Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any Web application.
2. API Management Challenges
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time
consuming.
• Access authorization is a challenge.
• Traffic spikes create an operational burden.
• What if I don’t want servers at all?
3. An API call flow
Internet
Mobile apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
cache
Endpoints on
Amazon EC2/
AWS Elastic
Beanstalk
Any other publicly
accessible endpoint
Amazon
CloudWatch
monitoring
4. Build, deploy, clone, and roll back
• Build APIs with their resources, methods, and settings
• Deploy APIs to a stage
– Users can create as many stages as they want, each with its own throttling,
caching, metering, and logging configuration
• Clone an existing API to create a new version
– Users can continue working on multiple versions of their APIs
• Roll back to previous deployments
– We keep a history of customers’ deployments so they can revert to a
previous deployment
5. Manage multiple versions and stages of your APIs
API 1 (v1)
Stage (dev)
Stage (prod)
API 2 (v2)
Stage (dev)
6. Use API keys to authorize access
• The name “key” implies security – there is
no security in baking text in an app’s code
• API keys should be used purely to meter
app/developer usage
• API keys should be used alongside a
stronger authorization mechanism
7. API throttling
• Throttling helps you manage traffic to your back end
• Throttle by developer-defined requests-per-second
limits
• Requests over the limit are throttled
– HTTP 429 response
• The generated SDKs retry throttled requests
8. Caching API responses
• You can configure a cache key and the Time to Live
(TTL) of the API response
• A cache is dedicated to you, by stage
• Provision between 0.5 GB and 237 GB of cache
9. Request processing workflow
Receive
incoming
request
• Check for item in
dedicated cache
• If found, return
cached item
Check throttling
configuration
• Check current
requests-per-
second rate
• If above allowed
rate, return 429
Execute back-
end call
10. API models
• Models are a JSON schema representation of
your API requests and responses
• Models are used for input and output filtering
and SDK generation
• You can reuse models across multiple methods
in your API
11. Input/output transforms
• Use Velocity templates to transform data
• Filter output results
– Remove private or unnecessary data
– Filter dataset size to improve API performance
• GET to POST
– Read all query string parameters from your GET request and create a body to
make a POST request to your back end
• JSON to XML
– Receive JSON input and transform it to XML for your back end
– Receive JSON from an AWS Lambda function and transform it to XML
12. Transform example: JSON to XML
API Gateway
Back end
GET - /sayHello
AWS
Lambda
fn_sayHello
/sayHello
{
“message” : “hello world”
}
<xml>
<message>
Hello world
</message>
</xml>
#set($root = $input.path('$'))
<xml>
<message>
$root.message
</message>
</xml>
13. Generate client SDKs based on Your APIs
• SDKs are generated based on API deployments (stages)
• If request-response models are defined, the SDK includes
input and output marshalling of your methods
• SDKs know how to handle throttling responses
• SDKs also know how to sign requests with AWS
temporary credentials (signature version 4)
• Support for Android, iOS, JavaScript, …
14. API Gateway pricing
• $3.50 per million API Gateway requests
• Included in the AWS Free Tier
– 1 million API requests per month for 12 months
• Data Transfer Out (standard AWS prices)
– $0.09/GB for the first 10 TB
– $0.085/GB for the next 40 TB
– $0.07/GB for the next 100 TB
– $0.05/GB for the next 350 TB
15. Availability
• Today!
• Initially available in:
– US East (N. Virginia)
– US West (Oregon)
– EU West (Dublin)
• We plan to enable other regions rapidly