What is AWS API?
In this blog, we are going to discuss on a general level what AWS API is.
What is API?
- API stands for Application Programming Interface.
- API is just a software that allows two applications/services to talk to each other.
- The most common type of API is via HTTP/S requests.
e.g.
“Sign in with Google” is a common example of an API-based authentication system that allows users to sign in to a website or application using their Google credentials. Here’s a simplified overview of how it works:
1. User Initiates Sign-In:
— The user visits a website or application and chooses the option to “Sign in with Google.”
2. Redirect to Google:
— When the user clicks the “Sign in with Google” button, the website or app sends a request to Google’s authentication API.
3. Google Authentication:
— Google’s authentication API verifies the user’s identity. If the user is not already logged in to their Google account, they are prompted to do so.
4. User Consent:
— After signing in or if the user was already logged in, Google asks the user for permission to share their information with the website or app. This typically includes the scope of data that the website or app is requesting access to (e.g., basic profile information).
5. Authorization Grant:
— If the user grants permission, Google generates an authorization token.
6. Token Returned to Website/App:
— Google sends the authorization token back to the website or app.
7. Website/App Validates Token:
— The website or app validates the received token with Google’s API to ensure its authenticity.
8. User Access Granted:
— If the token is valid, the website or app allows the user to access their account or the associated features.
9. User Data Retrieval :
— The website or app can also use the token to fetch the user’s profile information (e.g., name, email) from Google’s servers if needed.
10. User Logged In:
— The user is now successfully logged in to the website or app using their Google account.
What is AWS API?
- AWS API is an HTTP API.
- You can interact with it by sending HTTPS requests, using an application interacting with API’s like Postman.
3. Each AWS Service has it’s own service endpoint, to which you can send requests, e.g. for cloudwatch it is “monitoring” for ec2 it is “ec2”, so your request will look something like monitoring.us-east-1.amazonaws.com or ec2.us-east-1.amazonaws.com(See Fig)
4. But you cannot make api requests without first authenticating or authorizing yourself.
5. All your requests to different aws services are signed, meaning you first make a seperate requests with your AWS credentials (AWS access key and secret key) and then get back an authorization token(see Fig)
6. In your request payload you also specify various actions like describe ec2 instances or list s3 buckets, etc.
However, it is very rare of us to send HTTPS requests directly to AWS API. We generally do this via a bunch of developer tools, which are mainly of three types.
a) AWS Management Console- A WISWIG web interface.
b) AWS SDK — interact with api using any programming language of your choice.
c) AWS CLI- interact with api via a terminal/shell program, like the command prompt in your Windows computer.