API Gateway:Overview

Usage notes

• Only one plug-in of each type can be bound to an API.

• You can bind plug-ins only to an API that resides in the same region. Each user can create up to 1,000 plug-ins in each region.

• Plug-in policies and APIs are separately managed. A plug-in policy takes effect only after you bind the plug-in to an API in a specified environment.

• Before you bind a plug-in to an API, you must publish the API.

• The binding, unbinding, and update of a plug-in take effect immediately. You do not need to re-publish an API. First test the APIs that may pose high security risks.

• Unpublishing an API does not remove the binding relationship with the plug-in. The plug-in is automatically bound when you republish the API.

• If a plug-in is bound to a published API operation or an API operation that is unpublished but not deleted, you cannot delete the plug-in.

Supported plug-ins

API Gateway supports the following plug-ins. A plug-in higher up in the list is executed before a plug-in lower down if multiple plug-ins are configured for an AP.

• CORS plug-ins

• Basic authentication plug-ins

• JWT authentication plug-ins

• Third-party authentication plug-ins

• IP address-based access control plug-in

• Traffic shaping

• Parameter-based access control plug-ins

• Caching plug-ins

• Backend routing

• Circuit breaker

• Backend signature plug-ins

• Transformer plug-ins (for request transformation)

• Plug-ins of the Error Mapping type

• Transformer plug-ins (for response transformation)

• Log masking plug-ins (for dedicated instances only)

Quick start

1. Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > Plug-ins.

2. Click Create Plug-in.

3. Attach a plug-in to a published API.The plug-in takes effect immediately after you bind it to an API.

Developer reference

You can call the following API operations to manage plug-ins in API Gateway:

• CreatePlugin: creates a plug-in.

• ModifyPlugin: modifies a plug-in.

• DeletePlugin: deletes a plug-in.

• DescribePlugins: queries a plug-in.

• AttachPlugin: binds a plug-in to an API.

• DetachPlugin: unbinds a plug-in from an API.

• DescribePluginApis: queries the APIs to which a plug-in is bound.

• DescirbePluginsByApi: queries the plug-ins that are bound to an API.

Limitations

• The metadata of a plug-in cannot exceed 50 KB in size.

• Each user can create a maximum of 1,000 plug-ins in each region.

• The API debugging feature in the API Gateway console does not support plug-ins of the JWT authentication type. We recommend that you use Postman or run the curl command in the command-line interface (CLI) to debug the APIs to which JWT authentication plug-ins are bound.