Supported Features¶
The following table lists the features that are supported by dedicated gateways.
Note
If the gateway you use does not have specific features, contact technical support to upgrade your gateway.
Feature Name | Feature Description | Configurable | Feature Configuration Example | Configuration Parameter | Parameter Description | Default Value | Value Range |
---|---|---|---|---|---|---|---|
lts | Reporting of Shubao access logs | Yes | {"name":"lts","enable":true,"config": "{\"group_id\": ",\"topic_id\":\"\",\"log_group\":\"\",\"log_stream\":\"\"}"} | group_id | Log group ID. |
|
|
topic_id | Log stream ID. | ||||||
log_group | Name of a log group. | ||||||
log_stream | Name of a log stream. | ||||||
gateway_responses | Custom gateway responses | No |
|
|
|
|
|
ratelimit | Request throttling limit configuration | Yes | {"name":"ratelimit","enable":true,"config": "{\"api_limits\": 500}"} | api_limits | Default request throttling value applied to all APIs. Set this parameter properly to meet service requirements. A small value may constantly throttle your services. | 200 calls per second | 1-1,000,000 calls per second |
request_body_size | Configuration of the maximum request body size | Yes | {"name":"request_body_size","enable":true,"config": "104857600"} | request_body_size | Maximum size of the body allowed in an API request. | 12 MB | 1-9536 MB |
backend_timeout | Maximum backend timeout configuration | Yes | {"name":"backend_timeout","enable":true,"config": "{"max_timeout": 500}"} | max_timeout | Maximum timeout for APIG to request a backend service. | 60,000 ms | 1-600,000 ms |
app_token | app_token authentication | Yes | {"name":"app_token","enable":true,"config": "{\"enable\": \"on\", \"app_token_expire_time\": 3600, \"app_token_uri\": \"/v1/apigw/oauth2/token\", \"refresh_token_expire_time\": 7200}"} | enable | Whether to enable this feature. | Off | On/Off |
app_token_expire_time | Validity period of the access token. | 3600s | 1-72,000s | ||||
refresh_token_expire_time | Validity period of the refresh token. | 7200s | 1-72,000s | ||||
app_token_uri | URI used for obtaining the token. | /v1/apigw/oauth2/token |
| ||||
app_token_key | Token encryption key. |
|
| ||||
app_api_key | app_api_key authentication | Yes | {"name":"app_api_key","enable":true,"config": "on"} |
|
| Off | On/Off |
app_basic | app_basic authentication | Yes | {"name":"app_basic","enable":true,"config": "on"} |
|
| Off | On/Off |
app_secret | app_secret authentication | Yes | {"name":"app_secret","enable":true,"config": "on"} |
|
| Off | On/Off |
app_jwt | app_jwt authentication | Yes | {"name":"app_jwt","enable":true,"config": "{\"enable\": \"on\", \"auth_header\": \"Authorization\"}"} | enable | Whether to enable app_jwt authentication. | Off | On/Off |
auth_header | app_jwt authentication header. | Authorization |
| ||||
public_key | Public_key backend signatures | Yes | {"name":"public_key","enable":true,"config": "{\"enable\": \"on\", \"public_key_uri_prefix\": \"/apigw/authadv/v2/public-key/\"}"} | enable | Whether to enable public_key authentication. | Off | On/Off |
public_key_uri_prefix | URI prefix used for obtaining the public key. | /apigw/authadv/v2/public-key/ |
| ||||
backend_token_allow | Allowing tenants to transparently transmit tokens to the backend | Yes | {"name":"backend_token_allow","enable":true,"config": "{\"backend_token_allow_users\": [\"user_name\"]}"} | backend_token_allow_users | Regular expression for transparently transmitting the token to the common tenant whitelist of the tenant to match the domain name of the common tenant. |
|
|
sign_basic | Basic signature keys | No |
|
|
|
|
|
multi_auth | Two-factor authentication | No |
|
|
|
|
|
backend_client_certificate | Backend two-way authentication | Yes | {"name":"backend_client_certificate","enable":true,"config": "{\"enable\": \"on\",\"ca\": \"\",\"content\": \"\",\"key\": \"\"}"} | enable | Whether to enable this feature. | Off | On/Off |
ca | CA file of two-way authentication. |
|
| ||||
content | Two-way authentication file. |
|
| ||||
key | Private key of two-way authentication. |
|
| ||||
ssl_ciphers | HTTPS cipher suites | Yes | {"name":"ssl_ciphers","enable":true,"config": "config": "{\"ssl_ciphers\": [\"ECDHE-ECDSA-AES256-GCM-SHA384\"]}"} | ssl_ciphers | Encryption and decryption suites supported. The ssl_ciphers parameter cannot be left blank and can contain only the options in the default value. |
| ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256 |
route | Custom routes | No |
|
|
|
|
|
cors | Plug-ins | No |
|
|
|
|
|
real_ip_from_xff | X-Forwarded-For header for identifying IP addresses during access control and request throttling | Yes | {"name": "real_ip_from_xff","enable": true,"config": {"enable": "on","xff_index": -1}} | enable | Whether to enable this feature. | Off | On/Off |
xff_index | Sequence number of an IP address in the X-Forwarded-For header. The value of this parameter can be 0 or a positive or negative number. If the value is 0 or a positive number, the IP address of the corresponding index is obtained from the X-Forwarded-For header. If the value is a negative number, the IP address in reverse index order is obtained from the X-Forwarded-For header. For example, assume that the X-Forwarded-For header of a request received by API gateway contains three IP addresses: IP1, IP2, and IP3. If the value of xff_index is 0, IP1 is obtained. If the value of xff_index is 1, IP2 is obtained. If the value of xff_index is -1, IP3 is obtained. | -1 | Valid Int32 value | ||||
app_route | IP address access | Yes | {"name":"app_route","enable":true,"config": "on"} |
|
| Off | On/Off |
vpc_name_modifiable | Load balance channel name modification | Yes | {"name":"vpc_name_modifiable","enable":true,"config": "on"} |
|
| on | On/Off |
default_group_host_trustlist | Access to the DEFAULT group from IP addresses that are not inbound access addresses of the current gateway | Yes | {"name":"default_group_host_trustlist","enable": true,"config": "{\"enable\":\"on\",\"hosts\":[\"123.2.2.2\",\"202.2.2.2\"]}"} | enable | Whether to enable this feature. |
| On/Off |
hosts | IP addresses that are not inbound access addresses of the current gateway. |
|
| ||||
throttle_strategy | Request throttling | Yes | {"name":"throttle_strategy","enable":true,"config": "{\"enable\": \"on\",\"strategy\": \"local\"}"} | enable | Whether to enable this feature. | Off | On/Off |
strategy | Request throttling mode. |
| cluster/local | ||||
custom_log | Printing custom request headers, query strings, and cookies in logs | Yes | {"name":"custom_log","enable":true,"config": "{\"custom_logs\":[{\"location\":\"header\",\"name\":\"a1234\"}]}"} | custom_logs | Custom logs. |
| Max. 10 items. |
location | Location. | header/query/cookie | |||||
name | Name. |
| |||||
real_ip_header_getter | Using a custom header to obtain source IP addresses | Yes | {"name":"real_ip_header_getter","enable":true,"config": "{\"enable\": \"on\",\"header_getter\": \"header:testIP\"}"} | enable | Whether to enable this feature. | Off | On/Off |
header_getter | Custom header for obtaining source IP addresses. |
|
| ||||
policy_cookie_param | Using cookies in backend policy conditions | Yes | {"name":"policy_cookie_param","enable":true,"config": "on"} |
|
| Off | On/Off |
app_quota | Client quotas | No |
|
|
|
|
|
app_acl | Request throttling policies | No |
|
|
|
|
|
set_resp_headers | Response header management plug-ins | No |
|
|
|
|
|
vpc_backup | Primary/Standby VPC channels | No |
|
|
|
|
|
sign_aes | AES signature keys | No |
|
|
|
|
|
kafka_log | Adding, deleting, modifying, and querying Kafka log push plug-ins | No |
|
|
|
|
|
backend_retry_count | Backend retry configuration | No |
|
|
|
|
|
policy_sys_param | Using system parameters in backend policy conditions | No |
|
|
|
|
|
breaker | Circuit breakers | No |
|
|
|
|
|
content_type_configurable | Returning request parameter type (Content-Type) when querying APIs | No |
|
|
|
|
|
rate_limit_plugin | Request throttling plug-ins | No |
|
|
|
|
|
breakerv2 | Circuit breakers for degrading services in case of overload | No |
|
|
|
|
|
sm_cipher_type | Encrypting local sensitive data with commercial cryptographic algorithms | No |
|
|
|
|
|
rate_limit_algorithm | Request throttling algorithm switchover | No |
|
|
|
|
|