tencent cloud

API Gateway

Release Notes and Announcements

Announcements

[Important] API Gateway Product Sales Discontinuation Announcement

[March 1, 2024] Security Management Notice for the Use of Default Domain Name in API Gateway

[August 15, 2022] Billing of Public Network Outbound Traffic from API Gateway to Backend Services

Product Introduction

Regions and Availability Zones

Purchase Guide (Discontinued)

Billing Overview

Instance Specifications

Shared Instance Billing

Dedicated Instance Billing

Resource Pack Billing

Payment Overdue

Getting Started

Step 1. Get the Access Permission

Step 2. Create a Service

Step 3. Create an API with Mock as the Backend Type

Step 4. Publish the Service

Step 5. Create a Plugin and Bind It to the API

Step 6. Debug the API

Operation Guide

Instance Management

Instance Parameter Configuration

Service Management

Creating Services

Editing Services

Deleting Services

Service Domain Name

Binding Service to VPC

Migrating Service from Shared Instance to Dedicated Instance

Creating API

API Creation Overview

Creating APIs Connecting to the Public URL/IP Backend

Creating APIs Connecting to the VPC Resource Backend

Creating APIs Connecting to the SCF Backend

Creating API for Interconnecting Backend with COS

Creating APIs Connecting to the Mock Backend

Creating APIs Connecting to the TSF Backend

API Management

Debugging General APIs

Debugging Microservice APIs

Compressing Responses

Base64 Encoding

Calling API

Calling Key Pair Authentication API

Authentication-Free API

Release and Access

Service Release and Deactivation

Environment Version Switch

Custom Domain Name and Certificate

Configuring Custom Domain Name

Usage Plan

Working with a Usage Plan

Traffic Control

Backend Upstream

Verification and Security

Application-Enabled Authentication Method

Authentication-Free Mode

Log Statistics

View Log Analysis

Exporting Service Logs

Viewing Operation Logs

Shipping to CLS

Access Monitoring

Viewing Monitoring Charts

Viewing API Statistics

Monitoring Metrics

API Doc Generator

Application Management

Permission Management

Private IP Ranges and Public VIPs of API Gateway Regions

Plugin Usage

IP Access Control

Basic Traffic Throttling

Parameter Traffic Throttling

Conditional Routing

Custom Verification

Custom Request Body

Custom Response Body

Anti-Replay Plugin

Practical Tutorial

Making Serverless Service Available quickly through API Gateway

Integrating WAF to API Gateway for Security Protection

Accessing Resources in IDC via API Gateway Dedicated Instance

Quick Access to TEM Application via API Gateway

Integrating ECDN to API Gateway for Acceleration

API Gateway Providing the Access Capability for TKE

Migrating from Region A to Region B

Development Guide

Serverless Framework

Installing Serverless Framework

Creating and Deploying API Gateway Service

Importing APIs

Sample for Importing APIs

Generating Application Authentication Signature

Quick Service Deletion Tool

Uploading Files

Serverless Multi-File Upload Processing

Structures Passed by API Gateway to Backend

API Documentation

Making API Requests

Request Structure

Plugin APIs

DescribeAllPluginApis

DescribePluginApis

DescribePluginsByApi

Application APIs

DescribeApiAppBindApisStatus

DescribeApiAppsStatus

DescribeApiBindApiAppsStatus

DescribeApiForApiApp

DescribeServiceForApiApp

UpdateApiAppKey

Other APIs

DescribeInstancesNetworkConfig

DescribeUpstreamBindApis

DescribeUpstreams

DescribeExclusiveInstanceRegions

Usage Plan APIs

BindEnvironment

CreateUsagePlan

DeleteUsagePlan

DemoteServiceUsagePlan

DescribeUsagePlan

DescribeUsagePlanEnvironments

DescribeUsagePlanSecretIds

DescribeUsagePlansStatus

ModifyUsagePlan

UnBindEnvironment

UnBindSecretIds

IP Policy APIs

CreateIPStrategy

DeleteIPStrategy

DescribeIPStrategy

DescribeIPStrategyApisStatus

DescribeIPStrategysStatus

ModifyIPStrategy

UnBindIPStrategy

Custom Domain Name APIs

DeleteServiceSubDomainMapping

DescribeServiceSubDomainMappings

DescribeServiceSubDomains

ModifySubDomain

UnBindSubDomain

API Document APIs

DescribeAPIDocDetail

DescribeAPIDocs

ResetAPIDocPassword

OpenAPI APIs

DescribeApiUsagePlan

DescribeApisStatus

ModifyApiIncrement

Key APIs

DescribeApiKeysStatus

Log APIs

DescribeLogSearch

Service APIs

DescribeService

DescribeServiceEnvironmentList

DescribeServiceEnvironmentReleaseHistory

DescribeServiceReleaseVersion

DescribeServiceUsagePlan

DescribeServicesStatus

UnReleaseService

Throttling Policy APIs

DescribeApiEnvironmentStrategy

DescribeServiceEnvironmentStrategy

ModifyApiEnvironmentStrategy

ModifyServiceEnvironmentStrategy

Documentation and SDK APIs

GenerateApiDocument

Legacy Features

Key Pair Authentication

Key Pair Authentication

Java (Key Pair Authentication)

Go (Key Pair Authentication)

Python (Key Pair Authentication)

JavaScript (Key Pair Authentication)

PHP (Key Pair Authentication)

C++ (Key Pair Authentication)

Erlang (Key Pair Authentication)

Signature generation instructions

FAQs

504 Error Solution

HTTP Error Codes

Service Level Agreement

DocumentationAPI GatewayPlugin UsageAnti-Replay Plugin

Anti-Replay Plugin

Last updated: 2023-12-22 10:02:09

Anti-Replay Plugin

Last updated: 2023-12-22 10:02:09

Overview
The anti-replay plugin is provided by API Gateway to protect APIs from replay attacks. You can create an anti-replay plugin and bind it to an API to protect your backend services.
Directions
Step 1. Create a plugin
1. Log in to the API Gateway console.
2. On the left sidebar, click Plugin to enter the plugin list page.
3. Click Create in the top-left corner of the page and select Anti-Replay as the Plugin Type to create an anti-replay plugin.
Parameter
Required
Description
Forced anti-replay
No
Whether to enable forced anti-replay. It is disabled by default. If you need to enable it, you must add the `x-apigw-nonce` field to the request header.
Anti-replay period
No
Valid anti-replay period, which is 900 seconds by default. Value range: 1–1800.
Step 2. Bind an API and make the plugin effective
1. Select the just created plugin in the list and click Bind API in the Operation column.
2. In the Bind API pop-up window, select the service, environment, and the target API.
PluginData
{
    "force_nonce":true, // Whether to enable forced anti-replay. It is disabled by default. If you need to enable it, you must add the `x-apigw-nonce` field to the request header.
    "nonce_ttl":1       //  Valid period of `nonce`, which is 900 seconds by default. Value range: 1–1800.
}
﻿
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

No

Contact Us

Contact our sales team or business advisors to help your business.

Technical Support

Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

7x24 Phone Support