Upload
mark-bate
View
560
Download
0
Embed Size (px)
Citation preview
Host multiple versions and stages of your APIs Create and distribute API keys to developers Leverage AWS Sig-v4 to authorize access to APIs Throttle and monitor requests to protect your backend Managed cache to store API responses SDK Generation for iOS, Android, and JavaScript Swagger support Request / Response data transformation and API mocking
Features
An API Call Flow
API Gateway
Mobile Apps
Websites
Services
Internet
Any public endpoint
Amazon CloudWatch Monitoring
AWS Lambda Functions
API Gateway Cache
Build, Deploy, Clone & Rollback
Build APIs with their resources, methods, and settings Deploy APIs to a Stage
— Each stage has its own Throttling, Caching, Metering, and Logging
Clone an existing API to create a new version Rollback to previous deployments
API Configuration
Pet Store
/pets/{petid} • GET • POST • PUT
/petsDefine resources within an API
Create an API
Define methods for a resources — Methods are Resource + HTTP verb
API Configuration
dev
beta
gamma
prod
Pet StoreAPI Configuration can be deployed to a stage Stages are different environments
For example: — dev (e.g. thisismyapi.com/dev) — beta (e.g. thisismyapi.com/beta) — prod (e.g. thisismyapi.com/prod) — As many stages as needed
You can configure custom domain names Provide API Gateway with a signed HTTPS certificate Custom domain names can point to an API or a Stage Pointing to an API you have access to all stages
— beta (e.g. thisismyapi.com/beta) — prod (e.g. thisismyapi.com/prod)
Pointing directly to your Prod stage — prod (e.g. thisismyapi.com/)
Custom Domain Names
API Keys to Meter Developer Usage
Create API Keys
Set access permissions at the API/Stage level
Meter usage of API Keys through CloudWatch Logs
API Keys to Meter Developer Usage
Create API Keys The name “Key” implies security – there is no security in baking text in an App’s code
Set access permissions at the API/Stage level API Keys should be used alongside a stronger authorization mechanism
Meter usage of API Keys through CloudWatch Logs API Keys should be used purely to meter app/developer usage
You can leverage AWS Sig-v4 to sign and authorize API calls — Amazon Cognito and AWS Security Token Service (STS) simplify the
generation of temporary credentials for your app
You can support OAuth or other authorization mechanisms through custom headers
— Simply configure your API methods to forward the custom headers to your backend
Authentication Options
Using Sig-v4
Call /login (no auth)
Receive credentials to sign API calls
Client API Gateway Back End
/login
/login
fn_Login
Credentials verified
Access & Secret Key
Throttling helps you manage traffic to your backend Throttle by developer-defined Requests/Sec limits Requests over the limit are throttled
— HTTP 429 response
The generated SDKs retry throttled requests
API Throttling
You can configure a cache key and the Time to Live (TTL) of the API response Cached items are returned without calling the backend A cache is dedicated to you, by stage You can provision between 0.5GB to 237GB of cache
Caching API Responses
SDKs are generated based on API deployments (Stages) If Request and Response Models are defined, the SDK includes input and output marshaling of your methods SDKs know how to handle throttling responses SDKs also know how to sign requests with AWS temporary credentials (Sig-v4) Support for Android, iOS, JavaScript, …
Generate Client SDKs Based on Your APIs
Amazon API Gateway Pricing
$3.50 per Million API Gateway requests 1 Million API requests per month for 12 months
— Included in the AWS Free Tier
Data Transfer Out (Standard AWS Prices) — $0.09/GB for the first 10 TB — $0.085/GB for the next 40 TB — $0.07/GB for the next 100 TB — $0.05/GB for the next 350 TB
Optional – Dedicated Cache Pricing
Cache Memory Size (GB) Price per Hour (USD)
0,5 $0,0201,6 $0,038
6 $0,200
13 $0,250
28 $0,500
58 $1,000
118 $1,900
237 $3,800