[AWS] API Gateway

API Gateway is a fully managed API endpoint service that creates, manages, publishes, monitors, secures, and scales APIs. API Gateway can use other AWS services (Lambda, DynamoDB) for compute and store.

API Gateway how it works

API Gateway Features

  • API Gateway can act as a front door for existing API and can be scaled to meet the demand.
    • It supports the serverless, microservice, and even monolithic architecture.
  • Pricing is based on the number of API calls, the amount of data transferred, and any caching.
  • API Gateway can access some AWS services directly using proxy mode.
  • Protocols
    • REST (Representational State Transfer): Resource/Action (Method – GET/PUT …)/Settings
    • WebSocket
  • You can use AWS X-Ray to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services.
  • DDoS (Distributed Denial of Service) protection via CloudFront.
  • Request/Response data transformation (JSON -> XML)
  • Can be used with AWS Certificate Manager: free SSL/TLS certificates
  • The same-origin-policy is important to secure your API from Cross-Site Scripting (XSS) attacks. CORS (Cross Origin Resource Sharing) is the way to loosen the policy.

API Gateway Caching

  • API Gateway Caching is used to cache the endpoint’s response per API or per Stage (a cache key).
  • Caching is used to improve the latency of the requests to APIs.
  • Responses are cached for a specified TTL (Time to Live) period.

API Gateway Components

  • Resource: a logical entity that can be accessed via the resource path (resource URL)
  • Method: a method can be associated with a resource and responds to the request (GET, PUT, …)
  • Deployment: a snapshot of API’s resources and methods; must be associated with a stage
  • Stage: APIs are deployed into stages (different environments: dev, productions); A stage is a snapshot of the API – methods, integration, models, mapping templates, and Lambda authorities. It supports AWS Certificate manager.

API Throttling

  • Throttling rules can be used to set the number of requests per second.
  • Limits
    • 10,000 requests per second (rps)
    • 5,000 concurrent requests across all APIs within an account
  • Any request over the limit will receive a 429 HTTP response (Too many requests).
  • CloudWatch can be used to monitor API Gateway activity, usage, and throttling rules.
    • Throttling limits can be set for standard rates and burst rates. For example, you can set a standard rate limit of 1,000 requests per second for a specific REST method and also configure a burst rate of 2,000 requests per second for a few seconds.

Import APIs

  • The API Gateway Import feature is used to import an API from the external definition file into API Gateway.
  • Swagger v2.0 definition files are supported.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s