Scribd
Upload
10 views11 pages

aws-keypoints-ch-30-API-Gateway

API Gateway is a fully managed service that simplifies the creation, management, and security of APIs, allowing developers to connect applications to back-end services without server maintenance. It offers features like traffic management, throttling, caching, and support for Cross-Origin Resource Sharing (CORS) to enhance performance and security. With no minimum fees, users only pay for API calls and data transfer, making it a cost-effective solution for handling concurrent API requests.

Uploaded by

priya.yadavaps
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
10 views11 pages

aws-keypoints-ch-30-API-Gateway

API Gateway is a fully managed service that simplifies the creation, management, and security of APIs, allowing developers to connect applications to back-end services without server maintenance. It offers features like traffic management, throttling, caching, and support for Cross-Origin Resource Sharing (CORS) to enhance performance and security. With no minimum fees, users only pay for API calls and data transfer, making it a cost-effective solution for handling concurrent API requests.

Uploaded by

priya.yadavaps
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 11

API Gateway

Key Points
API Gateway Simplified:

API Gateway is a fully managed service for developers that makes it easy
to build, publish, manage, and secure entire APIs. With a few clicks in the
AWS Management Console, you can create an API that acts as a “front
door” for applications to access data, business logic, or functionality from
your back-end services, such as workloads running on EC2) code running
on AWS Lambda, or any web application.
API Gateway Key Details:

Amazon API Gateway handles all the tasks involved in accepting and processing
up to hundreds of thousands of concurrent API calls, including traffic
management, authorization and access control, monitoring, and API version
management.

Amazon API Gateway has no minimum fees or startup costs. You pay only for
the API calls you receive and the amount of data transferred out.
API Gateway Key Details:

API Gateway does the following for your APIs:

Exposes HTTP(S) endpoints for RESTful functionality


Uses serverless functionality to connect to Lambda & DynamoDB
Can send each API endpoint to a different target
Runs cheaply and efficiently
Scales readily and effortlessly
Can throttle requests to prevent attacks
Track and control usage via an API key
Can be version controlled
Can be connected to CloudWatch for monitoring and observability
API Gateway Key Details:

Since API Gateway can function with AWS Lambda, you can run your APIs and
code without needing to maintain servers.

Amazon API Gateway provides throttling at multiple levels including global and
by a service call.

In software, a throttling process, or a throttling controller as it is sometimes


called, is a process responsible for regulating the rate at which application
processing is conducted, either statically or dynamically.
API Gateway Key Details:

Throttling limits can be set for standard rates and bursts. For example, API
owners can set a rate limit of 1,000 requests per second for a specific method in
their REST APIs, and also configure Amazon API Gateway to handle a burst of
2,000 requests per second for a few seconds.

Amazon API Gateway tracks the number of requests per second. Any requests
over the limit will receive a 429 HTTP response. The client SDKs generated by
Amazon API Gateway retry calls automatically when met with this response.
API Gateway Key Details:

You can add caching to API calls by provisioning an Amazon API Gateway cache
and specifying its size in gigabytes. The cache is provisioned for a specific stage
of your APIs. This improves performance and reduces the traffic sent to your
back end. Cache settings allow you to control the way the cache key is built and
the time-to-live (TTL) of the data stored for each method. Amazon API Gateway
also exposes management APIs that help you invalidate the cache for each
stage.
You can enable API caching for improving latency and reducing I/O for your
endpoint.
API Gateway Key Details:
When caching for a particular API stage (version controlled version), you cache
responses for a particular TTL in seconds.

API Gateway supports AWS Certificate Manager and can make use of free
TLS/SSL certificates.

With API Gateway, there are two kinds of API calls:

Calls to the API Gateway API to create, modify, delete, or deploy REST APIs.
These are logged in CloudTrail.

API calls set up by the developers to deliver their custom functionality: These
are not logged in CloudTrail.
Cross Origin Resource Sharing:
In computing, the same-origin policy is an important concept where a web
browser permits scripts contained in one page to access data from another
page, but only if both pages have the same origin.
This behavior is enforced by browsers, but is ignored by tools like cURL and
PostMan.
Cross-origin resource sharing (CORS) is one way the server at the origin can
relax the same-origin policy. CORS allows sharing of restricted resources like
fonts to be requested from another domain outside the original domain of
where the first resource was shared from.
CORS defines a way for client web applications that are loaded in one domain to
interact with resources in a different domain. With CORS support, you can build
rich client-side web applications with Amazon S3 and selectively allow cross-
origin access to your Amazon S3 resources.
Cross Origin Resource Sharing:

If you ever come across an error that mentions that an origin policy cannot be
read at the remote resource, then you need to enable CORS on API Gateway.

CORS is enforced on the client (web browser) side.

A common example of this issue is if you are using a site with Javascript/AJAX for
multiple domains under API Gateway. You would need to ensure that CORS is
enabled.
Cross Origin Resource Sharing:

CORS does not prevent XSS attacks, but does protect against CSRF attacks. What
it does is controls who can use the data served by your endpoint. So if you have
a weather website with callbacks to an API that checks the forecast, you could
stop someone from writing a website that serves JavaScript calls into your API
when they navigate to your website.

When someone attempts the malicious calls, your browser will read the CORS
headers and it will not allow the request to take place thus protecting you from
the attack.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy