This tutorial demonstrates how to use Cloud-native API Gateway and DataWorks to publish a MaxCompute data table as a publicly accessible REST API.
Example objective: Create an API for the
user_infotable in MaxCompute. This API allows callers to query and return the corresponding user information by passing inuser_id.Final result: You will have an API that can be accessed via a public URL, such as
https://api.example.com/v1/user/info?user_id=10001, and a secure and authenticated method to call it.
If you use the original API Gateway, see Create an API in wizard mode for the steps.
This tutorial uses MaxCompute as an example. For a list of supported data sources, see Configure data sources.
How it works
The following diagram illustrates the complete path from the API caller to the final data source and shows where each component is configured.
Prerequisites
Category | Requirement | Description |
Account and Permissions | An Alibaba Cloud account with the required permissions | Ensure that your account has the permissions to use Cloud-native API Gateway, DataWorks, and MaxCompute. You must have the Developer role for the relevant workspace in DataWorks. |
Service Activation | Activate the required cloud services | Activate Cloud-native API Gateway. Note
|
Resource Preparation | Serverless resource group | In the network settings of the Serverless resource group, bind the VPC and vSwitch of Data Service. Important Take note of the VPC information for this resource group. You will need it when creating the gateway instance later. For simpler network connectivity, use the same VPC for both the gateway instance and the Data Service resource group. |
MaxCompute test data | In your MaxCompute project, execute the following DDL statement to create the Run the following DML statement to insert test data: | |
DataWorks data source | In the Workspace Management section of the DataWorks console, configure a data source that points to the MaxCompute project you prepared. |
Step 1: Prepare basic resources
In this step, you will create a gateway instance to serve your APIs, a domain name for public access, and a REST API to organize your APIs.
1. Create a gateway instance
A gateway instance is the engine that processes API requests.
Log on to the Cloud-native API Gateway console. In the navigation pane on the left, click Instances.
In the top navigation bar, select a region.
ImportantThe region must be the same as your DataWorks workspace region.
On the Instances page, click Create Instance.
On the purchase page, configure the following parameters:
Product Type: You can select Pay-As-You-Go or Subscription. For testing purposes, you can use Pay-As-You-Go.
Gateway Name: Enter a custom name that is easy to identify, such as
dataservice-prod.Gateway Specification: You can choose a single-node specification for testing. However, for production environments, use a multi-node gateway specification to ensure the SLA.
Network Type: Select Public Network or Public Network and Private Network to allow internet access. Public network traffic is billable.
VPC: Select a VPC.
ImportantFor simpler network connectivity, use the same VPC for both the gateway instance and the Serverless resource group you prepared earlier. If you use different VPCs, you must manually create a backend service later.
Zone Selection: You can select Auto-assign or manually assign instances to different availability zones and vSwitches.
Resource Group: Select a resource group based on your resource management strategy.
Click Buy Now and complete the payment. Instance creation takes 1 to 5 minutes. The instance is ready when its status changes to Running.
For more information, see Create a gateway instance.
2. Add a domain name
If you only need to access the API within a VPC, you do not need to add a domain name.
A domain name is the public entry point for your API.
In the navigation pane on the left of the Cloud-native API Gateway console, choose Domains. Make sure the region selected at the top is the same as your gateway instance's region.
Click Add Domain Name and configure the following settings:
Domain Name: Enter your custom domain name, such as
api.example.com. Custom domain names used in mainland China regions require ICP filing.Protocol: Select HTTPS for secure data transmission. This requires an existing SSL certificate.
Other configurations: We recommend enabling Force HTTPS and Enable HTTP/2. Specify the TLS Version based on your security requirements.
For more information, see Create a domain name.
3. Create a REST API
A REST API is a logical container for managing a group of APIs that share the same Base Path. A business process in DataWorks is bound to a REST API.
Compared to the legacy API Gateway, a REST API is equivalent to an api group.
In the navigation pane on the left of the Cloud-native API Gateway console, click APIs, and make sure the correct region is selected at the top.
Click Create API. On the Create API page, click Create on the REST API card.
In the Create REST API panel, configure the following settings:
API Name: Enter a globally unique name for your API collection in the current region, such as
dataservice-user-api.Base Path: The base path of the API, which is part of the URL. For example,
/v1. The final request URL isprotocol://domain/BasePath/APIPath.Version Management: Enable this feature as needed.
For more information, see Create a REST API and add an interface.
Step 2: Create and configure an API
In this step, you will define the API's logic, connect it to a data source, and configure its parameters in DataWorks.
1. Create a business process
A business process is used to organize a group of related APIs and bind them to a REST API in API Gateway.
Go to the DataWorks console. In the navigation pane on the left, choose Data Service > Service Development.
Click the new icon in the upper-left corner and select New Business Process.
In the New Business Process dialog box, configure the following settings:
Business Name: A custom name that is unique within the workspace, such as
User Query Service. The name must be 4 to 50 characters in length.Gateway Type: Select Cloud-native API Gateway.
REST API: From the drop-down list, select the REST API that you created in Step 1 (for example,
dataservice-user-api). If the API does not appear, click Refresh.ImportantThis binding cannot be changed, so choose carefully.
2. Generate an API in wizard mode
On the Service Development page, hover over the new icon in the upper-left corner, and click New API > Generate API.
In the Generate API dialog box, select Wizard Mode and configure the basic information for the API:
Target folder: Select the business process (
User Query Service) that you created in the previous step.API Name: The name of the API, such as
Query User by User ID.API Path: The specific path of the API, such as
/user/info. It is concatenated with theBase Pathto form a complete URL path. The API Path must start with/and its length must not exceed 200 characters.Request Method: Select GET or POST. With the GET method, request parameters must be in the query string.
Response Type: Select JSON.
Click Create to enter the API's visual editing page.
NoteTo learn how to create an API in script mode, see Generate an API in script mode.
3. Configure the API
On the API editing page, follow the Select Table > Select Parameters > Configure Parameters flow to define the core logic of the API.
Select a table (data source and table)
In the Select Table area on the left side of the page, configure the following:
Data Source Type: Select MaxCompute (ODPS).
Data Source Name: Select the data source you configured in the prerequisites.
Data Table Name: Select the
user_infotable.If you use a MaxCompute data source, you need to configure an Acceleration Method to improve performance.
Select parameters (request and response)
After you select the table, the Select Parameters area below will list all fields of the table.
Configure request parameters: Select the
user_idfield, and then select Set as Request Parameter.Configure return parameters: Select the
user_idanduser_namefields, and then select Set as Return Parameter.
Configure request parameter details. On the Request Parameters tab on the right side of the page, set a Sample Value for the
user_idparameter, such as10001. This is helpful for subsequent testing.Best practice: We recommend setting indexed fields as request parameters to optimize query performance.
Configure the service resource group and environment
In the Service Resource Group area on the right, configure the following:
Resource Group Type: You must select Exclusive Resource Group for Data Service and select the resource group that is already bound to the current workspace from the drop-down list.
Environment Configuration:
Timeout: The maximum time that the Cloud-native API Gateway waits for a response from DataWorks, for example,
3seconds.Maximum number of records per request: Limits the maximum number of records returned in a single API call, for example,
2000.
Configure authentication
Configure settings in the authentication area on the right. After you enable consumer authentication, you can choose one of the following three authentication types.
NoteFor each workspace, DataWorks automatically creates a consumer in Cloud-native API Gateway with the same name as the workspace. You do not need to create one manually.
Configuration method
Description
Use cases
API Key
The client adds credentials to the request, which the gateway then validates. This method is best for non-sensitive operations and is less secure than JWT or AccessKey pair authentication. You must properly manage and protect the credentials.
Suitable for lightweight, quick integration and scenarios with general security requirements.
JWT
JSON Web Token (JWT) is a standard for securely transmitting information between a client and a server. It uses HMAC, RSA, or ECDSA signatures to ensure the information is verifiable and trustworthy. JWT authentication can be used in the gateway to implement identity verification and access control.
Suitable for distributed systems and Single Sign-On (SSO) scenarios.
HMAC
AccessKey pair signature authentication based on the HMAC algorithm requires the client to sign the request with a key. The server then verifies this signature.
Suitable for scenarios that require high data integrity and tamper resistance.
Save the API: After completing all configurations, click the Save icon in the top toolbar.
Step 3: Test, commit, and publish the API
1. Test the API
You must test the API successfully before you can commit it.
On the API editing page, click the Test API button in the toolbar.
In the API Test dialog box, enter an existing sample value (such as
10001) for theuser_idrequest parameter, and click Start Test.Check the Response on the right to confirm if the data is as expected. The Response Duration can be used to evaluate performance.
If the test fails, check your data source, table, parameter, or resource group configuration based on the error message.
2. Commit the API
After the test passes, commit the API to create a publishable version.
On the API editing page, click the Commit button in the toolbar.
After a successful commit, the system automatically generates an API version. You can view it on the Version Management tab on the right.
If your workspace requires an approval process, the API status becomes Pending for Application. You must click Apply for Publishing to submit it for approval. Once approved, the status changes to Publishable.
If no approval process is configured, the version status is usually set directly to Publishable.
3. Publish the API
This final step deploys the API to the production environment.
On the Versions tab of the API editing page, find the version with the status Publishable and click Publish in the Actions column.
In the Publish API to Cloud-native API Gateway dialog box, configure the following three required items:
Domains: Select the domain name you added in Step 1.
ImportantAll APIs under the same REST API share the same domain name. Any changes to the domain name during publishing will affect all APIs under the same REST API.
Gateway Instance: Select the gateway instance you created in Step 1.
Backend Service:
If the VPC of the gateway instance is the same as the VPC of the DataWorks resource group, you can select Default.
If the VPCs are different, you must select a backend service that you created in the Cloud-native API Gateway console.
Create a backend service
Once published, the API is live and can be called at its public address.
Step 4: Call and verify the API
Use your credentials to access the API based on the authentication method you configured in step 2.3.5.
On the Versions tab of the deployed API, find the version you just published and click Service Management on the right to go to the API management page and view the API details.
In API management, click the address under API Name/API Path to view the API details.
Construct and execute the call
Sample URL: Copy the invocation address from the API details.
Authentication information: In Service Management > API Call > Cloud-native API Gateway, view the call authentication methods.
Calling method: Make a call by using
curlor other HTTP clients and including theAppKeyandAppSecretin the request header.For more information, see Manage consumers.
Curl invocation example:
API key authentication
# Replace api.example.com with your actual domain name curl "https://api.example.com/v1/user/info?user_id=10001" \ -X GET \ -H "Content-Type: application/json; charset=utf-8" \ -H "Authorization: Bearer <API_KEY>"HMAC authentication
For a detailed calling process, see AccessKey pair (HMAC) authentication.
# Replace api.example.com with your actual domain name curl "https://api.example.com/v1/user/info?user_id=10001" \ -X GET \ -H "x-ca-key: Access Key" \ -H "x-ca-signature: <Base64EncodedSignature>" \ -H "x-ca-signature-method: HmacSHA256" \ -H "Date: Wed, 01 Jan 2025 00:00:00 GMT" \ -H "Accept: application/json"Check the expected response A successful call returns a JSON response similar to this:
{ "data": { "user_id": 10001, "user_name": "Alice" }, "success": true }