AWS Explained
    Application Integration
    🔗Application Integration

    Amazon API Gateway

    Create, publish, and manage APIs at any scale

    API Gateway is like a receptionist for your backend services. When clients (web apps, mobile apps) need to call your backend (Lambda functions, EC2 servers, databases), they don't call directly; they go through API Gateway. API Gateway handles authentication, rate limiting, request validation, and routing. It's like having a front desk that checks IDs, enforces visiting hours, and directs visitors to the right department. API Gateway also transforms requests/responses, caches responses for performance, and provides detailed metrics. It's the front door to your APIs, making them secure, scalable, and easy to manage.

    API Gateway supports three API types: REST APIs (full-featured, stateless), HTTP APIs (lightweight, lower cost), and WebSocket APIs (bidirectional communication). You define resources (URL paths), methods (GET, POST, etc.), and integrations (Lambda, HTTP endpoints, AWS services).

    Key Capabilities

    Key features: authorization (IAM, Cognito, Lambda authorizers), throttling (rate limits per client), caching (reduce backend load), request/response transformation, and CORS support.

    Gotchas & Constraints

    Gotcha #1: API Gateway has a 29-second timeout; long-running operations should be asynchronous (return immediately, process in background). Gotcha #2: API Gateway charges per million requests plus data transfer; high-traffic APIs can be expensive. Constraints: Maximum 10,000 requests/second per account per region (request increase), maximum 10MB payload size, and maximum 29-second integration timeout for REST APIs.

    A mobile app backend runs on Lambda functions: user authentication, profile management, content retrieval. Exposing Lambda functions directly is insecure and hard to manage. They create an API Gateway REST API with resources: /auth (login/signup), /profile (get/update profile), /content (list/get content). They configure Cognito authorizer, so all requests must include a valid JWT token. They enable throttling: 1,000 requests/second per API key (prevent abuse). They enable caching for /content endpoint (5-minute TTL); reduces Lambda invocations by 80%. They configure request validation to reject requests with invalid JSON or missing required fields before invoking Lambda. They enable CloudWatch logging and create dashboards showing request count, latency, and error rates. When they need to add a new feature (/comments), they create a new resource and deploy it without affecting existing endpoints. They use API Gateway stages (dev, staging, prod) to test changes before production.

    The Result

    secure API, 80% cost reduction via caching, and easy API management.

    Official AWS Documentation