specify a base path for an API group, the requests to each API in this group must add the base path before the request path of the API.

All regions

Support for the Array type in Swagger files

Support for the Array type in Swagger files

All regions

End-to-end log tracing

B3 Propagation and EagleEye are supported to implement end-to-end log tracing. By default, B3 Propagation headers and EagleEye-related headers are passed through.

All regions

API filtering based on the request path and method

On the APIs page, APIs can be filtered based on the request path and method.

All regions

Adding tags for multiple APIs at a time

On the APIs page, tags can be added to multiple APIs at a time.

All regions

API Gateway logs

The content of the decrypted JSON Web Tokens (JWTs) can be included in logs that are delivered to Log Service. This feature can be used only for dedicated instances.

All regions

Multiple shared instances

Multiple shared instances are supported.

All regions

Synchronizing API metadata for a group and changing the backend service in a VPC for multiple APIs

The metadata of APIs in an API group can be synchronized, and multiple APIs can be configured to use a backend service in a VPC at a time.

All regions

Binding a VPC of another Alibaba Cloud account

A VPC of another Alibaba Cloud account can be bound to an instance.

All regions

API metadata synchronization for API groups and metadata comparison

The metadata of APIs in an API group can be synchronized to another API group within the same Alibaba Cloud account. Before synchronization, the metadata of APIs in the source API group can be compared with that of existing APIs in the destination API group.

All regions

Wildcard domain names for plug-ins of the CORS type

Wildcard domain names for plug-ins of the CORS type

All regions

API filtering for Swagger file import

API filtering is supported. If you import Swagger files that define multiple APIs, you can select specific APIs to create them.

All regions

Binding the same domain name to different instances

The same domain name can be bound to different instances.

All regions

Protection against HTTP flood attacks

Throttling plug-ins be used to block requests from different aspects, such as IP address and parameter from clients. This helps protect against HTTP flood attacks.

All regions

Throttling

90 seconds as the timeout period of the backend service for dedicated instances

For dedicated instances, the timeout period of the backend service can be 90 seconds.

All regions

End-to-end log tracing

API Gateway is integrated with Tracing Analysis. You are allowed to specify the sampling mode and sampling rate in the API Gateway console.

All regions

Configure tracing analysis

Parameter configuration for plug-ins of the CORS type

Plug-ins of the CORS type can be configured by using parameters.

All regions

IPV6

API calls from IPv6 addresses are supported by the backend service of dedicated instances.

All regions

Increased limit for the size of an HTTP request body

For dedicated instances, the allowed maximum size of an HTTP request body is increased to 32 MB. For shared instances, the maximum size can be only 8 MB.

All regions

Reading parameters from multiple parts of a form

Parameters from multiple parts of a form can be read.

All regions

Monitoring data in the API Gateway console

The monitoring data about API calls can be collected by region and API group.

All regions

Use API Gateway for monitoring

Published APIs supported at the backend service

APIs that are published in the API Gateway console can be configured at the backend service. APIs that are created within the same account or within different accounts can be called.

All regions

Call by API Gateway

API version comparison

Differences between the current version and an earlier version of an API can be checked.

All regions

Version management

Support for Function Compute as a backend service

API Gateway, which is developed based on cloud-native technologies, can communicate with Function Compute that provides an HTTP trigger over a VPC in simple configuration mode.

All regions

Use Function Compute as the backend service of an API operation

IP address whitelist and blacklist obtained based on the values of the X-Forwarded-For header

All regions

Plug-ins of the IP Access Control type

Support for caching of filter conditions on the APIs page

Filter conditions on the APIs page can be retained to facilitate API management.

All regions

Cross-origin header

The cross-origin header origin:app://. is supported.

All regions

Implement CORS in API Gateway

Resource tags added to the console

Tags for all resources on API Gateway can be edited. Resources can be queried by tag, and permissions on resources can be granted by tag.

All regions

Use RAM to manage user permissions for API Gateway

DNS records of the TXT type used to verify the ownership of domain names

When domain names are bound to API groups, a Domain Name System (DNS) record of the TXT type can be added to verify the ownership of the domain names.

All regions

Bind a domain name to an API group

Optimized Swagger file import

Global variables can be configured. Global variables can be used to import native Swagger specifications to API Gateway for creating APIs.

All regions

Integrate API Gateway with a CI/CD process based on Swagger

Connection quota added for shared instances

For a shared instance, each user can use a maximum of 500 connections.

All regions

Limits

Default certificates supported for dedicated instances

Default certificates are supported for dedicated instances to improve the user experience on the client that does not support the server name indication (SNI) of an earlier version.

All regions

Bind a domain name to an API group

Overview page added to the console

The Overview page is added to show how to use the API Gateway console, plan API groups, and view API usage.

All regions

Dedicated instances supported by Alibaba Finance Cloud

Dedicated instances are supported by Alibaba Finance Cloud.

China East 1 Finance, China East 2 Finance, and China South 1 Finance

Optimized API Gateway SDK for Java

API Gateway SDK for Java is optimized. Parameters of the Array type are supported. Content-MD5 and X-Ca-Nonce headers can be configured not to be transmitted.

All regions

Access to the ID and IP address of VPCs

The ID and IP address of a VPC can be obtained when users access API Gateway over the VPC.

All regions

Plug-in binding on the API details page

Plug-ins can be bound and managed on the API details page.

All regions

Publishing or unpublishing multiple APIs at a time

Multiple APIs can be published or unpublished at a time in the API Gateway console.

All regions

Shared instances supported by Alibaba Finance Cloud

Shared instances are supported by Alibaba Finance Cloud.

China East 1 Finance, China East 2 Finance, and China South 1 Finance

Troubleshooting

The troubleshooting feature is provided for you to query logs and troubleshoot errors by request ID.

All regions

Troubleshooting

Log configuration for users of dedicated instances

Users who use dedicated instances are allowed to record business information in logs.

All regions

Use Log Service to manage logs of API calls

Pass Host Header parameter

The HOST headers of all APIs in an API group can be passed through to the backend service after you select Pass Host Header.

All regions

Trace logs added on the Debug API page

End-to-end logs for debugging can be queried by request ID.

All regions

Querying authorized APIs by API name

Authorized APIs can be queried by API name.

All regions

Support for deployment of dedicated instances in all regions outside the Chinese mainland

Dedicated instances can be deployed in all regions outside the Chinese mainland.

All regions