All Products
Search

This Product

    API Gateway:Enable HTTPS-based calls for APIs

    Document Center

    API Gateway:Enable HTTPS-based calls for APIs

    Last Updated:Aug 13, 2024

    Based on HTTP and the Secure Sockets Layer (SSL) protocol, HTTPS is used to transmit data in a secure manner by encrypting the transmitted data. HTTPS is widely used today.

    API Gateway allows you to use HTTPS to encrypt the requests that are initiated to call your APIs. You can configure your specific API to support calls over only HTTP, HTTPS, or both. If you want your API to support HTTPS-based calls, perform the following steps:

    Step 1: Make preparations

    Perform the following preparations:

    • Obtain an independent domain name.

    • Apply for an SSL certificate for the independent domain name.

    • Upload the certificate to the API Gateway console. An SSL certificate consists of a certificate (XXXXX.pem) and a private key (XXXXX.key). Both must be in .PEM format because the Tengine service of API Gateway is based on nginx and nginx only supports the .PEM format.

    XXXXX.key and XXXXX.pem can both be opened in a text editor. The following figure shows an example:

    KEY:

    -----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA8GjIleJ7rlo86mtbwcDnUfqzTQAm4b3zZEo1aKsfAuwcvCud
....
-----END RSA PRIVATE KEY-----

    PEM:

    -----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIQRgWF1j00cozRl1pZ+ultKTANBgkqhkiG9w0BAQsFADBP
...
-----END CERTIFICATE-----

    Step 2: Bind the SSL certificate to an API group

    Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. Click the API group to which you want to bind the SSL certificate to go to the group details page. Before you bind the SSL certificate, you must bind an independent domain name to the API group.

    Add the SSL certificate in the Independent Domains section.

    • Certificate Name: the name of the certificate. We recommend that you set an informative name for easy identification.

    • Certificate Content: the complete content of the certificate. Copy the content in the XXXXX.pem file to this field.

    • Private Key: the private key of the certificate. Copy the content in the XXXXX.key file to this field. Click OK.

    Step 3: Adjust the API configuration

    After you bind the SSL certificate to the API group, you can adjust the Protocol parameter that is configured for the API. Valid values of the Protocol parameter are HTTP, HTTPS, and HTTP and HTTPS. You can select one or more protocols for each API. We recommend that you select HTTPS for APIs for security considerations.

    In the left-side navigation pane, choose Manage APIs > APIs. On the APIs page, click the API that you want to manage. On the Definition page, click Edit and edit the settings in the Define API Request step.

    You can set the Protocol parameter to the following values:

    • HTTP: supports only HTTP requests.

    • HTTPS: supports only HTTPS requests.

    • HTTP and HTTPS: supports both HTTP and HTTPS requests. After you select HTTPS for your API, the API supports HTTPS-based calls.