API Gateway – a high-performance, high-availability, and high-security API hosting service that helps enterprises build, manage, and deploy Application Programming Interfaces (APIs) at any scale

API Gateway has the following features:

API lifecycle management

The lifecycle of an API involves creating, publishing, removing, and deleting the API. API lifecycle management enables users to quickly and efficiently open up well-developed service capabilities.

Simple debugging tool

With the inline debugging tool, users can debug APIs with different HTTP headers and bodies. This tool simplifies the API development process and reduces the API development and maintenance costs.

Version management

An API can be published in different environments. Publishing an API again in the same environment will override the API’s previous version. API Gateway displays the publication history (including the version, description, date and time, and environment) of each API. Users can roll back an API to any historical version to meet dark launch and version upgrade requirements.

Environment variables

Environment variables are manageable and specific to environments. Variables of an API will be replaced by the values of the variables in the environment where the API will be published. Users can create variables in different environments to call different backend services using the same API.

Request throttling

For different services and users, users can control the request frequency of an API and the frequency the API can be called by a user, an app, and an IP address. This ensures that backend services can run stably. The throttling can be accurate to the second, minute, hour, or day. Excluded apps and tenants can be configured to limit the number of API calls respectively from specific apps and tenants.

Monitoring and alarm

API Gateway provides visualized, real-time API monitoring, and displays multiple metrics, including number of requests, invocation latency, and number of errors. The metrics help users understand the API usage, allowing them to identify potential service risks.

Access control

Access control policies are one of the API security protection measures provided by API Gateway to allow or deny API access from specified IP addresses or accounts.

VPC channels

VPC channel can be created for accessing resources in Virtual Private Clouds (VPCs) and opening up capabilities of backend services deployed in VPCs. A VPC channel forwards API requests to different servers for load balancing.

Signature keys

A signature key consists of a key and secret, and takes effect only after being bound to APIs. Signature keys are used by backend services to verify the identity of API Gateway to ensure secure access.

Use Cases

Open Enterprise Capabilities

Provide open capabilities for partners. Sharing services and data with partners deepens cooperation and helps build a new ecosystem.

Service Integration

Use standard APIs to decouple internal systems, separate frontend applications from backend service systems, and reuse existing capabilities to avoid wasting resources.

API Economy

Package service capabilities into standard APIs and monetize APIs on the marketplace, reducing R&D investment and improving operation efficiency.