Mark Bate AWS Solutions Architect

Amazon API GatewayManaged APIs in the Cloud

Host multiple versions and stages of your APIs Create and distribute API keys to developers Leverage AWS Sig-v4 to authorize access to APIs Throttle and monitor requests to protect your backend Managed cache to store API responses SDK Generation for iOS, Android, and JavaScript Swagger support Request / Response data transformation and API mocking

Features

How does it work?

An API Call Flow

API Gateway

Mobile Apps

Websites

Services

Internet

Any public endpoint

Amazon CloudWatch Monitoring

AWS Lambda Functions

API Gateway Cache

Build, Deploy, Clone & Rollback

Build APIs with their resources, methods, and settings Deploy APIs to a Stage

— Each stage has its own Throttling, Caching, Metering, and Logging

Clone an existing API to create a new version Rollback to previous deployments

API Configuration

Pet Store

/pets/{petid} • GET • POST • PUT

/petsDefine resources within an API

Create an API

Define methods for a resources — Methods are Resource + HTTP verb

API Configuration

dev

beta

gamma

prod

Pet StoreAPI Configuration can be deployed to a stage Stages are different environments

For example: — dev (e.g. thisismyapi.com/dev) — beta (e.g. thisismyapi.com/beta) — prod (e.g. thisismyapi.com/prod) — As many stages as needed

Managing Multiple Versions and Stages of your APIs

APIv1

Stage (dev)

Managing Multiple Versions and Stages of your APIs

APIv1

Stage (dev)

Managing Multiple Versions and Stages of your APIs

APIv1

Stage (prod)

Stage (dev)

Managing Multiple Versions and Stages of your APIs

APIv1

Stage (prod)

Stage (dev)

Managing Multiple Versions and Stages of your APIs

APIv1

APIv2

Stage (prod)

Stage (dev)

Managing Multiple Versions and Stages of your APIs

APIv1

Stage (dev)

APIv2

Stage (prod)

Stage (dev)

Managing Multiple Versions and Stages of your APIs

APIv1

Stage (dev)

APIv2

Stage (prod)

Stage (dev)

Managing Multiple Versions and Stages of your APIs

APIv1

You can configure custom domain names Provide API Gateway with a signed HTTPS certificate Custom domain names can point to an API or a Stage Pointing to an API you have access to all stages

— beta (e.g. thisismyapi.com/beta) — prod (e.g. thisismyapi.com/prod)

Pointing directly to your Prod stage — prod (e.g. thisismyapi.com/)

Custom Domain Names

Securing your API

API Keys to Meter Developer Usage

Create API Keys

Set access permissions at the API/Stage level

Meter usage of API Keys through CloudWatch Logs

API Keys to Meter Developer Usage

Create API Keys The name “Key” implies security – there is no security in baking text in an App’s code

Set access permissions at the API/Stage level API Keys should be used alongside a stronger authorization mechanism

Meter usage of API Keys through CloudWatch Logs API Keys should be used purely to meter app/developer usage

You can leverage AWS Sig-v4 to sign and authorize API calls — Amazon Cognito and AWS Security Token Service (STS) simplify the

generation of temporary credentials for your app

You can support OAuth or other authorization mechanisms through custom headers

— Simply configure your API methods to forward the custom headers to your backend

Authentication Options

Using Sig-v4

Call /login (no auth)

Receive credentials to sign API calls

Client API Gateway Back End

/login

/login

fn_Login

Credentials verified

Access & Secret Key

Throttling and Caching

Throttling helps you manage traffic to your backend Throttle by developer-defined Requests/Sec limits Requests over the limit are throttled

— HTTP 429 response

The generated SDKs retry throttled requests

API Throttling

You can configure a cache key and the Time to Live (TTL) of the API response Cached items are returned without calling the backend A cache is dedicated to you, by stage You can provision between 0.5GB to 237GB of cache

Caching API Responses

An API Call Flow

cached? throttled?

itemHTTP 429

SDK Generation

SDKs are generated based on API deployments (Stages) If Request and Response Models are defined, the SDK includes input and output marshaling of your methods SDKs know how to handle throttling responses SDKs also know how to sign requests with AWS temporary credentials (Sig-v4) Support for Android, iOS, JavaScript, …

Generate Client SDKs Based on Your APIs

How much does it cost?

Amazon API Gateway Pricing

$3.50 per Million API Gateway requests 1 Million API requests per month for 12 months

— Included in the AWS Free Tier

Data Transfer Out (Standard AWS Prices) — $0.09/GB for the first 10 TB — $0.085/GB for the next 40 TB — $0.07/GB for the next 100 TB — $0.05/GB for the next 350 TB

Optional – Dedicated Cache Pricing

Cache Memory Size (GB) Price per Hour (USD)

0,5 $0,0201,6 $0,038

6 $0,200

13 $0,250

28 $0,500

58 $1,000

118 $1,900

237 $3,800

Availability

Amazon API Gateway

http://aws.amazon.com/apigateway/