Based on HTTP and the Secure Sockets Layer (SSL) protocol, HTTPS is used to transmit data in a secure manner by encrypting the transmitted data. HTTPS is widely used today.
API Gateway allows you to use HTTPS to encrypt the requests that are initiated to call your APIs. You can configure your specific API to support calls over only HTTP, HTTPS, or both. If you want your API to support HTTPS-based calls, perform the following steps:
Step 1: Make preparations
Perform the following preparations:
Obtain an independent domain name.
Apply for an SSL certificate for the independent domain name.
Upload the certificate to the API Gateway console. An SSL certificate consists of a certificate (XXXXX.pem) and a private key (XXXXX.key). Both must be in .PEM format because the Tengine service of API Gateway is based on nginx and nginx only supports the .PEM format.
XXXXX.key and XXXXX.pem can both be opened in a text editor. The following figure shows an example:
KEY:
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA8GjIleJ7rlo86mtbwcDnUfqzTQAm4b3zZEo1aKsfAuwcvCud
....
-----END RSA PRIVATE KEY-----
PEM:
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgIQRgWF1j00cozRl1pZ+ultKTANBgkqhkiG9w0BAQsFADBP
...
-----END CERTIFICATE-----
Step 2: Bind the SSL certificate to an API group
Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > API Groups. Click the API group to which you want to bind the SSL certificate to go to the group details page. Bind an independent domain name to the API group to facilitate certificate binding.
Add the SSL certificate in the Independent Domains section.
Certificate Name: the name of the certificate. We recommend that you set an informative name for easy identification.
Certificate Content: the complete content of the certificate. Copy the content in the XXXXX.pem file to this field.
Private Key: the private key of the certificate. Copy the content in the XXXXX.key file to this field. Click OK.
Step 3: Adjust the API configuration
After you bind the SSL certificate to the API group, you can adjust the Protocol parameter that is configured for the API. Valid values of the Protocol parameter are HTTP, HTTPS, and HTTP and HTTPS. You can select one or more protocols for each API. We recommend that you select HTTPS for APIs for security considerations.
Log on to the API Gateway console. In the left-side navigation pane, choose Manage APIs > APIs and find the API that you want to manage.
Click the name of the API. On the page that appears, click Edit in the upper-right corner.
In the Basic Information step, click Next. In the Define API Request step, configure the Protocol parameter.
You can set the Protocol parameter to the following values:
HTTP: The API supports only access over HTTP.
HTTPS: The API supports only access over HTTPS.
HTTP and HTTPS: supports both HTTP and HTTPS requests. After you select HTTPS for your API, the API supports HTTPS-based calls.