Amazon API Gateway is a fully managed service that makes it easy for developers to create, deploy, secure and monitor APIs at any scale. In this session, you’ll find out how you can quickly declare an API interface and connect it to any public HTTP endpoint, existing web service running on Amazon Elastic Compute Cloud (Amazon EC2) or code running on AWS Lambda. Amazon API Gateway handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management. Join us for this introductory session to Amazon API Gateway.
4. Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time consuming.
5. Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time consuming.
• Access authorization is a challenge.
6. Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time consuming.
• Access authorization is a challenge.
• Traffic spikes create an operational burden.
7. Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time
consuming.
• Access authorization is a challenge.
• Traffic spikes create an operational burden.
• What if I don’t want servers at all?
8. Host multiple versions and stages of your APIs
Create and distribute API keys to developers
Leverage signature version 4 to authorize access to APIs
Throttle and monitor requests to protect your back end
Utilize AWS Lambda
Introducing Amazon API Gateway
9. Benefits of using API Gateway
Managed cache to store API responses
Reduced latency and Distributed Denial of Service (DDoS)
protection through Amazon CloudFront
SDK generation for iOS, Android, and JavaScript
Swagger support
Request/response data transformation
11. An API call flow
Internet
Mobile apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
cache
Endpoints on
Amazon
EC2/AWS
Elastic
Beanstalk
Any other publicly
accessible endpoint
Amazon
CloudWatch
monitoring
12. Build, deploy, clone, and roll back
• Build APIs with their resources, methods, and settings
• Deploy APIs to a stage
– Users can create as many stages as they want, each with its own throttling,
caching, metering, and logging configuration
• Clone an existing API to create a new version
– Users can continue working on multiple versions of their APIs
• Roll back to previous deployments
– We keep a history of customers’ deployments so they can revert to a
previous deployment
13. API configuration
• You can create APIs
• Define resources within an API
• Define methods for a resource
– Methods are resource + HTTP verb
Pet Store
/pets
/pets/{petId}
• GET
• POST
• PUT
14. API deployments
• API configuration can be deployed to a
stage
• Stages are different environments; for
example:
– Dev (e.g., example.com/dev)
– Beta (e.g., example.com/beta)
– Prod (e.g., example.com/prod)
– As many stages as you need
Pet Store
dev
beta
gamma
prod
15. Manage multiple versions and stages of your APIs
API 1 (v1)
Stage (dev)
Stage (prod)
API 2 (v2)
Stage (dev)
16. Custom domain names
• You can configure custom domain names
• Provide API Gateway with a signed HTTPS certificate
• Custom domain names can point to an API or a stage
• Point to an API and stage
– Beta (e.g., yourapi.com/beta)
– Prod (e.g., yourapi.com/prod)
18. Use API keys to meter developer usage
• Create API keys
• Set access permissions at the API/stage level
• Meter usage of the API keys through Amazon
CloudWatch Logs
19. Use API keys to authorize access
• The name “key” implies security – there is
no security in baking text in an app’s code
• API keys should be used purely to meter
app/developer usage
• API keys should be used alongside a
stronger authorization mechanism
20. Leverage AWS signature version 4
or use a custom header
• You can leverage AWS signature version 4 to sign
and authorize API calls
– Amazon Cognito and AWS Security Token Service (AWS STS)
simplify the generation of temporary credentials for your app
• You can support OAuth or other authorization
mechanisms through custom headers
– Simply configure your API methods to forward the custom headers to
you back end
21. Using signature version 4 to authenticate calls to your API
Call login API, no
authentication
required
Client API Gateway Backend
/login
AWS
Lambda
fn_login
User
accounts
database
Credentials
verified
Amazon Cognito
developer
authenticated
identities
Access and
secret key
/login
Receives
credentials to
sign API calls
23. API throttling
• Throttling helps you manage traffic to your back end
• Throttle by developer-defined requests-per-second
limits
• Requests over the limit are throttled
– HTTP 429 response
• The generated SDKs retry throttled requests
24. Caching API responses
• You can configure a cache key and the Time to Live
(TTL) of the API response
• Cached items are returned without calling the back end
• A cache is dedicated to you, by stage
• You can provision between 0.5 GB and 237 GB of
cache
25. Request processing workflow
Receive
incoming
request
• Check for item in
dedicated cache
• If found, return
cached item
Check throttling
configuration
• Check current
requests-per-second
rate
• If above allowed
rate, return 429
Execute back-
end call
27. API models
• Models are a JSON schema representation of
your API requests and responses
• Models are used for input and output filtering
and SDK generation
• You can reuse models across multiple methods
in your API
28. Input/output transforms
• Use Velocity templates to transform data
• Filter output results
– Remove private or unnecessary data
– Filter dataset size to improve API performance
• GET to POST
– Read all query string parameters from your GET request and create a body to
make a POST request to your back end
• JSON to XML
– Receive JSON input and transform it to XML for your back end
– Receive JSON from an AWS Lambda function and transform it to XML
29. Transform example: JSON to XML
API Gateway
Back end
GET - /sayHello
AWS
Lambda
fn_sayHello
/sayHello
{
“message” : “hello world”
}
<xml>
<message>
Hello world
</message>
</xml>
#set($root = $input.path('$'))
<xml>
<message>
$root.message
</message>
</xml>
31. Generate client SDKs based on Your APIs
• SDKs are generated based on API deployments (stages)
• If request-response models are defined, the SDK includes
input and output marshalling of your methods
• SDKs know how to handle throttling responses
• SDKs also know how to sign requests with AWS
temporary credentials (signature version 4)
• Support for Android, iOS, JavaScript, …
32. API Gateway pricing
• $3.50 per million API Gateway requests
• Included in the AWS Free Tier
– 1 million API requests per month for 12 months
• Data Transfer Out (standard AWS prices)
– $0.09/GB for the first 10 TB
– $0.085/GB for the next 40 TB
– $0.07/GB for the next 100 TB
– $0.05/GB for the next 350 TB
34. Availability
• Today!
• Initially available in:
– US East (N. Virginia)
– US West (Oregon)
– EU West (Dublin)
• We plan to enable other regions rapidly