BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Amazon API Gateway is an Amazon Web Services (AWS) service offering that allows a developer to connect non-AWS applications to AWS back-end resources, such as servers or code. Amazon API Gateway allows an AWS customer to increase the overall utility of Amazon’s other cloud services.
An application program interface (API) allows two or more software programs to communicate with each other to achieve greater functionality for a product. An AWS user creates, manages and maintains APIs within Amazon API Gateway, which accepts and processes concurrent API calls. The service manages traffic, authorizes end users and monitors performance. A developer can connect with services such as AWS Elastic Beanstalk and Elastic Compute Cloud (EC2) instances and event-driven code from AWS Lambda.
Amazon API Gateway provides two means of handling API call traffic. API throttling is available to limit the number of API calls per hour or per day. This helps to maintain the performance of calling applications when there is an unexpected spike in API calls -- such as when many users start using an application at the same time. Since many API calls use the same information and return the same result, caching can be invoked to provide common API responses rather than performing all of the processing required to produce a result. Caching reduces the number of API calls and further improves performance of the calling applications.
Amazon API Gateway provides security using access keys to control API access. The service interacts with Amazon Identity and Access Management and Amazon Cognito to authorize access to APIs. The service also supports AWS Signature Version 4 as an additional security option; this creates access keys for each API call. OAuth tokens can also be passed to running workloads as an alternative security measure.
The service also allows an AWS user to operate multiple versions of an API simultaneously, allowing a developer to build and deploy new APIs while existing applications use previous versions of the API.