Build and Manage Your APIs with Amazon API Gateway
-
Upload
amazon-web-services -
Category
Technology
-
view
2.194 -
download
1
Transcript of Build and Manage Your APIs with Amazon API Gateway
©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved
Build and Manage Your APIs with
Amazon API GatewaySimon Poile – General Manager, AWS
API proliferation
The number of published APIs is growing rapidly
2418
10302
0
2000
4000
6000
8000
10000
12000
Jun
-05
Oct-
05
Feb
-06
Jun
-06
Oct-
06
Feb
-07
Jun
-07
Oct-
07
Feb
-08
Jun
-08
Oct-
08
Fe
b-0
9
Jun
-09
Oct-
09
Feb
-10
Jun
-10
Oct-
10
Feb
-11
Ju
n-1
1
Oct-
11
Feb
-12
Jun
-12
Oct-
12
Feb
-13
Jun
-13
Oct-
13
* Data from ProgrammableWeb
Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time consuming.
Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time consuming.
• Access authorization is a challenge.
Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time consuming.
• Access authorization is a challenge.
• Traffic spikes create an operational burden.
Your feedback
• Managing multiple versions and stages of an API is difficult.
• Monitoring third-party developers’ access is time
consuming.
• Access authorization is a challenge.
• Traffic spikes create an operational burden.
• What if I don’t want servers at all?
Host multiple versions and stages of your APIs
Create and distribute API keys to developers
Leverage signature version 4 to authorize access to APIs
Throttle and monitor requests to protect your back end
Utilize AWS Lambda
Introducing Amazon API Gateway
Benefits of using API Gateway
Managed cache to store API responses
Reduced latency and Distributed Denial of Service (DDoS)
protection through Amazon CloudFront
SDK generation for iOS, Android, and JavaScript
Swagger support
Request/response data transformation
An API call flow
Internet
Mobile apps
Websites
Services
API
Gateway
AWS Lambda
functions
AWS
API Gateway
cache
Endpoints on
Amazon
EC2/AWS
Elastic
Beanstalk
Any other publicly
accessible endpointAmazon
CloudWatch
monitoring
Build, deploy, clone, and roll back
• Build APIs with their resources, methods, and settings
• Deploy APIs to a stage
– Users can create as many stages as they want, each with its own throttling,
caching, metering, and logging configuration
• Clone an existing API to create a new version
– Users can continue working on multiple versions of their APIs
• Roll back to previous deployments
– We keep a history of customers’ deployments so they can revert to a
previous deployment
API configuration
• You can create APIs
• Define resources within an API
• Define methods for a resource
– Methods are resource + HTTP verb
Pet Store
/pets
/pets/{petId}
• GET
• POST
• PUT
API deployments
• API configuration can be deployed to a
stage
• Stages are different environments; for
example:
– Dev (e.g., example.com/dev)
– Beta (e.g., example.com/beta)
– Prod (e.g., example.com/prod)
– As many stages as you need
Pet Store
dev
beta
gamma
prod
Manage multiple versions and stages of your APIs
API 1 (v1)
Stage (dev)
Stage (prod)
API 2 (v2)
Stage (dev)
Custom domain names
• You can configure custom domain names
• Provide API Gateway with a signed HTTPS certificate
• Custom domain names can point to an API or a stage
• Point to an API and stage
– Beta (e.g., yourapi.com/beta)
– Prod (e.g., yourapi.com/prod)
Use API keys to meter developer usage
• Create API keys
• Set access permissions at the API/stage level
• Meter usage of the API keys through Amazon
CloudWatch Logs
Use API keys to authorize access
• The name “key” implies security – there is
no security in baking text in an app’s code
• API keys should be used purely to meter
app/developer usage
• API keys should be used alongside a
stronger authorization mechanism
Leverage AWS signature version 4
or use a custom header
• You can leverage AWS signature version 4 to sign
and authorize API calls
– Amazon Cognito and AWS Security Token Service (AWS STS)
simplify the generation of temporary credentials for your app
• You can support OAuth or other authorization
mechanisms through custom headers
– Simply configure your API methods to forward the custom headers to
you back end
Using signature version 4 to authenticate calls to your API
Call login API, no
authentication
required
Client API Gateway Backend
/loginAWS
Lambda
fn_login
User
accounts
database
Credentials
verified
Amazon Cognito
developer
authenticated
identities
Access and
secret key/login
Receives
credentials to
sign API calls
API throttling
• Throttling helps you manage traffic to your back end
• Throttle by developer-defined requests-per-second
limits
• Requests over the limit are throttled
– HTTP 429 response
• The generated SDKs retry throttled requests
Caching API responses
• You can configure a cache key and the Time to Live
(TTL) of the API response
• Cached items are returned without calling the back end
• A cache is dedicated to you, by stage
• You can provision between 0.5 GB and 237 GB of
cache
Request processing workflow
Receive incoming request
• Check for item in dedicated cache
• If found, return cached item
Check throttling configuration
• Check current requests-per-second rate
• If above allowed rate, return 429
Execute back-end call
API models
• Models are a JSON schema representation of
your API requests and responses
• Models are used for input and output filtering
and SDK generation
• You can reuse models across multiple methods
in your API
Input/output transforms
• Use Velocity templates to transform data
• Filter output results
– Remove private or unnecessary data
– Filter dataset size to improve API performance
• GET to POST
– Read all query string parameters from your GET request and create a body to
make a POST request to your back end
• JSON to XML
– Receive JSON input and transform it to XML for your back end
– Receive JSON from an AWS Lambda function and transform it to XML
Transform example: JSON to XML
API GatewayBack end
GET - /sayHelloAWS
Lambda
fn_sayHello
/sayHello
{
“message” : “hello world”
}
<xml>
<message>
Hello world
</message>
</xml>
#set($root = $input.path('$'))
<xml>
<message>
$root.message
</message>
</xml>
Generate client SDKs based on Your APIs
• SDKs are generated based on API deployments (stages)
• If request-response models are defined, the SDK includes
input and output marshalling of your methods
• SDKs know how to handle throttling responses
• SDKs also know how to sign requests with AWS
temporary credentials (signature version 4)
• Support for Android, iOS, JavaScript, …
API Gateway pricing
• $3.50 per million API Gateway requests
• Included in the AWS Free Tier
– 1 million API requests per month for 12 months
• Data Transfer Out (standard AWS prices)
– $0.09/GB for the first 10 TB
– $0.085/GB for the next 40 TB
– $0.07/GB for the next 100 TB
– $0.05/GB for the next 350 TB
Optional – Dedicated cache pricing
Cache memory
size (GB)
Price per hour
(USD)
0.5 $0.020
1.6 $0.038
6 $0.200
13 $0.250
28 $0.500
58 $1.000
118 $1.900
237 $3.800
Availability
• Today!
• Initially available in:
– US East (N. Virginia)
– US West (Oregon)
– EU West (Dublin)
• We plan to enable other regions rapidly
API GatewayBuild, deploy, and manage your APIs
http://aws.amazon.com/api-gateway