Cloud Firewall provides a console for visual operations and multiple methods for calling API operations, including OpenAPI Explorer, Alibaba Cloud SDKs, Terraform, and Resource Orchestration Service (ROS). OpenAPI Explorer supports online debugging of API operations.
Overview of OpenAPI Explorer
Alibaba Cloud provides OpenAPI Explorer for developers to understand and use the API operations of various Alibaba Cloud services in a quick and efficient manner. OpenAPI Explorer integrates multiple features related to API operations, including intelligent search, documentation, online debugging, SDK download, sample code, error diagnostics, and call statistics. In OpenAPI Explorer, you can call API operations of Alibaba Cloud services and view API requests and responses. In addition, OpenAPI Explorer automatically generates the corresponding SDK sample code to facilitate the use of Alibaba Cloud services. For more information, see What is an API?
API versions
Cloud Firewall supports online debugging of the API of the 2017-12-07 version. 2017-12-07 is an API version number rather than a date. Users are provided with the latest public information about the API. 2017-12-07 is the up-to-date version of the Cloud Firewall API. For more information, see API version.
Version | Description |
Recommended |
Online debugging
Cloud Firewall provides API debugging in OpenAPI Explorer. Before you call an API operation, you must obtain the API information from Cloud Firewall, such as versions, endpoints, and parameters.
Debugging page: https://api.alibabacloud.com/api/Cloudfw/2017-12-07.
Endpoints
You must select an endpoint based on the region where your resource resides to reduce latency. For example, the public endpoint of Cloud Firewall in the China (Hangzhou) region is cloudfw.aliyuncs.com and the virtual private cloud (VPC) endpoint is cloudfw.vpc-proxy.aliyuncs.com.
Public endpoints can be accessed globally.
However, VPC endpoints can be accessed only within a VPC in the corresponding Alibaba Cloud region. VPC endpoints provide the following benefits:
High security: VPC endpoints can be accessed only from within a VPC. This provides higher security and privacy.
Fast response: VPC endpoints deliver faster responses than public endpoints because VPC endpoints enable data transmission over VPCs. In addition, problems such as network latency and bandwidth limitations can be prevented.
Low cost: VPC endpoints are accessed over an internal network.
For more information, see Endpoints.
Identities
By default, after you log on to OpenAPI Explorer by using your Alibaba Cloud account, the Alibaba Cloud account is used to perform online debugging. An Alibaba Cloud account has permissions on all API operations. If you use an Alibaba Cloud account to call API operations, security risks may arise. We recommend that you call API operations or perform routine O&M as a Resource Access Management (RAM) user. Before you call API operations by using a RAM user, grant the required permissions to the RAM user based on your business requirements.
Identity | Supported |
Yes | |
RAM user (recommended) | Yes |
RAM role (recommended) | Yes |
References
Integration methods
SDKs can be easily integrated with your applications and cover the widest range of operations. We recommend that you use SDKs to call API operations.
Calling method | Supported |
Yes | |
Yes | |
Partially supported | |
Partially supported | |
Yes |
Alibaba Cloud SDKs
Alibaba Cloud provides SDKs in multiple programming languages, including Java, C#, Go, Python, Node.js, TypeScript, PHP, and C++. You can integrate the SDKs into your applications to directly call API operations. SDKs encapsulate the signature logic, timeout mechanism, and retry mechanism and provide the request and response objects that facilitate development. For more information, see Alibaba Cloud SDKs.
You can use Cloud Firewall SDKs to call API operations. For more information about the programming languages supported by Cloud Firewall and how to install related dependencies, see OpenAPI Portal.
Alibaba Cloud CLI
You can run
aliyuncommands to interact with Alibaba Cloud services and manage cloud service resources. For more information, see What is Alibaba Cloud CLI?You can use Alibaba Cloud CLI to call the API operations of Cloud Firewall. For more information about how to obtain and use Alibaba Cloud CLI, see User guide of Alibaba Cloud CLI.
ROS
ROS is an Alibaba Cloud service that simplifies the management of cloud computing resources. You can create a template to describe the required cloud computing resources such as Elastic Compute Service (ECS) and ApsaraDB RDS instances, and the dependencies between the resources. ROS automatically creates and configures all resources based on the template to implement automated deployment and O&M. For more information, see What is ROS?
You can use ROS to call the API operations of Cloud Firewall. The following table describes the resource types that are supported.
Resource
Description
Creates an address book for access control. The following address book types are supported: IP address books, ECS tag-based address books, port address books, and domain address books. An ECS tag-based address book includes the public IP addresses of the ECS instances that have specific tags.
Creates an access control policy.
Creates an access control policy in a specific policy group for a VPC firewall.
Activates Cloud Firewall.
Enable all firewalls.
Enables firewalls for specific assets.
Terraform
Terraform is an open source tool that is used to preview, configure, and manage cloud infrastructure and resources in a secure and efficient manner. Terraform works in a similar way as ROS. Terraform calls API operations by interpreting templates. For more information, see What is Terraform?
For more information about how to use Terraform to orchestrate Cloud Firewall resources, see Overview.
Custom API encapsulation
To make native HTTP calls, you must create custom requests and sign the requests. For more information about the signature mechanism, see List of operations by function and Request syntax and signature method V3.
Precautions
The number of queries per second (QPS) that an Alibaba Cloud account can initiate varies based on API operations. For more information, see the "QPS limits" section in the API reference of each operation.
NoteAll RAM users that belong to an Alibaba Cloud account share the QPS quota of the Alibaba Cloud account.
If an error is returned after you call an API operation, you can check whether the request parameters and the parameter values are valid based on the error code. For more information, see Error codes.
You can also perform self-service diagnostics based on the returned request ID or SDK error information on the Alibaba Cloud OpenAPI Diagnostics page.