General
- Supports the following protocols:
- REST
- HTTP
- WebSocket
- Choose between REST APIs and HTTP APIs
- API Types:
- HTTP
- WebSocket
- REST
- REST (private)
- All of the APIs created with Amazon API Gateway expose HTTPS endpoints only (i.e. No HTTP)
REST
- Has:
- End Points
- Resource
- Methods
- Integration Type
- Lambda (AWS_PROXY)
- HTTP (HTTP or HTTP_PROXY)
- Mock
- VPC Link
- AWS Service (AWS) e.g. DynamoDB, KMS, RDS
- Proxy Integration
- Integration Type
- End Points:
- Edge-optimized – API Gateway API is deployed to the specified region using a CloudFront distribution.
- Private API endpoint – An API endpoint exposed through interface VPC endpoints and allows a client to securely access private API resources inside a VPC. .
- Regional API endpoint – The API hostname deployed to the specified Region and intended to serve clients, such as EC2 instances, in the same AWS Region.
- Resources:
- You expose addressable resources as a tree of API Resources entities, with the root resource (
/) at the top of the hierarchy. - The root resource is relative to the API’s base URL, which consists of the API endpoint and a stage name.
{api-id}.execute-api.{region}.amazonaws.com/{stage name}
- In the API Gateway console, this base URI is referred to as the Invoke URI and is displayed in the API’s stage editor after the API is deployed.
- Hierarchy:
- {Resource}/{Method} or {Resource}/{Sub Resource}/{Method} e.g.
- /GET – The GET method of root
- /doc/GET – The GET method of /doc
- {Resource}/{Method} or {Resource}/{Sub Resource}/{Method} e.g.
- You expose addressable resources as a tree of API Resources entities, with the root resource (
- Integration:
- Types:
- Lambda
- HTTP
- Mock
- VPC Link
- AWS Service
- Integration Request
- Encapsulates an HTTP request received by the backend.
- Proxy Integration:
- Only available for Lambda and HTTP
- If selected, input and output cannot be transformed.
- Lambda Proxy Integration – API Gateway passes the incoming request from the client as the input to the backend Lambda function.
- HTTP Proxy Integration – passes the incoming request from the client to the HTTP endpoint and passes the outgoing response from the HTTP endpoint to the client.
- Timeout: Default is 29000 ms (50ms – 29 secs)
- Can specify execution role
- Mapping Template:
- A script expressed in Velocity Template Language (VTL) and applied to the payload using JSONPath expressions.
- Can modify requests, body, or add headers
- Can modify response
- Use case: Convert JSON payload to XML payload for a SOAP backend API.
- Types:
- Stages:
- A named reference to a deployment, which is a snapshot of the API.
- Configurations:
- Cache
- Throttling
- WAF
- Certificate
- Logs/Tracing
- Stage Variables
- SDK
- Export to Swagger or OpenAPI 3
- Canary Deployment
- Stage Variables:
- A name-value pairs that you can define as configuration attributes associated with a deployment stage of a REST API.
- Expression: ${
stageVariables.<variable_name>} - Mapping Template:
{ "name" : "$stageVariables.<variable_name>"}
- Canary Deployment:
- Is a software development strategy in which a new version of an API (as well as other software) is deployed for testing purposes, and the base version remains deployed as a production release for normal operations on the same stage.
- Is defined by stages
- Procedure:
- Create a Canary at the stage
- Deploy the new version to ‘Canary’
- When ready, promote the new version
- Caching:
- Defined by stages
- Must define cache capacity: Min 0.5 GB to Max 237 GB
- Define the TTL; Default to 300 s
- A client can invalidate a cache but needs to grant InvalidateCache
- Resource Policy:
- Control whether a specified principal (typically an IAM user or role) can invoke the API. You can use API Gateway resource policies to allow your API to be securely invoked by:
- Users from a specified AWS account.
- Specified source IP address ranges or CIDR blocks.
- Specified virtual private clouds (VPCs) or VPC endpoints (in any account).
- Control whether a specified principal (typically an IAM user or role) can invoke the API. You can use API Gateway resource policies to allow your API to be securely invoked by:
- Usage Plans:
- To configure a usage plan
- Create one or more APIs, configure the methods to require an API key, and deploy the APIs to stages.
- Generate or import API keys to distribute to application developers (your customers) who will be using your API.
- Create the usage plan with the desired throttle and quota limits.
- Associate API stages and API keys with the usage plan.
- Callers of the API must supply an assigned API key in the
x-api-keyheader in requests to the API.
- To configure a usage plan
- Authentication and Authorization:
- IAM using SIGv4 (AuthZ and AuthN)
- Resource Policy (AuthZ)
- Lambda Authorizer (AuthZ)
- Cognito User Pool (AuthN)
- Web Sockets:
- JSON messages are directed to backend integrations based on routes that you configure. (Non-JSON messages are directed to a
$defaultroute that you configure.) - Three predefined routes can be used:
$connect,$disconnect, and$default. In addition, you can create custom routes.$connectroute – when a persistent connection between the client and a WebSocket API is being initiated.$disconnectroute – when the client or the server disconnects from the API.- custom route – after the route selection expression is evaluated against the message if a matching route is found; the match determines which integration is invoked.
$defaultroute – if the route selection expression cannot be evaluated against the message or if no matching route is found
- JSON messages are directed to backend integrations based on routes that you configure. (Non-JSON messages are directed to a