How-To Guides

This section contains practical, task-oriented guides for API7 Gateway. Each guide focuses on a specific goal and provides step-by-step instructions to accomplish it.

Traffic Management

Control how API7 Gateway handles incoming requests and routes them to upstream services.

• Rate Limiting: Protect upstream services by limiting the number of requests per consumer or IP address.
• Proxy Rewrite: Rewrite request URIs, headers, and methods before forwarding to upstream services.
• Response Rewrite: Modify response status codes, headers, and body content before returning to the client.
• Canary Release: Gradually roll out changes by splitting traffic between upstream versions using weighted routing.
• Blue-Green Deployment: Switch traffic between two upstream environments with zero downtime.
• Health Check: Configure active and passive health checks to automatically remove unhealthy upstream nodes.
• CORS: Configure Cross-Origin Resource Sharing to allow or restrict access from different domains.
• Fault Injection: Test application resilience by injecting HTTP errors and response delays.
• Proxy Cache: Improve API performance and reduce upstream load by caching responses at the gateway.
• Proxy Mirror: Duplicate and send a percentage of production traffic to a secondary service for testing.
• Global Plugin Exemption: Conditionally skip global plugin execution for specific routes using route labels and the _meta.filter mechanism.

API Security

Authenticate and protect API consumers.

• Key Authentication: Require clients to provide an API key in the request header or query string.
• Basic Authentication: Require clients to provide a username and password in the HTTP Authorization header.
• JWT Authentication: Use JSON Web Tokens (JWT) for stateless authentication.
• HMAC Authentication: Secure APIs with Hash-based Message Authentication Code (HMAC) request signing.
• Data Masking: Redact or remove sensitive fields from request data before it is written to logs.

Protocol Proxy

Proxy non-HTTP protocols and specialized API traffic.

• gRPC Proxy: Proxy gRPC traffic, including REST-to-gRPC transcoding and gRPC-Web support for browser clients.
• WebSocket Proxy: Enable WebSocket proxying for long-lived, bidirectional connections.
• GraphQL Proxy: Proxy GraphQL APIs and add GraphQL-aware rate limiting and caching.
• TCP/UDP Proxy: Proxy Layer 4 TCP and UDP traffic to upstream services.

Plugin Development

Extend API7 Gateway functionality with custom plugins.

• Custom Lua Plugins: Write and deploy custom Lua plugins that run inside the gateway process.

Operations

Manage organizational access control and operational workflows.

• Manage Gateway Groups: Create and manage multiple gateway groups to isolate traffic across environments or teams.
• Use ADC for Declarative Configuration: Manage gateway configuration as code with ADC.
• Configure Secret Management: Integrate external secret managers for sensitive configuration.
• Create a Custom Role: Define permission policies, attach them to a role, and assign the role to a user.
• Design a Custom Role System: Plan a scalable RBAC model for teams, environments, and delegated administration.
• Configure Readiness and Liveness Probes: Configure health probes for data planes in Kubernetes, Docker, and other deployments.

Related Resources

• Quick Start: Set up API7 Gateway for the first time.
• Tutorial: Proxying and Managing API Requests: A hands-on tutorial covering basic proxying and plugin management.
• Key Concepts: Understand the core concepts behind API7 Gateway.