This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Overview

    Service Overview

    API Gateway is a service that easily creates, manages, and monitors APIs. It defines resources and methods related to APIs in a consistent manner, and can apply built-in security access. Additionally, it can easily and conveniently monitor API usage status and performance metrics.

    Features

    • Convenient API Management: Through the console, you can conveniently register and manage APIs, and provide JWT (Json Web Token) for access permission management. It is also linked with SCP Cloud Functions, allowing Cloud Functions function calls via API Gateway.
    • Stable Traffic Handling: API Gateway can manage backend system traffic through usage plans. Usage plans can set the maximum number of calls per hour (hour/day/month), and this prevents excessive traffic from entering, enabling stable service usage.
    • Easy and convenient monitoring: Provides a dashboard that allows you to manage various functions such as API version management that links different deployment versions per stage, and to monitor API usage status. Through this, you can easily and quickly identify performance metrics such as API calls, response times, and error counts.

    Service Architecture Diagram

    Diagram
    Figure. API Gateway Diagram
    • The developer (3rd party Developer) can access various backend services via a single endpoint (API Gateway) using Rest API.
    • API Gateway can route the request to an appropriate backend service or Cloud Function.
    • If authentication and authorization are required, the user is verified with JWT.
    • Request data is transformed as needed, or responses from multiple services are aggregated into one through the API Gateway.
    • When traffic is high, you can apply load balancing and rate limiting to improve service stability.
    • Supports web clients to call APIs from other domains through CORS settings.
    • All requests and responses are logged and monitored in the API Gateway service, allowing rapid detection of failures and anomalies.
    • By separating stages for each environment such as development, testing, and production, you can manage API versions and utilize the required version. API management, security policy application, etc., can be handled consistently centrally through the API Gateway service.

    Provided Features

    API Gateway provides the following features.

    • API Management and Operations

      • Custom Domain Name: Connect a custom domain to the API to provide a unique URL for the user
      • REST API creation and management: Define resources and methods (GET, POST, etc.) and set authentication method
      • API version and stage management: Operate the same API in multiple versions simultaneously and manage changes
      • Routing: Routing requests to various backend services based on the URI path or request headers
      • Monitoring and Logging: API performance monitoring and logging possible (available December 2025)

    • API security

      • IP ACL setting: Control to allow only specific IPs to access, enhancing security

    • Cloud Functions integration: Execute business logic in response to external requests by integrating with serverless computing

      • CORS support: Set Cross-Origin Resource Sharing (CORS) to allow resource access from other domains

    Components

    API

    An API is a collection of resources and methods integrated with backend HTTP endpoints, Cloud Functions, or other SCP services. APIs provide a logical interface to the actual service and are deployed across multiple stages, allowing use in various environments (development, production, etc.).

    Resources

    Resources are logical units that represent specific endpoints (URI paths) within an API. Each resource can be organized in a tree structure and can have multiple HTTP methods. For example, paths such as /users , /orders become individual resources.

    Method

    The method defines the HTTP actions (e.g., GET, POST, PUT, DELETE, etc.) that can be performed on each resource. Each method is integrated with a specific backend to process actual data or execute functionality.

    Stage

    The stage is a named reference to a specific point in time (snapshot) of an API deployment, distinguishing environments in the API lifecycle such as development (dev), testing (test), and production (prod). Each stage has its own unique URL, and separate settings per environment are possible for caching, logging, throttling, stage variables, etc. Stages support various operational scenarios such as environment-specific configurations and traffic segregation.

    Endpoint

    The endpoint is a unique URL address used by the client to access the API. A separate endpoint is created for each stage.

    Integration

    Integration defines how API methods connect to the actual backend (HTTP endpoints, Functions). Through request and response data transformation, authentication, mapping templates, etc., you can finely control the integration with the backend.

    JWT (Json Web Token)

    It is a token-based web standard (RFC 7519) used for authentication and authorization. JWT encodes a JSON object composed of three parts (Header, Payload, Signature) in Base64 URL-safe format, and prevents tampering by digitally signing with a secret key or public key. When securely exchanging authentication information and permissions between a server and client, or between services, it is used by placing them in the HTTP header, allowing stateless authentication without session storage.

    CORS (Cross-Origin Resource Sharing)

    It is a mechanism that bypasses the Same-Origin Policy applied in web browsers for security reasons, allowing resource sharing between servers of different origins (when protocol, domain, or port differ). The server specifies which origins’ requests are allowed through HTTP response headers (e.g., Access-Control-Allow-Origin, etc.), enabling the client (browser) to safely perform cross-origin requests. If CORS is not properly configured, the browser blocks requests for resources from other origins, which is a web standard security policy that must be considered when using various resources such as external API calls, fonts, images, and videos.

    Regional Provision Status

    API Gateway can be provided in the environments below.

    RegionAvailability
    Korea West 1 (kr-west1)Provided
    Korea East1 (kr-east1)Provided
    South Korea 1(kr-south1)Not provided
    South Korea 2(kr-south2)Not provided
    South Korea 3(kr-south3)Not provided
    Table. API Gateway Regional Availability

    Preliminary Service

    This is a list of services that can be optionally configured before creating the service. Please refer to the guide provided for each service for details and prepare in advance. ​

    Service CategoryServiceDetailed Description
    ComputeCloud FunctionsA service that runs application code in a serverless computing environment
    • When you connect a Cloud Functions function as the integration target of an endpoint in API Gateway, the client’s HTTP request is passed to the function and you can receive the execution result. This allows you to easily implement an API backend in a serverless manner.
    Table. API Gateway Pre-service