Amazon API Gateway: Essentials
This is the start of a series of blogposts exploring various aspects of the AWS API Gateway. We will discuss topics such as the basic features of the API Gateway, Lambda Authorizer, and Usage Plans. Additionally, there will be examples about CORS configuration on API Gateway and usage of OpenAPI Specification YAML’s.
Amazon API Gateway is a completely managed solution that simplifies the task of developers in crafting, releasing, and managing secure APIs of any size. By utilizing Amazon API Gateway, you have the ability to offer your clients and collaborators an uninterrupted and protected encounter, all while trimming down operational expenses.
Features
API Creation and Management: Amazon API Gateway allows you to easily create APIs, define endpoints, and manage the configuration of your APIs through a user-friendly interface or by using infrastructure as code tools such as Terraform or CloudFormation.
Amazon API Gateway supports creating API resources and their corresponding child resources, defining HTTP methods for each resource, or proxy them to the desired endpoint for these HTTP methods. Additionally, AWS API Gateway also supports proxy resources.
Method requests and integration requests can be configured for each HTTP method. Furthermore, request/response configurations can be performed for these methods and their integrations.
Endpoint Configuration: You can define and configure API endpoints, specifying HTTP methods (e.g., GET, POST, PUT, DELETE) and integrating them with backend services, AWS Lambda functions, or other AWS resources.
Security and Authentication: API Gateway provides robust security features, including API key management, AWS Identity and Access Management (IAM) integration, and Lambda Authorizers to control access to your APIs. It supports various authentication mechanisms, including OAuth 2.0 and JWT (JSON Web Tokens). In addition to that, instead of IAM integration, you can configure the AWS Cognito user pool and define an authentication method by choosing the defined pool to control access to your REST APIs.
Let’s dig a little deeper into Lambda Authorizers. A Lambda Authorizer provides an authorization mechanism with bearer tokens. When a client calls your API, it triggers a lambda and gets a bearer token from the request. If the token is valid, an IAM policy is returned.
Other than identifying and authorizing a request itself, it is also important to protect APIs from common exploits. For that reason, it is integrated with AWS WAF to help protect APIs from web-based attacks and vulnerabilities.
Traffic Control: You can create usage plans and add each user with an API key to those plans. In this way throttling, rate limiting, and controlling the traffic to your APIs will be possible to prevent abuse or overuse. Defining usage plans is useful if you want to set a quota or call limits for one of your API or API methods. And, It helps in ensuring fair and efficient API usage.
Request and Response Transformation: API Gateway allows you to transform incoming requests and outgoing responses. This includes data mapping, request validation, and response formatting to match the needs of your backend services and clients.
Caching: It supports caching of API responses at various levels, reducing the load on backend systems and improving API response times for frequently accessed data.
Monitoring and Analytics: You can enable logging and monitoring for your APIs. Amazon CloudWatch integration provides real-time and historical data about API usage, errors, and performance, helping you identify and resolve issues quickly. Also, AWS Api Gateway supports X-Ray to trace and analyze user requests.
Cross-Origin Resource Sharing (CORS): API Gateway simplifies CORS configuration, making it easier to enable cross-origin requests from web clients to access your APIs securely.
Deployment and Versioning: A “Stage” refers to a deployment in another term, it is a snapshot of your API. You can create multiple API stages for different environments (e.g., development, production) and manage API versions, allowing for safe updates without disrupting existing users. In addition to that, every stage has various preferences like cache and log configuration, limit throttling, defining variables etc.
Integration with AWS Services: API Gateway seamlessly integrates with various AWS services like AWS Lambda, AWS DynamoDB, AWS S3, and others, enabling you to build serverless applications and microservices easily.
Custom Domain Names: You can use custom domain names for your APIs, providing a branded and user-friendly experience for your consumers.
Developer Portal: API Gateway offers a developer portal for API documentation, making it easier for developers to understand and use their APIs effectively.
Use Cases
AWS API Gateway allows you to create four basic API types that can be used in various use cases. I will explain two of them in detail below. For more information about other AWS API Gateway use cases, please check here
Rest API: You can easily create, publish, and manage RESTAPIs with AWS API Gateway. It gives quick and easy access to your backends’ data and capabilities. The API Gateway provides you with the tools you need to easily create and manage RESTAPIs. Also, you can leverage Lambda integration for building serverless applications. Lambda integration provides building scalable and cost-effective APIs since you will only pay for what you use.
Moreover, you can configure your API by importing an OpenAPI Specification Document. Currently, OpenAPI v2.0 and OpenAPI v3.0 are supported.
WebSocket API: WebSocket is a protocol that enables real-time, two-way communication between a client (usually a web browser) and a server over a single, long-lived connection. You can build WebSocket APIs integrating with other AWS services. For instance, a chat application can be developed using both services as a serverless application. Moreover, real-time data dashboards or real-time alert/notification dashboards can be used.
Conclusion
All in all, I have introduced Amazon API Gateway, a fully managed service that lets you create, publish, maintain, monitor, and secure APIs at any scale. Backbone features of Amazon API Gateway have been discussed, such as API Creation and Management, Endpoint Configuration, Security and Authentication and more. I have also explained the most popular use cases, which are RestAPI and WebSocket API.
I hope that this blog post has given you a clear overview of Amazon API Gateway and its features. For the next post, I will give details about API Gateway Lambda Authorizer and how to access your API by using it. I will give an example of how to build an API and implement a custom lambda authorizer.
