- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Service Management
- API Creation
- API Management
- API Calling
- Release and Access
- Custom Domain Name and Certificate
- Usage Plan
- Backend Tunnel
- Authentication and Security
- Log Analysis
- Access Monitoring
- API Doc Generator
- Application Management
- Permission Management
- Precautions
- Private IP Ranges and Public VIPs of API Gateway Regions
- Plugin Usage
- Best Practice
- Making Serverless Service Available quickly through API Gateway
- Integrating WAF to API Gateway for Security Protection
- Accessing Resources in IDC via API Gateway Dedicated Instance
- Quick Access to TEM Application through API Gateway
- Integrating ECDN to API Gateway for Acceleration
- API Gateway Providing the Access Capability for TKE
- Development Guide
- API Documentation
- Legacy Features
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
- Release Notes
- Product Introduction
- Purchase Guide
- Getting Started
- Operation Guide
- Service Management
- API Creation
- API Management
- API Calling
- Release and Access
- Custom Domain Name and Certificate
- Usage Plan
- Backend Tunnel
- Authentication and Security
- Log Analysis
- Access Monitoring
- API Doc Generator
- Application Management
- Permission Management
- Precautions
- Private IP Ranges and Public VIPs of API Gateway Regions
- Plugin Usage
- Best Practice
- Making Serverless Service Available quickly through API Gateway
- Integrating WAF to API Gateway for Security Protection
- Accessing Resources in IDC via API Gateway Dedicated Instance
- Quick Access to TEM Application through API Gateway
- Integrating ECDN to API Gateway for Acceleration
- API Gateway Providing the Access Capability for TKE
- Development Guide
- API Documentation
- Legacy Features
- FAQs
- Service Level Agreement
- Contact Us
- Glossary
Overview
If the verification and authentication method provided by the API Gateway cannot meet your requirements, you can use custom verification plugin to verify and authenticate a request.
Custom verification plugin applies during the request process. The API Gateway will forward the request to the verification SCF after receiving it from the Client. Then, the request will be forwarded to the service backend only if it passes the verification by the SCF, otherwise the request will be denied.
Prerequisites
- You have activated SCF.
Directions
Step 1: creating a verification SCF
- Log in to the SCF console.
- Click Function Service on the left sidebar to open the function list page.
- Click Create at the upper-left corner of the page to create a verification SCF.
Note:
- You need to write the verification SCF. For more information, see Template of Custom Verification SCF.
- Custom verification plugin requires to return the value of api-auth in the Body of the response body that is returned to the gateway. When the value is
true, it means the verification is passed; when the value isfalseornull, it means the verification is failed.
Step 2: creating a custom verification plugin
- Log in to the API Gateway console
- On the left sidebar, click Plugin - Custom Plugin to open the custom plugin list page.
- Create Create at the upper-left corner of the page to create a custom verification plugin. You need to enter the following parameters:
| Parameter | Required | Description |
|---|---|---|
| Select an SCF | Required | You need to select the namespace, name and version of the verification SCF. |
| Backend timeout | Required | This sets the backend timeout that the API Gateway forwards the request to the verification SCF. The maximum time limit is 30 minutes. When no response is returned before the timeout after the API Gateway calls the SCF, the API Gateway will end the call and returns an error message. |
| Whether to send Body | Required | When the value is "Yes", the Header, Body and Query requested by the Client will be sent to the SCF; when the value is "No", the Body requested will not be sent. |
| Verification parameter | Optional | It sets the request parameters for verification. When caching time is not 0, this parameter must be set. When caching is enabled, the verification result will be queried with this parameter as the search condition. |
| Caching time | Required | It sets the caching time for the verification result. 0 indicates that caching is not enabled. Caching time can be up to 3,600 seconds. |
Note:After caching is enabled, the API Gateway will record the relationship between the value of authentication parameter and the value of api-auth. If there is subsequent request during caching time, and the value of authentication parameter is the same as the value of the first request, the request will not be forwarded to the SCF and will be processed according to the value of api-auth for the first request.
- Click Save to complete the process.
Step 3: binding the API
- Select the just created plugin in the list and click Bind API in the Operation column.
- In the Bind API pop-up window, select the service, environment, and the API to which the plugin needs to be bound.
- Click OK to bind the plugin to the API. At this time, the configuration of the plugin has taken effect for the API.
pluginData
{
"cache_time":10, // Verification result caching duration in seconds. Value range: 0–3600
"endpoint_timeout":15, // Backend timeout period in seconds. Value range: 0–60
"func_name":"test_name", // Custom SCF name
"func_namespace":"test_namespace", // Custom SCF namespace
"func_qualifier":"$LATEST", // Custom SCF version
"is_send_body":true, // Whether to send the request Body to the SCF
"header_auth_parameters":[ // Verification parameter in Header location. The plugin caches the verification result based on the parameter value
"Header1"
],
"query_auth_parameters":[ // Verification parameter in Query location. The plugin caches the verification result based on the parameter value
"Query1"
],
"user_id":1253970226, // appid
"version":"2021-12-26 17:17:49" // Plugin version in the format of `yyyy-MM-dd HH:mm:ss`. When you edit the plugin, the new value passed in will invalidate the result cached in the plugin
}
Notes
- When you enable caching and configure the verification parameter, the API Gateway will conduct parameter verification. If the request does not transfer the verification parameter, the API Gateway will report an error message "xxx parameter is missing". The values are case insensitive for parameter verification and cache hitting conducted by the API Gateway.
- Binding a custom plugin to the API means creating a trigger for the SCF to trigger the API. Deleting the trigger on the SCF side means unbinding the plugin from the API.
- For now, the custom verification plugin only supports event-triggered function and does not support HTTP-triggered function.
- The custom verification plugin can coexist with the verification method provided by the API Gateway. The latter takes priority. We recommend that you set the API where the custom verification plugin bound to "free from verification".
Yes
No
Was this page helpful?