AWS API Gateway

  • AWS API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale.
  • It handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.
  • API Gateway has no minimum fees or startup costs and charges only for the API calls received and the amount of data transferred out.
  • It acts as a proxy to the configured backend operations.
  • APIs built on API Gateway can accept any payloads sent over HTTP with typical data formats include JSON, XML, query string parameters, and request headers
  • API Gateway can communicate to multiple backends.
    Lambda functions
    AWS Step functions state machines
    HTTP endpoints exposed through Elastic Beanstalk, ELB or EC2 servers.
  • API Gateway endpoints are always public to the Internet and does not run within an VPC. Proxy requests to backend operations also need to be publicly accessible on the Internet.
API Gateway how it works


  • automatically meters traffic to the APIs and and lets you extract utilization data for each API key.
  • define plans that meter, restrict third-party developer access, configure throttling, and quota limits on a per API key basis


  • helps removing authorization concerns from the backend code
  • allows leveraging of AWS administration and security tools, such as IAM and Cognito, to authorize access to APIs
  • can verify signed API calls on your behalf using the same methodology AWS uses for its own APIs
  • supports custom authorizers written as Lambda functions and verify incoming bearer tokens
  • automatically protects the backend systems from distributed denial-of-service (DDoS) attacks


  • helps manage traffic with throttling so that backend operations can withstand traffic spikes
  • helps improve the performance of the APIs and the latency end users experience by caching the output of API calls to avoid calling the backend every time.

Operations Monitoring

  • integrates with CloudWatch and provides a metrics dashboard to monitor calls to API services
  • integrates with CloudWatch Logs to receive error, access or debug logs
  • provides with backend performance metrics covering API calls, latency data and error rates.

Lifecycle Management

  • allows multiple API versions and multiple stages (development, staging, production etc.) for each version simultaneously so that existing applications can continue to call previous versions after new API versions are published.
  • saves the history of the deployments, which allows rollback of a stage to a previous deployment at any point, using APIs or console

Designed for Developers

  • allows you to specify a mapping template to generate static content to be returned, helping you mock APIs before the backend is ready
  • helps reduce cross-team development effort and time-to-market for applications and allow dependent teams to begin development while backend processes is still built


  • API Gateway provides throttling at multiple levels including global and by service call and limits can be set for standard rates and bursts
  • It tracks the number of requests per second. Any requests over the limit will receive a 429 HTTP response
  • Throttling ensures that API traffic is controlled to help the backend services maintain performance and availability.


  • API Gateway provides API result caching by provisioning an API Gateway cache and specifying its size in gigabytes
  • Caching helps improve performance and reduces the traffic sent to the back end

Leave a Reply