Functionkey

Amazon API Gateway

Picture of admin

admin

API Gateway
Concepts
Twitter Facebook WordPress Youtube

An Amazon API Gateway is a collection of resources and methods that are integrated with back-end HTTP endpoints, Lambda functions or other AWS services.

API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale.
API Gateway provides developers with a simple, flexible, fully managed, pay-as-you-go service that handles all aspects of creating and operating robust APIs for application back ends.
API Gateway handles all of the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls.

API calls include traffic management, authorization and access control, monitoring, and API version management. Together with Lambda, API Gateway forms the app-facing part of the AWS serverless infrastructure. Back-end services include Amazon EC2, AWS Lambda or any web application (public or private endpoints).

CloudFront is used as the public endpoint for API Gateway. Supports API keys and Usage Plans for user identification, throttling or quota management.

Using CloudFront behind the scenes, custom domains, and SNI are supported.
Can be published as products and monetized on AWS Marketplace. Collections can be deployed in stages.

Permissions to invoke a method are granted using IAM roles and policies or API Gateway custom authorizers.

An API can present a certificate to be authenticated by the back-end. All of the APIs created with Amazon API Gateway expose HTTPS
endpoints only (does not support unencrypted endpoints).

By default, API Gateway assigns an internal domain that automatically uses the API Gateway certificates.

When configuring your APIs to run under a custom domain name you can provide your own certificate.

Supported data formats include JSON, XML, query string parameters,and request headers.

API Gateway
Cross Origin Resource Sharing

Can enable Cross Origin Resource Sharing (CORS) for multiple domain use with Javascript/AJAX:

  • Can be used to enable requests from domains other than the APIs domain.
  • Allows the sharing of resources between different domains.
  • The method (GET, PUT, POST etc) for which you will enable CORS must be available in the API Gateway API before you enable CORS.
  • If CORS is not enabled and an API resource received requests from another domain the request will be blocked.
  • Enable CORS on the APIs resources using the selected methods under the API Gateway.

Data types used with API Gateway:

  • Any payload sent over HTTP (always encrypted over HTTPS).
  • Data formats include JSON, XML, query string parameters and request headers.
  • You can declare any content type for your APIs responses, and then use the transform templates to change the back-end response into your desired format.

You can add caching to API calls by provisioning an Amazon API Gateway cache and specifying its size in gigabytes.

API
Endpoints

An API endpoint type refers to the hostname of the API. The API endpoint type can be edge-optimized, regional, or private, depending on where the majority of your API traffic originates from.

Edge-Optimized Endpoint:

  • An edge-optimized API endpoint is best for geographically distributed clients. API requests are routed to the nearest CloudFront Point of Presence (POP). This is the default endpoint type for API Gateway REST APIs.
  • Edge-optimized APIs capitalize the names of HTTP headers (for example, Cookie).
  • CloudFront sorts HTTP cookies in natural order by cookie name before forwarding the request to your origin. For more information about the way CloudFront processes cookies, see Caching Content Based on Cookies.
  • Any custom domain name that you use for an edge-optimized API applies across all regions.
  •  
API
Regional Endpoint
  • A regional API endpoint is intended for clients in the same region.
  • When a client running on an EC2 instance calls an API in the same region, or when an API is intended to serve a small number of clients with high demands, a regional API reduces connection overhead.
  • For a regional API, any custom domain name that you use is specific to the region where the API is deployed.
  • If you deploy a regional API in multiple regions, it can have the same custom domain name in all regions.
  • You can use custom domains together with Amazon Route 53 to perform tasks such as latency-based routing.
  • Regional API endpoints pass all header names through as-is.
hal-157883_1280

If you would like to know more about this subject or others, leave a comment below with you questions for the folks at Functionkey, Inc.

Share:

Facebook
Twitter
Pinterest
LinkedIn
On Key

Related Posts

Quick Guide to IPv4

Understanding IPv4 Subnetting and IP Classes A Comprehensive Guide The Internet Protocol version 4 (IPv4) is the foundation of network communication, enabling devices to identify

Abstract Background Lines And Dots

Brief History of Networking

From Cold War Relic to Global Phenomenon A History of Networking The internet we rely on today is a marvel of technology, but its journey

The Power of SPLUNK

Unlocking the Power of Splunk for Network and Security Engineers the Power of Splunk In the ever-evolving landscape of IT infrastructure and cybersecurity, network and

White nest sphere

IPAM

exploring what IPAM is IPAM (IP Address Management) In the world of networking, IPAM (IP Address Management) plays a crucial role in managing and tracking

IT Engineer in Server Room

GitHub, Getting Started

Installation and Basic Commands for Windows and Linux GitHub, Getting Started GitHub is a web-based platform for version control and collaboration that allows developers to

© 2019 All rights Reserved. Functionkey, Inc.