API Gateway is a fully managed API endpoint service that creates, manages, publishes, monitors, secures, and scales APIs. API Gateway can use other AWS services (Lambda, DynamoDB) for compute and store.
API Gateway Features
- API Gateway can act as a front door for existing API and can be scaled to meet the demand.
- It supports the serverless, microservice, and even monolithic architecture.
- Pricing is based on the number of API calls, the amount of data transferred, and any caching.
- API Gateway can access some AWS services directly using proxy mode.
- REST (Representational State Transfer): Resource/Action (Method – GET/PUT …)/Settings
- You can use AWS X-Ray to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services.
- DDoS (Distributed Denial of Service) protection via CloudFront.
- Request/Response data transformation (JSON -> XML)
- Can be used with AWS Certificate Manager: free SSL/TLS certificates
- The same-origin-policy is important to secure your API from Cross-Site Scripting (XSS) attacks. CORS (Cross Origin Resource Sharing) is the way to loosen the policy.
API Gateway Caching
- API Gateway Caching is used to cache the endpoint’s response per API or per Stage (a cache key).
- Caching is used to improve the latency of the requests to APIs.
- Responses are cached for a specified TTL (Time to Live) period.
API Gateway Components
- Resource: a logical entity that can be accessed via the resource path (resource URL)
- Method: a method can be associated with a resource and responds to the request (GET, PUT, …)
- Deployment: a snapshot of API’s resources and methods; must be associated with a stage
- Stage: APIs are deployed into stages (different environments: dev, productions); A stage is a snapshot of the API – methods, integration, models, mapping templates, and Lambda authorities. It supports AWS Certificate manager.
- Throttling rules can be used to set the number of requests per second.
- 10,000 requests per second (rps)
- 5,000 concurrent requests across all APIs within an account
- Any request over the limit will receive a 429 HTTP response (Too many requests).
- CloudWatch can be used to monitor API Gateway activity, usage, and throttling rules.
- Throttling limits can be set for standard rates and burst rates. For example, you can set a standard rate limit of 1,000 requests per second for a specific REST method and also configure a burst rate of 2,000 requests per second for a few seconds.
- The API Gateway Import feature is used to import an API from the external definition file into API Gateway.
- Swagger v2.0 definition files are supported.