This was presented by me in AWS Meetup in Riyadh. I spoke about core dimensions of API management and Amazon API Gateway. It covers API fundamentals as well as security and architecture principles using AWS services.
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
Core Dimensions of API Management
1. Core Dimensions of
API Management
Faisal Mohammed Banaeamah – محمد فيصلباناعمة
Senior Architect at Elm Company
LinkedIn - @banaeamah
September 1st, 2020
3. 3
Agenda
• Introduction to APIs
Styles
Classification
• API Management Overview
Identity Access Management
• Amazon API Gateway
• Security Models in Amazon API Gateway
API Endpoints
• Architecting with Amazon API Gateway
• Open Discussion
4. 4
Before We Start
• This session is in Arabic
However, discussions in English are welcome
• Let’s make it interactive
Quick questions
Short discussions
• Pauses between sections
Suitable for 1-minute question or discussion
6. 6
Introduction to APIs
• Application Programming Interfaces
Entry points or front door to access business capabilities
o Business logic, data, transaction or functionality
Through different channels
Share information
Building blocks to connect applications
10. 10
OpenAPI Initiative (OAI)
• OpenAPI Specification (OAS)
Industry standard
Programming language-agnostic interface
Description for modern APIs
Enables humans and computers to discover and
understand API capabilities
12. 12
Management
API Management: Dimensions
API Lifecycle
(Creation and
Maintenance)
Security
(API Gateway)
Publishing
(Engagement and
Developer Portal)
Monetization
Monitoring
(Analytics and
Alerts)
13. 13
API Management and Identity Access Management
API Management (APIM)
• Authentication
• Authorization
• Single sign-on
• Logging
• Federation
• Entitlements: (grants / revokes)
Identity Access Management (IAM)
• Access control
• Rate limiting
• Documentation
• Analytics
• Alerts
• Monetization
• Developer Portal
Client Applications
15. 15
Amazon API Gateway
• APIM-as-a-Service
• Support variety of workloads
Containerized
Serverless
Web applications
Amazon API Gateway AWS Lambda
Web Application
16. 16
Amazon API Gateway: Tasks
Traffic
Management
CORS Authorization
Throttling
(Rate + Burst)
Caching Monitoring
Access
Control
Versioning
17. 17
Amazon API Gateway: Tasks
Traffic
Management
CORS Authorization
Throttling
(Rate + Burst)
Caching Monitoring
Access
Control
Versioning
18. 18
Amazon API Gateway: Throttling
•Rate Limits
•1K requests/second for a specific method in an API
•Burst Limits
•2K requests/second for a few seconds
•Requests over limit receive 429 HTTP response
19. 19
Amazon API Gateway: Caching
• Improves performance
By reducing traffic to backend
• Control cache key with time-to-live (TTL)
Usage Plan Stage Caching
o E.g. stage is prod or sandbox
20. 20
Amazon API Gateway: Monitoring
• Monitoring dashboard with Amazon CloudWatch
Visualize API calls
Performance metrics and information on API calls
Data latency
Error rates
Amazon CloudWatchAmazon API Gateway
21. 21
Amazon API Gateway: Developer Portal
• Serverless Developer Portal to publish
Managed APIs
o Directly from Amazon API Gateway
Self-managed APIs
o OpenAPI Specs
Serverless Developer Portal on GitHub: https://github.com/awslabs/aws-api-gateway-developer-portal.
Discover
API
Browse
Docs
RegisterTry out
Monitor
Usage
Self-Service
22. 22
Amazon API Gateway: Monetization
• To monetize APIs on Amazon API Gateway
Publish APIs in AWS Marketplace
API provider to register as a seller
Submit usage plans on as products
AWS MarketplaceAmazon API Gateway
Monetize APIs in AWS Marketplace: https://aws.amazon.com/blogs/compute/monetize-your-apis-in-aws-marketplace-using-api-gateway/.
24. 24
Amazon API Gateway: API Endpoints
API
Endpoints
Edge-
Optimized
Regional
Private
Geographically distributed
clients
Amazon CloudFront PoP
Clients in same region
Less connection overhead
Custom domains for multiple
regions with Amazon Route 53
Amazon Virtual Private Cloud
(VPC)
Interface VPC endpoint
25. 25
Amazon API Gateways: API Types
.
Stateless
REST
HTTP
Stateful WebSocket
Request/response
model synchronous
Regional API
endpoints
71% Cheaper
HTTP APIs vs. REST APIs: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html.
AWS IAM
Usage plans
API Keys
All: Edge-optimized
Reactive model
Bidirectional
Real-time apps:
chat, collaboration
26. 26
Amazon API Gateway: Access Control
AWS Identity and Access
Management
Amazon CognitoAmazon API Gateway
Lambda authorizer
function (custom)
OAuth2
JWT Authorizers
OIDC
27. 27
Amazon API Gateway: Access Control (Cont’d)
Application-Level
Roles
and
Policies
IAMTags
User
Pools
Lambda
Authorizers
Token-based Request-based
Network-Level
Resource
Policies
Endpoint
Policies
Amazon CognitoAWS IAM Lambda function VPC
Endpoints
API Key
• To identify an app developer who uses REST or WebSocket APIs.
• Auto-generated or self-provided.
• Be used with Lambda Authorizers or Usage Plans
29. 29
Architecture: API Private Endpoint
Elastic Network
Interface
Amazon EC2
(Private IP)
Private Subnet
API Consumer
API Endpoint 1
Amazon API
Gateway
API Endpoint 2
API Endpoint N
.
.
.
API Provider