Building an API in Node.js using AWS λ, API Gateway, and Serverless

Dawit Abera
Mar 21 · 6 min read

The serverless stack nowadays has many attractions, and we’re seeing more and more companies using Serverless framework and architecture to build and deploy web applications. The benefits are enormous — you don’t have to worry about uptime or manage any servers, leaving the developer to focus on the core business logic. It automatically scales depending on the load, and you can deploy applications fast. Finally, you pay-per-execution, which reduces costs because you only pay for the exact amount of time your server-side code runs by the millisecond.

This tutorial will show you how to build a secure REST API for a Notetaking react-redux application using MongoDB database as a service and following a Serverless approach using AWS Lambda, API Gateway, and the Serverless framework. Here at Nordstrom, our primary database platform is not MongoDB. For this quick tutorial, I chose MongoDB because it’s the most popular and less expensive database platform, and it can easily be deployed on AWS, Azure, or GCP. If I were building this REST API for Nordstrom, I would use DynamoDB and keep all the infrastructure and data storage under a single cloud provider, which in our case is AWS.

AWS Lambda is an event-driven, serverless computing platform that executes a function in response to an event. It is basically a Docker container that gets spun up and runs the code. The underlying infrastructure and scaling it up or down to meet the event rate is managed, and you are only charged for the time your code is executed.


  1. AWS account
  2. Node.js — I'm using v14.16.0
  3. AWS CLI and configure the profile with aws secret and access key.
  4. Postman for testing

Getting Started with the Serverless Framework

npm install serverless -g

Now, we will create the service,

$ sls create -t aws-nodejs -p serverless-restapi && cd serverless-restapi

The command will create all the necessary files and code to create your Lambda functions and API Gateway events inside the project directory.

Inside the serverless-restapi root directory create a .env file to save environmental variables and a .gitignore file and add .env to it so Git can ignore the .env file, in this way, you can use store environmental variables, and you will not push any secrets to a repository as long as everything is added to .env.

Installing modules, including dev dependencies.

$ npm i -y
$ npm i dotenv mongoose validaor --save
$ npm i serverless-offline -D

Create a database using MongoDB Atlas

Once the cluster is created, you need to do three things before you start using the database.

  1. Go to the Security tab and select Database Access, and create a database user. Save the credentials for later.
  2. Under the same security tab, select Network Access and whitelist any IP addresses.
  3. Finally, go to the main cluster and click connect — you will have multiple options to connect to the cluster, select connect to your application, then select a driver and version and copy the code and save it in the .env file as

And replace the password, user, and cluster name with the database user name, password, and database name from step 1.

Finally, let’s write some code and start by setting up the database connection and creating a Note model.

Create a Note Model

Using the Schema model, we can define and structure our Note model and add some validation. We’ll export the model and use it in the handler.js.

Create Database Connection

Create the Serverless Configuration

In this configuration, we added five functions: create, getOne, getAll, update and delete. And they all point to the handler.js file — and that’s all we need to set up API Gateway resources to trigger the Lambda functions and, in the end, add the serverless-offline plugin so we can test locally. We will come back to this file to add the API key and usage plan at the end.

Next, let's create handler.js in the root directory and add the code below.

That’s it, and we are ready to start testing. Open up your terminal and run the following command:

$ sls offline start --skipCacheInvalidation -s dev

Using the Serverless Offline plugin, we can emulate λ and API Gateway on our local machine to speed up our development cycles. It helps us save time as we can quickly see logs and debug locally before we push the code to AWS.

Then open up Postman, and let’s start testing. First, let's create a note,

Make sure to test all the endpoints, and everything is working as expected. Once the tests are complete, let's secure🔐 the REST API endpoints and require users to use an API key to make any requests.

Setting our Usage Plan, API Keys, and Throttling

API throttling allows us to control the way our API is used. We have defined a throttle at the API layer, and if it gets triggered, we reduce the response rate.

Inside the provider: - section, we added an API key and usage plan, and then with the declaration of private: trueinside the functions' configuration, we are telling serverless that endpoints will be private.

Now we are ready to deploy 🚀 by running the following command:

sls deploy -s dev

Just with this command, serverless will automagically provision resources on AWS, create cloud formation templates and bundles, package up the lambda functions and all the dependencies, and push all code to S3 from where and it will send it to the Lambdas. If everything went well, you should see something similar to this in your terminal:

You have the API endpoints and an API key that we can use to interact with the endpoints securely. Let’s try getting a note using the newly created endpoint.

We are done with Part 1. In Part 2, we will use these endpoints in a frontend React-redux Notetaking application. Stay tuned.

Tech at Nordstrom

We create digitally connected experiences through people…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store