AWS API Gateway

Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale. API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud. As an API Gateway API developer, you can create APIs for use in your own client applications.

Some of the benefits it provides:

  • auto management of servers
  • security
  • scaling
  • monitoring
  • speed
  • versioning

Features

  • Low cost
  • Auto scales
  • Can throttle requests to prevent DDOS attacks
  • Cloudwatch enabled
  • Caching available
  • Support CORS

 

HTTP API vs REST API

An API Gateway REST API is made up of resources and methods. A resource is a logical entity that an app can access through a resource path. A method corresponds to a REST API request that is submitted by the user of your API and the response returned to the user. API Gateway provides REST API management functionality such as the following:

  • Support for generating SDKs and creating API documentation using API Gateway extensions to OpenAPI
  • Throttling of HTTP requests

An HTTP API is a collection of routes and methods that are integrated with backend HTTP endpoints or Lambda functions. You can deploy this collection in one or more stages. Each route can expose one or more API methods that have unique HTTP verbs supported by API Gateway. HTTP APIs are designed for low-latency, cost-effective AWS Lambda proxy and HTTP proxy APIs. HTTP APIs support OIDC and OAuth 2.0 authorization, and come with built-in support for CORS and automatic deployments. Previous-generation REST APIs currently offer more features, and full control over API requests and responses.

 

WebSocket API

In a WebSocket API, the client and the server can both send messages to each other at any time. Backend servers can easily push data to connected users and devices, avoiding the need to implement complex polling mechanisms. You can use API Gateway WebSocket APIs to build secure, real-time communication applications without having to provision or manage any servers to manage connections or large-scale data exchanges. Targeted use cases include real-time applications such as the following:

  • Chat applications
  • Real-time dashboards such as stock tickers
  • Real-time alerts and notifications

API Gateway provides WebSocket API management functionality such as the following:

  • Monitoring and throttling of connections and messages
  • Using AWS X-Ray to trace messages as they travel through the APIs to backend services
  • Easy integration with HTTP/HTTPS endpoints

 

API Gateway requires HTTPS. The gateway is dependent on the region, such that whatever lambda or backend connected to the gateway is in the same region.

Example Access Policy Format:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "apigateway:GET"
            ],
            "Resource": [
                "*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "apigateway:*"
            ],
            "Resource": [
                "arn:aws:apigateway:REPLACE-WITH-YOUR-AWS-REGION::/restapis/*/stages/dev"
            ]
        }
    ]
}

Action-Statement = region and the action for the api. This includes the “Effect” and the “Action” as shown above. Wildcards may be used.

Resource-Statement = region and the resource path specificer. This is the “Resource” shown in the Access policy above.

Mapping Templates – transforms some data from one format to another. This is used for mapping Urls as an input parameter. This uses the following variables:

  • $context – holds all contextual information about the API call
    • $context.apiId
    • $context.identity.accountOwner
    • $context.identity.sourceIp
    • $context.identity.userAgent
  • $input – represents the input payload and parameters to be processed by the template
    • $input.json(x)
    • $input.params()
    • $input.path(x)
      • $input.path(‘$…’) maps to …
  • $util – utility functions for using the mapping templates
    • $util.escapeJavaScript()
    • $util.urlEncode()
    • $util.urlDecode()
    • $util.base64Encode()
    • $util.base64Decode()

 

 

API Keys

Used for monitoring API usage – not for authorization. The keys are not encrypted and can be easily sniffed out in the network traffic. It is only used to monitor the API traffic, which can be found through CloudWatch. The tracing can be done at granular – per method – levels.

 

API Logging

The API gateway sends logs to CloudWatch. It can be done at different levels, such as per-stage or per-method. The amount of logging is configured through CloudWatch. The API Gateway Dashboard shows some of the data monitored through CloudWatch, such as the number of API calls (usage) with time, latency, and errors. Note that the Dashboard can be customized.

 

API Caching

Improve latency with caching. API Gateway will cache responses from endpoint for specified TTL period in seconds. Responses will come from cache instead of making request to the endpoint.

 

API Deployment

Deploying APIs is as simple as pressing the deploy button. AWS automatically sets up all the backend for you. There are some settings that could be configured during deployment:

  • Cache Settings
  • Cloudwatch Settings
  • Throttling Settings

During deployment you can setup stages (dev, int, prod, etc). Each stage can have its own configuration settings. Once deployment is complete we can test the api using Postman or CURL:

 

 curl https://6emx3bxg98.execute-api.us-east-2.amazonaws.com/dev/shoes
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2091  100  2091    0     0   5347      0 --:--:-- --:--:-- --:--:--  5347[{"name":"middleware real-time cross-training shoe","color":"cyan","description":"A(n) Awesome, Small cross-training shoe made from the finest Concrete designed for the redefine individual!","size":1,"price":"961.00"},{"name":"framework user-facing spinning shoe","color":"orange","description":"A(n) Generic, Tasty spinning shoe made from the finest Cotton designed for the redefine individual!","size":1,"price":"256.00"},{"name":"matrices optimizing spinning shoe","color":"red","description":"A(n) Licensed, Practical spinning shoe made from the finest Granite designed for the target individual!","size":6,"price":"395.00"},{"name":"internet solution fresh-thinking aerobic shoe","color":"orchid","description":"A(n) Awesome, Awesome aerobic shoe made from the finest Concrete designed for the optimize individual!","size":4,"price":"529.00"},{"name":"extranet disintermediate basketball shoe","color":"gold","description":"A(n) Fantastic, Gorgeous basketball shoe made from the finest Granite designed for the enhance individual!","size":4,"price":"83.00"},{"name":"website 24 hour tennis shoe","color":"yellow","description":"A(n) Fantastic, Licensed tennis shoe made from the finest Soft designed for the deliver individual!","size":3,"price":"220.00"},{"name":"help-desk grid-enabled spinning shoe","color":"grey","description":"A(n) Licensed, Intelligent spinning shoe made from the finest Cotton designed for the whiteboard individual!","size":5,"price":"116.00"},{"name":"array reciprocal tennis shoe","color":"turquoise","description":"A(n) Intelligent, Small tennis shoe made from the finest Cotton designed for the reinvent individual!","size":4,"price":"160.00"},{"name":"initiative background running shoe","color":"black","description":"A(n) Incredible, Small running shoe made from the finest Fresh designed for the visualize individual!","size":7,"price":"394.00"},{"name":"neural-net motivating running shoe","color":"orchid","description":"A(n) Unbranded, Awesome running shoe made from the finest Rubber designed for the extend individual!","size":7,"price":"547.00"}]

 

References

Scalable AWS API Gateway (pluralsight)
William Button; 2016
https://app.pluralsight.com/player?course=scalable-aws-api-gateway