Amazon APIGW (API Gateway) 101

Ref: https://learn.cantrill.io/courses/1820301/lectures/41301401

Application Programming Interface (API)

🔧 Defines how apps can communicate with each other
- e.g. send an HTTP GET request to https://<URL>/cats/images/<your-cat-img-id> to get the image you stored in a remote server
OpenAPI specification: popular way to define APIs
- Easy import/export of APIs
- Swagger UI: popular web-based UI for visualizing and testing APIs
- Other popular SW products for managing APIs: Postman, Insomnia, Bruno…
Screenshot of the Swagger UI of an example API

🔧 AWS-managed service for creating and managing APIs
- Endpoint/entry-point for apps
  - Manages API endpoints, resources, and methods
- Sits between applications & integrations (services)
  - Integrations = BE services which provide functionality
- Support for HTTP APIs, REST APIs, and WebSocket APIs
Managed by AWS
- Serverless
- Public service → can act as FE for services/endpoints running within AWS or on-premises
- Regionally resilient → HA, scalable
Features/support
- Handles authorization, throttling, caching
  - Throttling: how often clients can use APIs
- Supports OpenAPI specification
- Direct integration with AWS services
  - For many things you don't even need dedicated BE compute (e.g. DynamoDB, SNS…)
- Supports transformations (modifying client requests on the fly)
- Supports Cross-Origin Resource Sharing (CORS)
  - CORS controls security of cross-domain calls within browsers
  - Enabling CORS allows client web applications that are loaded in one DNS domain to interact with resources in a different DNS domain
  - 💡 Example: with CORS enabled, JavaScript code loaded from an HTML file with S3 origin (i.e. located in an S3 bucket) is allowed to call an APIGW endpoint
- Supports migrations: APIGW can act as FE while BE is migrated or rearchitected

Communication:
1. Request: authorize → validate → transform
2. Integrations perform actions
3. Response: transform → prepare → return