All Products
Search
Document Center

API Gateway:Access a domain name over HTTPS

Last Updated:Aug 22, 2024

You can bind your domain name to an API group hosted on API Gateway. API Gateway locates a unique API group by domain name and locates a unique API in the API group by using the Path and HTTPMethod parameters.

By default, API Gateway provides a public second-level domain name for each API group. If a client uses the public second-level domain name to initiate API calls, a limit of 100 API calls is imposed in the China (Hong Kong) region and regions outside the Chinese mainland, and a limit of 1,000 API calls is imposed in regions inside the Chinese mainland. If you want to publish APIs to a production environment, you must bind an independent domain name to the API group to which the APIs belong. The number of API calls is not limited for independent domain names.

Independent domain names that you want to bind to API groups must meet the following requirements:

  • If you want to bind an independent domain name to an API group in a region inside the Chinese mainland, you must apply for an ICP filing in the Alibaba Cloud ICP Filing system for the domain name, or add Alibaba Cloud as a service provider to the ICP filing information of the domain name.

  • Before you bind an independent domain name to an API group, you must add a CNAME record for the independent domain name to the second-level domain name of the group.

  • The independent domain name that you want to bind has not been bound to an API group hosted on API Gateway by other users. If the independent domain name has been bound by other users, it must be verified when you attempt to bind it. If the APIs in the API group need to support HTTPS, you must import or upload an SSL certificate for the independent domain name.

1. Procedure for binding a domain name to an API group

To bind your domain name to an API group hosted on API Gateway, perform the following steps:

  • Log on to the API Gateway console and bind your domain name to the API group.

  • Add a CNAME record for your domain name to the public second-level domain name provided by API Gateway to switch service traffic.

1.1 Bind a domain name to an API group

1. Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. On the API Groups page, click the API group to which you want to bind a domain name. The Group Details page appears.

2. In the Independent Domains section of the Group Details page, click Bind Domain Name.

3. In the Bind Domain Name dialog box, enter your domain name and click Confirm.

1.2 Add a CNAME record

To add a CNAME record for your domain name to the public second-level domain name provided by API Gateway, perform the following steps:

1. Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. On the page that appears, click the name of the group that you want to manage. Then, find the public second-level domain name in the Basic Information section of the Group Details page.

2. Log on to the DNS management platform. If you use Alibaba Cloud DNS, visit https://dns.console.aliyun.com. On the Manage DNS page of the Alibaba Cloud DNS console, click the domain name that you want to manage to go to the DNS Settings page.

3. Add or modify a record for the domain name that you want to bind to the API group.

4. In the Add DNS Record or Modify DNS Record panel, set Record Type to CNAME and Record Value to the public second-level domain name that you obtained in step 2.

5. Click OK. After the binding is complete, you can view the public second-level domain name on the DNS Settings page.

2. Upload an SSL certificate for the domain name

After a domain name is bound to an API group, you can use the domain name to call all the APIs that belong to the API group over HTTP. If you want to call APIs over HTTPS, you must upload an SSL certificate for the domain name. API Gateway provides the following methods for you to upload an SSL certificate: 1. API Gateway automatically imports an SSL certificate from the Alibaba Cloud Certificate Management Service. 2. API Gateway allows you to manually upload the SSL certificate that you obtained from other certificate service providers.

2.1 Generate an SSL certificate for a domain name

To generate a free SSL certificate by using the Alibaba Cloud Certificate Management Service, perform the following steps:

1. Log on to the Certificate Management Service console.

2. On the left-side navigation pane, select SSL Certificates. On the page that appears, click Purchase Certificate. On the Buy Now page, purchase the certificate and bind the domain name. For more information, see Get started with SSL Certificates Service. After you apply for an SSL certificate, go to the Group Details page of the target API group in the API Gateway console.

2.2 Import or upload the SSL certificate for the domain name

After you purchase or prepare an SSL certificate, import or upload the certificate for the domain name that you bound to the target API group in the API Gateway console. The following sections describe the procedure for importing and uploading an SSL certificate.

2.2.1 Import an SSL certificate

If you purchase a certificate by using the Alibaba Cloud Certificate Management Service, perform the following steps to import the certificate for the domain name that you bound to the target API group hosted on API Gateway:

1. Go to the Group Details page in the API Gateway console. In the Independent Domains section, find the domain name that you want to manage and click Select Certificate in the SSL Certificate column.

2. In the Select Certificate dialog box, click Search for Certificate. Then, select the required certificate from the search results and click Synchronize Certificate.

2.2.2 Upload an SSL certificate

If your SSL certificate is not purchased from Alibaba Cloud, you can upload your certificate to API Gateway. Perform the following steps to upload an SSL certificate:

1. Go to the Group Details page in the API Gateway console. In the Independent Domains section, find the domain name that you want to manage and click Select Certificate in the SSL Certificate column.

2. In the Select Certificate dialog box, click Add Certificate.

3. On the page that appears, follow the on-screen instructions to enter the required information.

4. After the certificate is uploaded, go to the Group Details page. You can see that the Select Certificate link of the domain name is changed to Update Certificate. After the certificate is uploaded, you can access the target domain name over HTTPS.