Enable HTTPS
HTTPS adds a layer of security to the standard HTTP protocol by using Secure Sockets Layer (SSL) to encrypt data. This ensures data security in transit.
API Gateway lets you secure API requests with HTTPS. You can configure each API to support only HTTP, only HTTPS, or both. To enable HTTPS for your API, follow these steps.
Step 1: Prerequisites
Before you begin, make sure you have the following:
An independent domain name that you own and control.
An SSL certificate for the domain name.
An SSL certificate and its private key. Both must be in PEM format. Note: API Gateway uses Tengine, an Nginx-based service. Therefore, it requires Nginx-compatible certificates in PEM format.
An SSL certificate and its private key are typically provided in two files, such as XXXXX.pem and XXXXX.key. You can open both with a text editor.
KEY:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA8GjIleJ7rlo86mtbwcDnUfqzTQAm4b3zZEo1aKsfAuwcvCud
....
-----END RSA PRIVATE KEY-----PEM:
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIQRgWF1j00cozRl1pZ+ultKTANBgkqhkiG9w0BAQsFADBP
...
-----END CERTIFICATE----- Step 2: Bind SSL certificate
Log on to the API Gateway console. In the left navigation pane, choose . Click the name of the API group to which you want to bind the SSL certificate. Before you can bind an SSL certificate, you must first bind an independent domain name to the API group.
In the row that contains the domain name, click Select Certificate in the SSL Certificate column.
Add an SSL certificate for the Independent Domain Name.
The certificate name can contain Chinese characters, letters, digits, underscores (_), and hyphens (-). It must start with a letter or a Chinese character and be 4 to 50 characters in length. The certificate content and private key must be PEM-encoded and cannot exceed 20 KB. Click the Upload button to import files. For HTTPS mutual authentication, click the Click to add CA certificate link to add a CA certificate.
Certificate Name: A custom name to help you identify the certificate.
Certificate Content: The full content of the XXXXX.pem certificate file.
Private Key: The content of the XXXXX.key private key file. Click OK to bind the certificate.
Step 3: Adjust API configuration
After you bind the SSL certificate, you can control the access protocol for each API. The supported protocols are HTTP, HTTPS, or both. For security reasons, we recommend that you configure all APIs to use HTTPS.
In the API Gateway console, navigate to and find the target API.
Click the name of the target API, and then click Edit in the upper-right corner.
On the Basic Information step, click Next to proceed to the Define API Request step. In the Protocol section, select the desired protocols.
Select both HTTP and HTTPS.
Valid values for Protocol are:
HTTP: Allows API access only over HTTP and denies access over HTTPS.
HTTPS: Allows API access only over HTTPS and denies access over HTTP.
HTTP and HTTPS: Allows API access over both protocols. This enables HTTPS access for your API.