This topic provides a quick guide on how to create and publish an API that uses a backend service of the HTTP type in API Gateway. This topic also describes how to call the API by using an application and an AppKey and AppSecret pair based on the Alibaba Cloud App authentication type.
Prerequisites
A virtual private cloud (VPC) environment is created. For more information, see Create a VPC with an IPv4 CIDR block and Create a VPC with an IPv6 CIDR block.
An Elastic Compute Service (ECS) instance is created. For more information, see Step 1: Create an ECS instance.
In this example, an ECS instance deployed in a VPC is used. The ECS instance resides in the same region as the API Gateway instance. In the ECS instance, Apache is deployed and uses the default 80 port. For more information, see Step 4: Deploy Apache.
Process
You must perform the following steps in sequence:
Create an HTTP backend service
API Gateway allows you to configure backend services as resources of a region to simplify management. You need only to create a backend service in the API Gateway console and configure different URLs for the backend service for different environments. Then, you can directly select the configured backend service to create an API.
Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > Backend Services. On the page that appears, click Create Backend Service in the upper-right corner.
In the Create Backend Service dialog box, set Name to
httpd-online
and Type toHTTP/HTTPS Service
and click Confirm.On the Backend Services page, click the
httpd-online
backend service. On the Backend Service Definition page, click the Production tab and then click Create in the upper-right corner.On the Basic Information page, enter
http://192.168.*.***:80
in the *** Address box and click Publish.Notehttp://192.168.*.***:80
is the private IP address of the created ECS instance.
Create an API group
APIs are managed in API groups. You must create an API group before you create an API.
Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. On the API Groups page, click Create Group in the upper-right corner.
In the Create Group dialog box, select an instance from the Instances drop-down list, set Group Name to
httpd-demo
, set BasePath to/
, and then click Confirm.
On the API Groups page, view the created group and click the group name to go to the Group Details page. On the Group Details page, you can bind a domain name, modify basic information, and change the instance type for the API group.
API Gateway automatically assigns a public second-level domain name for the API group. This domain name is used only for debugging and has a limit of 100 calls per day for regions outside the Chinese mainland and 1,000 calls per day for regions in the Chinese mainland. We recommend that you bind an independent domain name after you create an API group.
Create an API
Log on to the API Gateway console. In the top navigation bar, select a region. In the left-side navigation pane, choose Manage APIs > API Groups.
On the API Groups page, find the
httpd-demo
group that you created and click Manage APIs in the Actions column.On the APIs page, click Create API in the upper-right corner.
In the Basic Information step of the Create API wizard, configure the following parameters and click Next.
Parameter
Example
Group
httpd-demo
API Name
httpd-test
Security Authentication
Alibaba Cloud App
AppCode Authentication
Enable AppCode Authentication (Header & Query)
Signature algorithm
HMAC_SHA256
In the Define API Request step, configure the following parameters and click Next.
NoteIn this step, you define how a client, such as a web browser, a mobile app, or a business system, requests the API. The parameters that you need to configure in this step include Protocol, Request Path, HTTP Method, Request Mode, and the parameters in the Request Parameters section. In this example, the Request Mode parameter is set to Pass-through. This indicates that API Gateway does not process the parameters sent by the client and directly passes them to the backend.
In the Define Backend Service step, configure the following parameters and click Next.
Parameter
Example
Configuration Mode
Select Use Existing Backend Service.
Backend Service Type
Select HTTP/HTTPS Service.
Backend Service
httpd-online
Backend Request Path
/
HTTP Method
GET
Backend Service Timeout Period
10000
NoteIn this step, you configure the type and URL of the backend service to which API Gateway sends the requests that are received from a client and how parameters are mapped and processed. In this example, the Backend Service Type parameter is set to HTTP/HTTPS Service.
In the Define Response step, configure the parameters on the page based on your business requirements and then click Create.
In the message that appears, click Publish.
In the Publish API dialog box that appears, set Environment to Release, enter remarks in the Remarks section, and then click Publish.
NoteAfter you modify an API, you must publish the API to the corresponding environment for the modification to take effect. API Gateway provides three built-in environments, which are test, pre-release, and production.
Create an application and authorize the application to call the API
An application is an identity that you use to call an API. In the Create an API step of this example, the authentication method is set to Alibaba Cloud App. Therefore, after the API is published, you must create an application and grant the application the permissions to call the API.
Create an application
Log on to the API Gateway console. In the top navigation bar, select a region. In the left-side navigation pane, choose Call APIs > Apps.
On the Apps page, click Create App in the upper-right corner.
In the Create App dialog box, configure the App Name parameter and click Confirm. In this example, httpd is used as the application name.
On the Apps page, click the
httpd
application that you created. On the App Details page, you can see that two authentication methods are available:AppKey
andAppCode
. TheAppKey
method includes a pair ofAppKey
andAppSecret
, which works similarly to a pair of username and password. When you call the API, you must pass theAppKey
as a parameter. TheAppSecret
is used to calculate signatures. API Gateway verifies the AppKey-AppSecret pair to authenticate your identity.
Authorize the application to call the API
Log on to the API Gateway console. In the top navigation bar, select a region. In the left-side navigation pane, choose Manage APIs > APIs.
On the APIs page, find the created
http-test
API and choose > Authorize in the Actions column.On the Authorize page, set the Stage parameter to Release. Enter the name of the application you created in the search bar of the Choose Apps for Authorization section. In the search result, select the created application, click Add in the Actions column, and then click Confirm. A message appears to inform you that the application is authorized to call the API.
Debug the API
API Gateway supports online debugging. We recommend that you use this feature to check whether an API is correctly configured before you call this API on clients.
Log on to the API Gateway console. In the left-side navigation pane, choose Call APIs > Debug.
On the Debug API page, select the
httpd-test
API that you created, set Verification Method to Use AppSecret, and then click Send Request. The following information indicates that the configuration is successful.
Call the API
By performing the preceding steps, you created and published the API, created and authorized an application to call the API, and debugged the API. In this step, SDKs provided by API Gateway can be used to call a published API from a business system.
Method 1: Use an SDK to call the API
Log on to the API Gateway console. In the left-side navigation pane, choose Call APIs > SDK.
On the SDK page, select Node.js in the Signature Sample Code for Other Languages (for reference only) section and click View Sample Code for Node.js.
Run the
$ npm install aliyun-api-gateway -S
command to use nmp to install the sample SDK for Node.js.In the following code snippet, set
YOUR_APP_KEY
andYOUR_APP_SECRET
to the AppKey and AppSecret of the application created in this example.// Import the SDK for Node.js that you downloaded. const Client = require('aliyun-api-gateway').Client; // Create an instance for the authorized application. Specify the AppKey and AppSecret of the authorized application. const client = new Client('YOUR_APP_KEY','YOUR_APP_SECRET'); async function get() { // Use the domain name of the API group to which the API that you want to call belongs. You can use the public second-level domain name provided by API Gateway to test API calls. However, a limit is imposed on the number of API calls. We recommend that you bind an independent domain name to the API Group. var url = 'YOUR_GROUP_DOMAIN'; var result = await client.get(url, { // Specify the request header. Some APIs can return data formats based on the specified response type. We recommend that you manually define the request header based on your business requirements. headers: { accept: 'application/json' }, }); console.log(JSON.stringify(result)); } get().catch((err) => { console.log(err.stack); });
Method 2: Use cURL to call the API
Log on to the API Gateway console. In the left-side navigation pane, choose Call APIs > Apps. On the Apps page, click the authorized application and obtain its AppCode on the page that appears. Then, use the following sample code to call the API.
curl -i -X GET "http://3fbf0648d01e4aa5a1d*******-cn-hangzhou.alicloudapi.com" -H "Authorization:APPCODE c404eca23959492b9f0e4d4d15****"