2. Host multiple versions and stages of your APIs
Create and distribute API keys to developers
Leverage AWS Sig-v4 to authorize access to APIs
Throttle and monitor requests to protect your backend
Managed cache to store API responses
SDK Generation for iOS, Android, and JavaScript
Swagger support
Request / Response data transformation and API mocking
Features
4. An API Call Flow
API
Gateway
Mobile Apps
Websites
Services
Internet
Any public
endpoint
Amazon CloudWatch
Monitoring
AWS Lambda
Functions
API Gateway
Cache
5. Build, Deploy, Clone & Rollback
Build APIs with their resources, methods, and settings
Deploy APIs to a Stage
— Each stage has its own Throttling, Caching, Metering, and Logging
Clone an existing API to create a new version
Rollback to previous deployments
6. API Configuration
Pet Store
/pets/{petid}
• GET
• POST
• PUT
/pets
Define resources within an API
Create an API
Define methods for a resources
— Methods are Resource + HTTP verb
7. API Configuration
dev
beta
gamma
prod
Pet StoreAPI Configuration can be deployed to a
stage
Stages are different environments
For example:
— dev (e.g. thisismyapi.com/dev)
— beta (e.g. thisismyapi.com/beta)
— prod (e.g. thisismyapi.com/prod)
— As many stages as needed
16. You can configure custom domain names
Provide API Gateway with a signed HTTPS certificate
Custom domain names can point to an API or a Stage
Pointing to an API you have access to all stages
— beta (e.g. thisismyapi.com/beta)
— prod (e.g. thisismyapi.com/prod)
Pointing directly to your Prod stage
— prod (e.g. thisismyapi.com/)
Custom Domain Names
18. API Keys to Meter Developer Usage
Create API Keys
Set access permissions at the API/Stage level
Meter usage of API Keys through CloudWatch Logs
19. API Keys to Meter Developer Usage
Create API Keys
The name “Key” implies security – there is no security in
baking text in an App’s code
Set access permissions at the API/Stage level
API Keys should be used alongside a stronger
authorization mechanism
Meter usage of API Keys through CloudWatch Logs
API Keys should be used purely to meter app/developer
usage
20. You can leverage AWS Sig-v4 to sign and authorize API calls
— Amazon Cognito and AWS Security Token Service (STS) simplify the
generation of temporary credentials for your app
You can support OAuth or other authorization mechanisms
through custom headers
— Simply configure your API methods to forward the custom headers to your
backend
Authentication Options
21. Using Sig-v4
Call /login
(no auth)
Receive
credentials to
sign API calls
Client API Gateway Back End
/login
/login
fn_Login
Credentials
verified
Access &
Secret Key
23. Throttling helps you manage traffic to your backend
Throttle by developer-defined Requests/Sec limits
Requests over the limit are throttled
— HTTP 429 response
The generated SDKs retry throttled requests
API Throttling
24. You can configure a cache key and the Time to Live (TTL) of the
API response
Cached items are returned without calling the backend
A cache is dedicated to you, by stage
You can provision between 0.5GB to 237GB of cache
Caching API Responses
25. An API Call Flow
cached? throttled?
item
HTTP 429
27. SDKs are generated based on API deployments (Stages)
If Request and Response Models are defined, the SDK includes
input and output marshaling of your methods
SDKs know how to handle throttling responses
SDKs also know how to sign requests with AWS temporary
credentials (Sig-v4)
Support for Android, iOS, JavaScript, …
Generate Client SDKs Based on Your APIs
29. Amazon API Gateway Pricing
$3.50 per Million API Gateway requests
1 Million API requests per month for 12 months
— Included in the AWS Free Tier
Data Transfer Out (Standard AWS Prices)
— $0.09/GB for the first 10 TB
— $0.085/GB for the next 40 TB
— $0.07/GB for the next 100 TB
— $0.05/GB for the next 350 TB