API Gateway is a fully managed API endpoint service that creates, manages, publishes, monitors, secures, and scales APIs. API Gateway can use other AWS services (Lambda, DynamoDB) for compute and store.
- API (Application Programming Interface): Applications use APIs to communicate with other applications.
API Gateway Features
- API Gateway is a service that provides a single endpoint for traffic from all clients interacting with the backend applications running on Lamba or EC2 and services like DynamoDB or Kinesis.
- API Gateway can act as a front door for existing API and can be scaled to meet the demand.
- It supports the serverless, microservice, and even monolithic architecture.
- API Gateway allows you to publish, maintain, secure, and monitor APIs at any scale.
- Supports multiple versions of your APIs
- Pricing is based on the number of API calls, the amount of data transferred, and any caching.
- API Gateway can access some AWS services directly using proxy mode.
- You can use AWS X-Ray to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services.
- DDoS (Distributed Denial of Service) protection via CloudFront
- Request/Response data transformation (JSON -> XML)
- Can be used with AWS Certificate Manager: free SSL/TLS certificates
- The same-origin-policy is important to secure your API from Cross-Site Scripting (XSS) attacks. CORS (Cross Origin Resource Sharing) is the way to loosen the policy.
- Logging with CloudWatch
- API Gateway logs API calls, latencies, and error rates to CloudWatch.
Supported API Types
REST (Representational State Transfer) APIs
- Optimized for stateless and serverless workloads such as web applications
- Supports JSON (JavaScript Object Notation) with key/value pairs
Websocket APIs
- real-time, two-way, stateful communications
API Gateway Caching
API Gateway caches the endpoint response to improve the latency for requests.
- API Gateway Caching is used to cache the endpoint’s response per API or per Stage (a cache key).
- Caching is used to improve the latency of the requests to APIs.
- API Gateway caches responses for a specified time-to-live (TTL) period in seconds. The default is 300 seconds (5 mins).
API Gateway Components
- Resource: a logical entity that can be accessed via the resource path (resource URL)
- Method: a method can be associated with a resource and responds to the request (GET, PUT, …)
- Deployment: a snapshot of API’s resources and methods; must be associated with a stage
- Stage: APIs are deployed into stages (different environments: dev, productions); A stage is a snapshot of the API – methods, integration, models, mapping templates, and Lambda authorities. It supports AWS Certificate manager.
API Throttling
API Gateway manages traffic with throttling so that backend applications can withstand traffic spikes and denial of service attacks.
- Throttling rules can be used to set the number of requests per second.
- Limits
- 10,000 requests per second (rps) per region
- 5,000 concurrent requests across all APIs within an account
- Any request over the limit will receive a 429 HTTP response (Too many requests).
Ex) If there are more than 5K requests per second, 5K requests are handled immediately, and API Gateway throttles the rest within the one-second period.
- CloudWatch can be used to monitor API Gateway activity, usage, and throttling rules.
- Throttling limits can be set for standard rates and burst rates. For example, you can set a standard rate limit of 1,000 requests per second for a specific REST method and also configure a burst rate of 2,000 requests per second for a few seconds.
Import APIs
- The API Gateway Import feature is used to import an API from the external definition file into API Gateway.
- Swagger v2.0 definition files are supported.
Scriptorium 