All Products
Search
Document Center

Cloud Config:Configure API security authentication in API Gateway

Last Updated:Jun 16, 2026

Checks whether API security authentication in API Gateway is set to Alibaba Cloud APP or uses a specified plugin type.

Scenarios

Configure an appropriate API security authentication method in API Gateway to reduce business security risks.

Risk level

Default risk level: Medium.

When you use this rule, you can change the risk level as required.

Detection logic

  • An API is considered compliant if its security authentication in API Gateway is set to Alibaba Cloud APP or uses a specified plugin type.

  • An API is considered non-compliant if its security authentication in API Gateway is not set to Alibaba Cloud APP and does not use a specified plugin type.

Rule details

Parameter

Description

Rule name

Configure API security authentication in API Gateway

Rule identifier

api-gateway-api-auth-required

Tags

API, ApiGateway

Automatic remediation

Not supported

Rule trigger mechanism

Periodic execution

Trigger frequency

24 hours

Supported resource types

API resources

Input parameters

PluginType