REST & WebSocket APIs

Amazon API Gateway

Amazon API Gateway — Create, Publish & Manage APIs

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls.

Overview

What is Amazon API Gateway?

A fully managed service for creating, deploying, and managing APIs at scale.

Introduction

Amazon API Gateway acts as the "front door" for applications to access data, business logic, or functionality from your backend services. It supports RESTful APIs, HTTP APIs, and WebSocket APIs, making it suitable for a wide range of use cases from web applications to real-time data streaming.

API Gateway integrates seamlessly with AWS Lambda for serverless backends, with AWS services for authentication (Cognito), monitoring (CloudWatch), and security (WAF), and can serve as a central hub for your microservices architecture.

Architecture

How API Gateway Works

From client request to backend response.

Request Flow — How API Gateway Works
1

Client Request

HTTP/WebSocket from web or mobile app

2

API Gateway

Authenticate, validate & route request

3

Backend Service

Lambda, EC2, HTTP, or AWS Service

4

Response

Return data, error, or WebSocket message

API Types: API Gateway offers REST APIs (full-featured with API management features), HTTP APIs (lower-latency, simpler, cost-effective), and WebSocket APIs (real-time two-way communication). Choose based on your use case needs.

API Lifecycle

API Gateway supports the full API lifecycle: define your API resources and methods in the console or via OpenAPI/Swagger specs, deploy to stages (dev, staging, prod), version with canary deployments, monitor with CloudWatch dashboards, and roll back when needed.

Features

Key Features

What makes API Gateway essential for modern API architectures.

Automatic Scaling

API Gateway scales automatically to handle from a few requests to hundreds of thousands of concurrent API calls with zero provisioning.

Security & Auth

Supports IAM roles, Cognito user pools, Lambda authorizers, API keys, and WAF integration for comprehensive API security.

Request Throttling

Protect your backend by throttling requests, setting usage plans per API key, and applying burst limits to prevent abuse.

Monitoring & Tracing

Built-in integration with CloudWatch metrics, logs, and AWS X-Ray for distributed tracing across your API requests.

Canary Deployments

Gradually shift traffic between API versions with canary release deployments. Monitor error rates before full rollout.

WebSocket APIs

Build real-time applications like chat apps, live dashboards, and gaming backends with persistent WebSocket connections.

Code Example

REST API with Lambda Proxy

A simple REST API endpoint that proxies requests to a Lambda function.

Serverless Frameworkserverless.yml
service: my-api
provider:
  name: aws
  runtime: nodejs18.x
functions:
  hello:
    handler: handler.hello
    events:
      - httpApi:
          path: /
          method: get