Configure policies for an API

A policy controls access to an API. This task contains the following topics:

Configure a proxy caching policy

Configure security control policies

Configure a request throttling policy

Configure a proxy caching policy

A proxy caching policy enables a service gateway to cache API information for API calling of the same user to reduce workloads for access to backend services.

To configure a proxy caching policy:

From the left navigation pane, select Service Release > Proxy Caching.

Select a service gateway from the service gateway filter list.

Click Create Cache Policy.

Configure the parameters as needed.

Click OK.

Click Bind API in the Actions column for an API gateway.

Select an API group from the Group list. The APIs that belong to this group will be displayed.

Select the target APIs, and then click OK.

Parameter	Description
Policy Name	Enter the name of the proxy caching policy. When you publish an API (as described in "Publish an API"), you can select an existing proxy caching control policy by its name.
Cache TTL	Specify the cache TTL, in the range of 1 to 31536000 seconds.
Match Return Code	Enter return codes. The system caches only defined return codes.
Match Content Type	Enter the Content-Type parameters to be accepted. If you leave this field empty, the Content-Type parameter is not verified.
Match Header	Enter the request headers to be verified. If you leave this field empty, no headers will be verified.
Match Search Parameter	Enter the search parameters to be verified. If you leave this field empty, no search parameters will be verified.

Configure security control policies

Configure an access control policy

From the left navigation pane, select Service Release > Security Control.

Select a service gateway from the service gateway filter list.

On the Access Policies tab, click Create Access Control Policy.

Configure access control policy parameters as needed.

Click OK.

Click Bind API in the Actions column for an access control policy.

Select an API group from the Group list. The APIs that belong to this group will be displayed.

Select the target APIs, and then click OK.

Parameter	Description
Policy Name	Enter the name of the access control policy. When you publish an API (as described in "Publish an API"), you can select an existing access control policy by its name.
Limit By	Filter API calls by IP address or interception rules. VPC private IP addresses are not supported.
Action	Select the action to take on API calls received from the specified IP addresses. To add an IP address or IP address range, click Add IP Address and enter an IP address or IP address range. Permit—Permits API calls from the specified IP addresses. Deny—Denies API calls from the specified IP addresses. Only the API calls not matching the IP addresses are permitted.
Rule Settings	Configure interception rule settings. You can use the sample as a reference.

Configure an authentication policy

From the left navigation pane, select Service Release > Security Control.

Select a service gateway from the service gateway filter list.

Click the Authentication Policies tab.

Click Create Authentication Policy.

Configure authentication policy parameters as needed.

Click OK.

Parameter	Description
Policy Name	Enter the name of the authentication policy. When you publish an API (as described in "Publish an API"), you can select a created authentication policy by its name.
Authentication	Select an authentication method. Options are Basic and Key. Basic Authentication—Enter a username and password for authenticating API requests. Key Authentication—Enter a key string for authenticating service requests. If you do not enter a key string, the system prompts an error message. AK/SK Authentication—If you select this authentication method, you must also configure service subscription settings for consumers to subscribe to a service. To obtain documents for the authentication type and the SDK, click Download. Signature Headers—Specify the he header fields and their sequence in signature calculation. Signature Algorithm—Select an algorithm for signature calculation. Body Verification—Select whether to verify the body. Enabling body verification consumes compute resources. The maximum size of a body that can be verified is 8 kilobytes. JWT Authentication—If you select this authentication method, you must also configure service subscription settings for consumers to subscribe to a service. To obtain documents for the authentication type and the SDK, click Download. Token TTL—Specify the TTL of the token. When the token expires, you must obtain a temporary token.

Parameter

Description

Policy Name

Enter the name of the authentication policy.

When you publish an API (as described in "Publish an API"), you can select a created authentication policy by its name.

Authentication

Select an authentication method. Options are Basic and Key.

Basic Authentication—Enter a username and password for authenticating API requests.

Key Authentication—Enter a key string for authenticating service requests. If you do not enter a key string, the system prompts an error message.

AK/SK Authentication—If you select this authentication method, you must also configure service subscription settings for consumers to subscribe to a service. To obtain documents for the authentication type and the SDK, click Download.

Signature Headers—Specify the he header fields and their sequence in signature calculation.

Signature Algorithm—Select an algorithm for signature calculation.

Body Verification—Select whether to verify the body. Enabling body verification consumes compute resources. The maximum size of a body that can be verified is 8 kilobytes.

JWT Authentication—If you select this authentication method, you must also configure service subscription settings for consumers to subscribe to a service. To obtain documents for the authentication type and the SDK, click Download.
Token TTL—Specify the TTL of the token. When the token expires, you must obtain a temporary token.

Configure a request throttling policy

From the left navigation pane, select Service Release > Request Throttling.

Select a service gateway from the service gateway filter list.

Click Create Request Throttling Policy.

Configure request throttling policy parameters as needed.

Click OK.

Table-1 Configuring request throttling policy parameters

Parameter

Description

Policy Name

Enter the name of the request throttling policy.

When you publish an API (as described in "Publish an API"), you can select a created request throttling policy by its name.

Configuration Type

Basic Settings

Rate Limit Mode—Select a rate limit mode

Requests per Second/Minutes/Hour/Day—Enter the maximum number of requests to be processed per second, per minute, per hour, and per day. The gateway drops a request if it exceeds any one of the limits. To leave a criterion unspecified, enter a value of -1.
For example, if you enter 100 for Requests per Second, the system automatically stops processing requests when the number of requests per second exceeds 100.

Custom Configuration—Except for basic request limits, you can configure exceptions. Traffic is not limited for requests that meet the requirements.

Click Bind API in the Actions column for the request throttling policy in the policy list, and select APIs to which the policy applies.

Click OK.

Select an API group from the Group list. The APIs that belong to this group will be displayed.

Select the target APIs, and then click OK.