Manage your APIs with Amazon API Gateway

Overview Build and Manage your APIs with Amazon API Gateway


Amazon API Gateway

# Host multiple versions and stages of your APIs
# Create and distribute API Keys to developers
# Leverage AWS Sigv4 to authorize access to APIs
# Throttle and monitor requests to protect your backend
# Utilizes AWS Lambda
# Manages cache to store API resources
# Reduced latency and DDoS protection through CloudFront
# SDK Generation for iOS, Android and JavaScript
# Swagger support
# Request / Response data transformation and API mocking

How Amazon API Gateway works?


Build, Deploy, Clone & Rollback

1. Build APIs with their resources, methods, and settings
2. Deploy APIs to a stage
    @ Users can create as many Stages as they want, each with its own Throttling, Caching, Metering and Logging configuration
3. Clone an existing API to create a new version
    @ Users can continue working on multiple versions of their APIs
4. Rollback to previous deployments
    @ We keep a history of customers' deployments so they can revert to a previous deployment

To configure an API

# You can create APIs
# Define resources within an API
# Define methods for a resource
    @ Methods are Resource + HTTP verb

API Deployments

# API Configuration can be deployed to a stage
# Stages are different environments (Dev, Beta, Prod, As many stages as you need)

Custom Domain Names

# You can configure custom domain names with subdomains and basepaths
# Pointing to an API you have access to all stages
    @ Beta
    @ Prod
# Pointing directly to your 'prod' stages
    @ Prod

Metering and Authorization (API keys are made to meter the usage of the API)

# Create API Keys
# Set access permissions at the API/Stage level
# Meter usage of the API Keys through CloudWatch logs

API Keys

# API Keys should be used purely to meter app/developer usage
# API Keys should be used alongside a stronger authorization mechanism.

Leverage AWS Sigv4, or Use a custom Header

# You can leverage AWS Sigv4 to sign and authorize API calls
    Amazon Cognito and AWS Security Token Service (STS) simplify the generation of temporary credentials for your app
# You can support OAuth or other authorization mechanisms through custom headers
    Simply configure your API methods to forward the custom headers to your backend.

Using Sigv4 to authenticate calls to your API

 

You declare '/login' API, that POST 'username' and 'password'. They have Lambda function behind it, that verifies 'username' and 'password' against 'User Accounts database'. Once the credentials are verified, Lambda function calls 'Amazon Cognito', a service that can generate temporary credentials, that is tight to a role, in associated with a particular event of the end user. Lambda function calls Cognito a feature called 'developer authenticated identities' and simply tells 'Cognito' that they have authenticated a user, they trust them and this is their unique identifier. Cognito response to the request with an 'Open Id token' for the user and a unique 'Identity Id'. This 'Open Id token' can then be treated for temporary user credential. These credentials are formed by an 'Access Key', a 'Secret key' and a 'session token'. And they return back to the client.

This temporary credentials with AWS last for one hour.

Throttling and Caching (Both help to reduce latency and protect the backend from traffic hikes)

1. API Throttling
# Throttling helps you manage traffic to your backend
# Throttle by developer-defined Requests/Sec limits
# Requests over the limit are throttled
    @ HTTP 429 response
# The generated SDKs retry throttled requests

2. Caching of API Responses
# You can configure a cache key and the Time to Live (TTL) of the API response.
# Cached items are returned without calling the backend
# A cache is dedicated to you, by stage
# You can provision between 0.5GB to 237GB of cache.

Request processing workflow

When the request comes in we first check whether the item exists in the cache. If it does exist in the cache, then there is no need to throttle the request, because we can handle the traffic. So we simply return the response. If we can't find the item in the cache, we will check the throttling setup and the status. if we are over the throttling limit, we will return a throttle response (HTTP 429 response), trust the client SDK to do the exponential backoff and retry that request. otherwise, we will execute it and call the backend.

Input / Output Transformation.

# Use Velocity Templates to transform data.
# Filter output results
    Remove private or unnecessary data
    Filter dataset size to improve API performance
# GET to POST
    Read all query string parameters from your GET request, and create a body to make a POST to your backend
# JSON to XML
    Receive JSON input and transform it to XML for your backend
    Receive JSON from a Lambda function and transform it to XML.

Transform Example : JSON to XML

 

Comments

Post a Comment

Popular Posts