©2015, Amazon Web Services, Inc. or its affiliates. All rights reserved

Build and Manage Your APIs with

Amazon API GatewaySimon Poile – General Manager, AWS

sjp@amazon.com

API proliferation

The number of published APIs is growing rapidly

2418

10302

0

2000

4000

6000

8000

10000

12000

Jun

-05

Oct-

05

Feb

-06

Jun

-06

Oct-

06

Feb

-07

Jun

-07

Oct-

07

Feb

-08

Jun

-08

Oct-

08

Fe

b-0

9

Jun

-09

Oct-

09

Feb

-10

Jun

-10

Oct-

10

Feb

-11

Ju

n-1

1

Oct-

11

Feb

-12

Jun

-12

Oct-

12

Feb

-13

Jun

-13

Oct-

13

* Data from ProgrammableWeb

Your feedback

• Managing multiple versions and stages of an API is difficult.

Your feedback

• Managing multiple versions and stages of an API is difficult.

• Monitoring third-party developers’ access is time consuming.

Your feedback

• Managing multiple versions and stages of an API is difficult.

• Monitoring third-party developers’ access is time consuming.

• Access authorization is a challenge.

Your feedback

• Managing multiple versions and stages of an API is difficult.

• Monitoring third-party developers’ access is time consuming.

• Access authorization is a challenge.

• Traffic spikes create an operational burden.

Your feedback

• Managing multiple versions and stages of an API is difficult.

• Monitoring third-party developers’ access is time

consuming.

• Access authorization is a challenge.

• Traffic spikes create an operational burden.

• What if I don’t want servers at all?

Host multiple versions and stages of your APIs

Create and distribute API keys to developers

Leverage signature version 4 to authorize access to APIs

Throttle and monitor requests to protect your back end

Utilize AWS Lambda

Introducing Amazon API Gateway

Benefits of using API Gateway

Managed cache to store API responses

Reduced latency and Distributed Denial of Service (DDoS)

protection through Amazon CloudFront

SDK generation for iOS, Android, and JavaScript

Swagger support

Request/response data transformation

How does API Gateway work?

An API call flow

Internet

Mobile apps

Websites

Services

API

Gateway

AWS Lambda

functions

AWS

API Gateway

cache

Endpoints on

Amazon

EC2/AWS

Elastic

Beanstalk

Any other publicly

accessible endpointAmazon

CloudWatch

monitoring

Build, deploy, clone, and roll back

• Build APIs with their resources, methods, and settings

• Deploy APIs to a stage

– Users can create as many stages as they want, each with its own throttling,

caching, metering, and logging configuration

• Clone an existing API to create a new version

– Users can continue working on multiple versions of their APIs

• Roll back to previous deployments

– We keep a history of customers’ deployments so they can revert to a

previous deployment

API configuration

• You can create APIs

• Define resources within an API

• Define methods for a resource

– Methods are resource + HTTP verb

Pet Store

/pets

/pets/{petId}

• GET

• POST

• PUT

API deployments

• API configuration can be deployed to a

stage

• Stages are different environments; for

example:

– Dev (e.g., example.com/dev)

– Beta (e.g., example.com/beta)

– Prod (e.g., example.com/prod)

– As many stages as you need

Pet Store

dev

beta

gamma

prod

Manage multiple versions and stages of your APIs

API 1 (v1)

Stage (dev)

Stage (prod)

API 2 (v2)

Stage (dev)

Custom domain names

• You can configure custom domain names

• Provide API Gateway with a signed HTTPS certificate

• Custom domain names can point to an API or a stage

• Point to an API and stage

– Beta (e.g., yourapi.com/beta)

– Prod (e.g., yourapi.com/prod)

Metering and authorization

Use API keys to meter developer usage

• Create API keys

• Set access permissions at the API/stage level

• Meter usage of the API keys through Amazon

CloudWatch Logs

Use API keys to authorize access

• The name “key” implies security – there is

no security in baking text in an app’s code

• API keys should be used purely to meter

app/developer usage

• API keys should be used alongside a

stronger authorization mechanism

Leverage AWS signature version 4

or use a custom header

• You can leverage AWS signature version 4 to sign

and authorize API calls

– Amazon Cognito and AWS Security Token Service (AWS STS)

simplify the generation of temporary credentials for your app

• You can support OAuth or other authorization

mechanisms through custom headers

– Simply configure your API methods to forward the custom headers to

you back end

Using signature version 4 to authenticate calls to your API

Call login API, no

authentication

required

Client API Gateway Backend

/loginAWS

Lambda

fn_login

User

accounts

database

Credentials

verified

Amazon Cognito

developer

authenticated

identities

Access and

secret key/login

Receives

credentials to

sign API calls

Throttling and caching

API throttling

• Throttling helps you manage traffic to your back end

• Throttle by developer-defined requests-per-second

limits

• Requests over the limit are throttled

– HTTP 429 response

• The generated SDKs retry throttled requests

Caching API responses

• You can configure a cache key and the Time to Live

(TTL) of the API response

• Cached items are returned without calling the back end

• A cache is dedicated to you, by stage

• You can provision between 0.5 GB and 237 GB of

cache

Request processing workflow

Receive incoming request

• Check for item in dedicated cache

• If found, return cached item

Check throttling configuration

• Check current requests-per-second rate

• If above allowed rate, return 429

Execute back-end call

Input/output models and transforms

API models

• Models are a JSON schema representation of

your API requests and responses

• Models are used for input and output filtering

and SDK generation

• You can reuse models across multiple methods

in your API

Input/output transforms

• Use Velocity templates to transform data

• Filter output results

– Remove private or unnecessary data

– Filter dataset size to improve API performance

• GET to POST

– Read all query string parameters from your GET request and create a body to

make a POST request to your back end

• JSON to XML

– Receive JSON input and transform it to XML for your back end

– Receive JSON from an AWS Lambda function and transform it to XML

Transform example: JSON to XML

API GatewayBack end

GET - /sayHelloAWS

Lambda

fn_sayHello

/sayHello

{

“message” : “hello world”

}

<xml>

<message>

Hello world

</message>

</xml>

#set($root = $input.path('$'))

<xml>

<message>

$root.message

</message>

</xml>

SDK generation

Generate client SDKs based on Your APIs

• SDKs are generated based on API deployments (stages)

• If request-response models are defined, the SDK includes

input and output marshalling of your methods

• SDKs know how to handle throttling responses

• SDKs also know how to sign requests with AWS

temporary credentials (signature version 4)

• Support for Android, iOS, JavaScript, …

API Gateway pricing

• $3.50 per million API Gateway requests

• Included in the AWS Free Tier

– 1 million API requests per month for 12 months

• Data Transfer Out (standard AWS prices)

– $0.09/GB for the first 10 TB

– $0.085/GB for the next 40 TB

– $0.07/GB for the next 100 TB

– $0.05/GB for the next 350 TB

Optional – Dedicated cache pricing

Cache memory

size (GB)

Price per hour

(USD)

0.5 $0.020

1.6 $0.038

6 $0.200

13 $0.250

28 $0.500

58 $1.000

118 $1.900

237 $3.800

Availability

• Today!

• Initially available in:

– US East (N. Virginia)

– US West (Oregon)

– EU West (Dublin)

• We plan to enable other regions rapidly

API GatewayBuild, deploy, and manage your APIs

http://aws.amazon.com/api-gateway

Your feedback is important to AWSPlease complete the session evaluation. Tell us what you think!

NEW YORK