API Gateway:Overview

1. Usage notes

• For each type of plug-in, only one plug-in of such type can be bound to an API.

• You can bind a plug-in only to an API that resides in the same region as the plug-in. Each user can create up to 1,000 plug-ins in each region.

• Plug-in policies and APIs are separately managed. A plug-in policy takes effect only after you call the AttachPlugin operation to bind the plug-in to an API in a specified environment.

• Before you bind a plug-in to an API, you must publish the API.

• The binding, unbinding, and update of a plug-in take effect immediately. You do not need to re-publish an API. We recommend that you first test these APIs that may pose high security risks.

• If you unpublish an API, the bound plug-in is unbound. If you require the plug-in when you republish the API, you must bind the plug-in again.

• If a plug-in is bound to a published API operation or an API operation that is unpublished but not deleted, you cannot delete the plug-in.

2. Plug-ins supported by API Gateway

API Gateway supports the following plug-ins. A plug-in higher up in the list is executed before a plug-in lower down if multiple plug-ins are configured for an AP.

• CORS plug-ins

• Basic authentication plug-ins

• JWT authentication plug-ins

• Third-party authentication plug-ins

• IP address-based access control plug-in

• Throttling plug-in

• Parameter-based access control plug-ins

• Caching plug-ins

• Backend routing plug-ins

• Circuit breaker plug-ins (for dedicated instances only)

• Backend signature plug-ins

• Transformer plug-ins (for dedicated instances only)

• Plug-ins of the Error Mapping type

• Log masking plug-ins (for dedicated instances only)

3. Quick start

• Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > Plug-ins.

• Click the Create Plug-in button to create a plug-in.

• After you create a plug-in, the plug-in appears on the Plug-in List page. Find the plug-in and click Bind API in the Actions column.

• The plug-in takes effect immediately after you bind it to an API.

4. Developer reference

You can call the following API operations to manage plug-ins in API Gateway:

• CreatePlugin: creates a plug-in.

• ModifyPlugin: modifies a plug-in.

• DeletePlugin: deletes a plug-in.

• DescribePlugins: queries a plug-in.

• AttachPlugin: binds a plug-in to an API.

• DetachPlugin: unbinds a plug-in from an API.

• DescribePluginApis: queries the APIs to which a plug-in is bound.

• DescirbePluginsByApi: queries the plug-ins that are bound to an API.

5. Limits

• The metadata of a plug-in cannot exceed 50 KB in size.

• Each user can create a maximum of 1,000 plug-ins in each region.

• The API debugging feature in the API Gateway console does not support plug-ins of the JWT authentication type. We recommend that you use Postman or run the curl command in the command-line interface (CLI) to debug the APIs to which JWT authentication plug-ins are bound.