Building an Open API service using API Gateway
Hello, this is NAVER Cloud Platform.
Today, we’re going to briefly introduce the API Gateway product,
and explain how to build an Open API service by using it.
These days, a lot of services are being developed to be able to control with an API, and such APIs are provided to regular users as Open APIs. For example, various Open API services provided by NAVER Cloud Platform such as Maps and CAPTCHA are being serviced using API Gateway.
In order to service these Open APIs, there are many things to consider, such as security and authentication, usage amount control, management of API versions and statements, and sudden increases in traffic. However, by using the API Gateway product provided by NAVER Cloud Platform, you can easily build an OPEN API service without worrying about these things.
You can manage API documents through customized authentication, Swagger UI, and API Overview in API Gateway. In addition, convenient features for Open API services are provided, such as managing API versions or rolling back to previous versions by managing stage deployment history, and downloading the SDK of a deployed API.
👉 Learn more about API Gateway
Now, we’re going to explain how to build an Open API service with the following conditions using the API Gateway product.
- Set limitations so that Open API can only be used with the issued API key
- Control the usage amount by API Key (daily/monthly)
How to register and deploy API
First, proceed with “Register API” and “Deploy API” in API Gateway, referring to our user guide. Then, modify the settings to suit the Open API services as follows.
There are two subscription methods to the product, Open — autonomous subscription and Protected — authorization required.
▶ Open — autonomous subscription: Anyone can use the product’s API.
▶ Protected — authorization required: The publisher needs to authorize the use of the product API.
We want to control it so that the API can be called with a certain API key, so change the subscription method to Protected — authorization required.
This method can be used without an API key when the API key required setting is disabled, even if the product subscription method has been modified. Enable the API key required setting for the method that needs to be restricted.
Please note that you can use Authorizer if you’d like to process a customized authentication logic in API Gateway.
Set the Throttling settings in Stage to the end point’s available capacity to be ready in case of a sudden increase in traffic. This setting will enable API Gateway to return the “Throttle Limited” error message when there is more traffic than set in the Throttling settings.
Then, we change the request processing limit in Default Usage Plan in Stage to 0. This prevents the usage of an API key without a Usage Plan connection.
Let’s start building an Open API service
How to use NAVER Cloud Platform Open API
You need an authentication Key to use the Open API for products provided by NAVER Cloud Platform. Please refer to the User Guide for how to create and call authentication keys.
All features in the API Gateway console are provided as Open API.
Let’s check out the APIs needed to build an Open API service among them.
You’d need the ID information of the product, API, and stage created as above to use the following API. Please note that you can get the required ID if you click the Stage Document link distributed.
Now we will move on to explain about API Gateway’s Open API, which is required to provide the following features.
- Issue and delete API keys for using API
- Modify and view the API key’s usage amount
- Modify primary/secondary key of API key
1. How to issue API keys to use Open API and usage amount settings
Call API to issue an API key, and modify the settings so you can use Open API with that API key in the following order.
▶ Create API key — Product subscription
Create a usage plan in API Key and connect in order to control the API key’s usage amount. Usage amount control is processed by aggregating the usage amount of stages connected to the usage plan. If you would like to control multiple stages with one usage amount, then connect the multiple stages to a usage plan.
▶ Create a usage plan — Connect the usage plan to stages — Change API key’s usage plan
2. How to delete API keys and usage plans
Delete the API keys and usage plans that are not in use.
▶ Delete API keys — Delete usage plans
3. How to change API key usage amount and renew keys
You can control the usage amount by changing the created usage plan settings by API key.
▶ Modify usage plans
Use it when the API key needs to be changed due to issues such as a stolen API key.
▶ API Key renewal
4. How to view the usage amount
You can see the usage amount called by API keys, as well as daily/monthly usage limitation settings.
▶ View the subscribed API key’s usage amount
How to set limitations on the maximum number of API keys and usage plans
Maximum number of API keys and usage plans that can be created in API Gateway is limited as below.
- Maximum number of API keys created: 500
- Maximum number of usage plans created: 300
Please contact us at NAVER Cloud Platform customer service if you need to adjust these limitations.
Today we learned on how to build an Open API service using API Gateway.
If you have any questions, please leave a comment or make an inquiry at NAVER Cloud Platform customer service so that we can answer your questions.
We’ll be back with more useful content in the next post!
Thank you.
