Overview

Service Overview

API Gateway is a service that makes it easy to create, manage, and monitor APIs. It allows you to define API-related resources and methods in a consistent format and apply built-in security access. Additionally, you can easily and conveniently monitor API usage and performance metrics.

Features

• Convenient API Management: You can conveniently register and manage APIs through the console, and it provides JWT (Json Web Token) for access permission management. It is also integrated with SCP Cloud Functions, allowing Cloud Functions to be invoked via the API Gateway.
• Stable Traffic Handling: API Gateway can manage backend system traffic through usage plans. Usage plans allow you to set the maximum number of calls per hour (hourly/daily/monthly), and by doing so, they prevent excessive traffic from entering, enabling stable service usage.
• Easy and convenient monitoring: Provides a dashboard with various management features, including API version management that links different deployment versions per stage, and allows you to monitor API usage. Through this, you can quickly and easily understand performance metrics such as API calls, response times, and error counts.

Service Diagram

• A developer (3rd party Developer) can access various backend services via a single endpoint (API Gateway) using Rest API.
• API Gateway can route the request to the appropriate backend service or Cloud Function.
• When authentication and authorization are required, the user is verified with JWT.
• Request data is transformed as needed, and responses from multiple services are aggregated into a single result through the API Gateway.
• When traffic is high, you can improve service reliability by applying load balancing and rate limiting (rate limiting).
• Supports web clients calling APIs from other domains via CORS configuration.
• All requests and responses are logged and monitored by the API Gateway service, enabling rapid detection of failures and anomalies.
• You can separate stages by environment—development, testing, production—to manage API versions and utilize the required version. API management, security policy enforcement, and related tasks can be handled consistently from a central point through the API Gateway service.

Provided features

API Gateway provides the following features.

• API Management and Operations

  • Custom Domain Name: Connect a custom domain to the API to provide a unique URL for the user
  • REST API Creation and Management: Define resources and methods (GET, POST, etc.) and configure authentication methods
  • API version and stage management: Operate the same API in multiple versions simultaneously and manage changes.
  • Routing: Route requests to various backend services based on the URI path or request headers.
  • Monitoring and Logging: API performance monitoring and log recording possible(‘available in December 2025)

• API security

  • IP ACL configuration: Control access so that only specific IPs can connect, enhancing security.
  • Cloud Functions Integration: Integrate with serverless computing to execute business logic in response to external requests
  • CORS Support: Set Cross-Origin Resource Sharing(CORS) to allow resource access from other domains

Component

API

An API is a collection of resources and methods integrated with backend HTTP endpoints, Cloud Functions, or other SCP services. An API provides the logical interface of the actual service and can be deployed to multiple stages for use in various environments (development, production, etc.).

resource

Resources are logical units that represent specific endpoints (URI paths) within an API. Each resource can be organized in a tree structure and can have multiple HTTP methods. For example, /users , /orders become individual resources.

Method

Methods define the HTTP actions (e.g., GET, POST, PUT, DELETE, etc.) that can be performed on each resource. Each method is integrated with a specific backend to process actual data or execute functionality.

Stage

The stage is a named reference to a specific point in time (snapshot) of an API deployment, distinguishing environments in the API lifecycle such as development (dev), testing (test), and production (prod). Each stage has its own unique URL, and separate settings can be configured per environment, including caching, logging, throttling, stage variables, and so on. Stages support various operational scenarios such as environment-specific configurations and traffic segregation.

endpoint

An endpoint is a unique URL address that a client uses to access the API. A separate endpoint is created for each stage.

Integration

Integration defines how API methods connect to the actual backend (HTTP endpoint, Function). By transforming request and response data, handling authentication, and using mapping templates, you can finely control the integration with the backend.

JWT (Json Web Token)

It is a token-based web standard (RFC 7519) used for authentication and authorization. JWT encodes a JSON object composed of three parts (Header, Payload, Signature) using Base64 URL‑safe encoding, and applies an electronic signature with a secret key or public key to prevent tampering. When securely exchanging authentication information and permissions between a server and client, or between services, it is placed in the HTTP header, enabling stateless (Stateless) authentication without session storage.

CORS (Cross-Origin Resource Sharing)

It is a mechanism that bypasses the Same-Origin Policy applied in web browsers for security reasons, allowing resource sharing between servers of different origins (when the protocol, domain, or port differs). The server specifies which origins are allowed via HTTP response headers (e.g., Access-Control-Allow-Origin, etc.), enabling the client (browser) to safely perform cross-origin requests. If CORS is not properly configured, the browser blocks requests for resources from other origins, which is a web-standard security policy that must be considered when using various resources such as external API calls, fonts, images, and videos.

Provision status by region

API Gateway is available in the environments below.

Preliminary Service

This is a list of services that can be optionally configured before creating the service. Please refer to the guide provided for each service and prepare in advance.