API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It allows hosting multiple API versions and stages, generating SDKs, adding authentication, throttling requests, and caching responses to improve performance and reduce latency. API Gateway supports building and deploying REST and WebSocket APIs. Pricing is based on the number of API calls and amount of data transferred out. Optional dedicated caching tiers are also available.

1. Mark Bate
AWS Solutions Architect
Amazon API Gateway
Managed APIs in the Cloud

2. Host multiple versions and stages of your APIs
Create and distribute API keys to developers
Leverage AWS Sig-v4 to authorize access to APIs
Throttle and monitor requests to protect your backend
Managed cache to store API responses
SDK Generation for iOS, Android, and JavaScript
Swagger support
Request / Response data transformation and API mocking
Features

3. How does it work?

4. An API Call Flow
API
Gateway
Mobile Apps
Websites
Services
Internet
Any public
endpoint
Amazon CloudWatch
Monitoring
AWS Lambda
Functions
API Gateway
Cache

5. Build, Deploy, Clone & Rollback
Build APIs with their resources, methods, and settings
Deploy APIs to a Stage
— Each stage has its own Throttling, Caching, Metering, and Logging
Clone an existing API to create a new version
Rollback to previous deployments

6. API Configuration
Pet Store
/pets/{petid}
• GET
• POST
• PUT
/pets
Define resources within an API
Create an API
Define methods for a resources
— Methods are Resource + HTTP verb

7. API Configuration
dev
beta
gamma
prod
Pet StoreAPI Configuration can be deployed to a
stage
Stages are different environments
For example:
— dev (e.g. thisismyapi.com/dev)
— beta (e.g. thisismyapi.com/beta)
— prod (e.g. thisismyapi.com/prod)
— As many stages as needed

8. Managing Multiple Versions and Stages of your APIs
APIv1

9. Stage (dev)
Managing Multiple Versions and Stages of your APIs
APIv1

10. Stage (dev)
Managing Multiple Versions and Stages of your APIs
APIv1

11. Stage (prod)
Stage (dev)
Managing Multiple Versions and Stages of your APIs
APIv1

12. Stage (prod)
Stage (dev)
Managing Multiple Versions and Stages of your APIs
APIv1

13. APIv2
Stage (prod)
Stage (dev)
Managing Multiple Versions and Stages of your APIs
APIv1

14. Stage (dev)
APIv2
Stage (prod)
Stage (dev)
Managing Multiple Versions and Stages of your APIs
APIv1

15. Stage (dev)
APIv2
Stage (prod)
Stage (dev)
Managing Multiple Versions and Stages of your APIs
APIv1

16. You can configure custom domain names
Provide API Gateway with a signed HTTPS certificate
Custom domain names can point to an API or a Stage
Pointing to an API you have access to all stages
— beta (e.g. thisismyapi.com/beta)
— prod (e.g. thisismyapi.com/prod)
Pointing directly to your Prod stage
— prod (e.g. thisismyapi.com/)
Custom Domain Names

17. Securing your API

18. API Keys to Meter Developer Usage
Create API Keys
Set access permissions at the API/Stage level
Meter usage of API Keys through CloudWatch Logs

19. API Keys to Meter Developer Usage
Create API Keys
The name “Key” implies security – there is no security in
baking text in an App’s code
Set access permissions at the API/Stage level
API Keys should be used alongside a stronger
authorization mechanism
Meter usage of API Keys through CloudWatch Logs
API Keys should be used purely to meter app/developer
usage

20. You can leverage AWS Sig-v4 to sign and authorize API calls
— Amazon Cognito and AWS Security Token Service (STS) simplify the
generation of temporary credentials for your app
You can support OAuth or other authorization mechanisms
through custom headers
— Simply configure your API methods to forward the custom headers to your
backend
Authentication Options

21. Using Sig-v4
Call /login
(no auth)
Receive
credentials to
sign API calls
Client API Gateway Back End
/login
/login
fn_Login
Credentials
verified
Access &
Secret Key

22. Throttling and Caching

23. Throttling helps you manage traffic to your backend
Throttle by developer-defined Requests/Sec limits
Requests over the limit are throttled
— HTTP 429 response
The generated SDKs retry throttled requests
API Throttling

24. You can configure a cache key and the Time to Live (TTL) of the
API response
Cached items are returned without calling the backend
A cache is dedicated to you, by stage
You can provision between 0.5GB to 237GB of cache
Caching API Responses

25. An API Call Flow
cached? throttled?
item
HTTP 429

26. SDK Generation

27. SDKs are generated based on API deployments (Stages)
If Request and Response Models are defined, the SDK includes
input and output marshaling of your methods
SDKs know how to handle throttling responses
SDKs also know how to sign requests with AWS temporary
credentials (Sig-v4)
Support for Android, iOS, JavaScript, …
Generate Client SDKs Based on Your APIs

28. How much does it cost?

29. Amazon API Gateway Pricing
$3.50 per Million API Gateway requests
1 Million API requests per month for 12 months
— Included in the AWS Free Tier
Data Transfer Out (Standard AWS Prices)
— $0.09/GB for the first 10 TB
— $0.085/GB for the next 40 TB
— $0.07/GB for the next 100 TB
— $0.05/GB for the next 350 TB

30. Optional – Dedicated Cache Pricing
Cache Memory Size (GB) Price per Hour (USD)
0,5 $0,020
1,6 $0,038
6 $0,200
13 $0,250
28 $0,500
58 $1,000
118 $1,900
237 $3,800

31. Availability

32. Amazon API Gateway
http://aws.amazon.com/apigateway/