Before you use API Gateway, you must familiarize yourself with the terms related to this service.

Term Description
Application Applications are identities that you use to call API operations. Before you call an API operation, you must create an application.
AppKey and AppSecret Each application has a key pair that consists of an AppKey and an AppSecret. When you call an API operation in an application, the AppKey is specified as a request parameter and the AppSecret is used to calculate a signature string that is attached to the request.
Encrypted signature An encrypted signature is a signature string that is included in an API request and used by API Gateway for identity authentication.
Authorization Authorization means granting an application the permission to call an API operation. Only API owners can perform authorization. To call API operations, applications must be authorized.
API lifecycle Throughout the lifecycle of an API operation, the API operation is created, debugged, published, and then unpublished by the API owner. The version of an API operation may also be updated during its lifecycle.
API definition The definition of an API operation is a set of configurations that are completed by the API owner, including the backend service, request information, parameter mapping rules, and response information.
Parameter mapping To ensure that each API request can be converted to the specified format that can be received by the backend service of an API operation, API Gateway allows the API owner to configure parameter mapping rules.
Parameter verification Parameter verification means checking whether parameters in an API request are valid based on a set of rules that are defined by the owner of the API operation. Invalid requests are filtered out by API Gateway.
Constant parameter A constant parameter is a parameter that is not specified in an API request but is still received together with the request by the backend service of the API operation.
System parameter A system parameter is a parameter that you want API Gateway to attach to each API request before API Gateway routes the request to the backend service. For example, CaClientIp is a system parameter that specifies the IP address of a client.
API group In API Gateway, API operations are managed in API groups. Before you create an API operation, you must create an API group.
Default second-level domain name A default second-level domain name is a domain name that API Gateway automatically binds to an API group after the API group is created. Default second-level domain names are used for testing API calls.
Independent domain name An independent domain name is a domain name that you bind to an API group. Before you publish an API operation, you must bind an independent domain name to the API group to which the API operation belongs. API callers must use the independent domain name to call API operations in this API group.
Signature key Signature keys are used for security purposes. After you create an API operation, you can create a signature key and bind it to the API operation. API Gateway will attach the signature to each API request before API Gateway routes the request to the backend of the API operation.
Throttling policy API Gateway allows API owners to configure throttling policies to set usage limits. You can specify a number of requests for each API operation, or a number of API requests from each user or application, that are allowed per day, per hour, or per minute.