Amazon API Gateway

Amazon API Gateway is an Amazon Web Services (AWS) service offering that allows a developer to connect non-AWS applications to AWS back-end resources, such as servers or code. Amazon API Gateway allows an AWS customer to increase the overall utility of Amazon’s other cloud services.

An application program interface (API) allows two or more software programs to communicate with each other to achieve greater functionality for a product. An AWS user creates, manages and maintains APIs within Amazon API Gateway, which accepts and processes concurrent API calls. The service manages traffic, authorizes end users and monitors performance. A developer can connect with services such as AWS Elastic Beanstalk and Elastic Compute Cloud (EC2) instances and event-driven code from AWS Lambda.

When creating an API, a developer defines its name, an HTTP function, how the API integrates with services and how requests and transfers are handled. A developer then uses a software development kit (SDK) to integrate with software that calls the APIs, including custom SDKs for mobile app and Web app development. Amazon API Gateway accepts all payloads sent over HTTP, including JavaScript Object Notation and Extensible Markup Language. An AWS user can monitor API calls on a metrics dashboard in Amazon API Gateway and can retrieve error, access and debug logs from Amazon CloudWatch.

Amazon API Gateway provides two means of handling API call traffic. API throttling is available to limit the number of API calls per hour or per day. This helps to maintain the performance of calling applications when there is an unexpected spike in API calls -- such as when many users start using an application at the same time. Since many API calls use the same information and return the same result, caching can be invoked to provide common API responses rather than performing all of the processing required to produce a result. Caching reduces the number of API calls and further improves performance of the calling applications.

Amazon API Gateway provides security using access keys to control API access. The service interacts with Amazon Identity and Access Management and Amazon Cognito to authorize access to APIs. The service also supports AWS Signature Version 4 as an additional security option; this creates access keys for each API call. OAuth tokens can also be passed to running workloads as an alternative security measure.

The service also allows an AWS user to operate multiple versions of an API simultaneously, allowing a developer to build and deploy new APIs while existing applications use previous versions of the API.

This was last updated in October 2015

Continue Reading About Amazon API Gateway

Dig Deeper on AWS tools for development