Amazon API Gateway

Features of Amazon API Gateways 

Let’s have look at the major features of Amazon API Gateways:

1. It supports stateful (WebSocket) and stateless (HTTP and REST) APIs.
    
2. It has really powerful, flexible authentication mechanisms, like AWS Identity and Access Management policies, Lambda authorizer functions, and Amazon Cognito user pools.
    
3. It also provides a developer portal for publishing applications’ APIs.
    
4. It enables canary release deployments for rolling out changes safely.
    
5. It also performs CloudTrail logging and monitoring of API usage and changes. 
    
6. It offers CloudWatch access and execution logging, along with the ability to set alarms.
    
7. It provides the ability to use AWS CloudFormation templates for API creation.
    
8. It offers support for custom domain names.
    
9. It offers easy integration with AWS WAF, which protects the APIs against common web exploits.
    
10. It also offers simple integration with AWS X-Ray to understand and triage performance latencies.  

Security in Amazon API Gateway 

Cloud security is the topmost priority of AWS. It is so because the data center and network architecture that is built to meet the requirements of the most security-sensitive organizations is of great benefit.

Security is a shared task between AWS and the consumer using it. This shared responsibility model describes this as security in the cloud and the security of the cloud:

• Security in the cloud – A consumer’s responsibility is determined by the AWS service that he uses. He is also responsible for other factors including the sensitivity of his data, his company’s requirements, and applicable laws and regulations.
• Security of the cloud – It is the responsibility of AWS to protect the infrastructure that runs AWS services in the AWS Cloud. AWS also provides its consumers with services that they can use securely. Third-party auditors regularly test and verify the effectiveness of their security as part of the AWS compliance programs.  

Data protection in Amazon API Gateway 

As described in the shared responsibility model, AWS is responsible for protecting the global infrastructure that runs all of the AWS Cloud and consumers are responsible for maintaining control over the content that is hosted on this infrastructure. The content involves the security configuration and management tasks for the AWS services that they use.  

For data protection purposes, it is recommended to protect the AWS account credentials and set up personal user accounts with AWS Identity and Access Management, in short, it is IAM. This way each user is given only the rights required to fulfill their duties. 

The following ways can also be adopted to ensure data security:

• Using multi-factor authentication (MFA) with each account.
• Using SSL/TLS to communicate with AWS resources. We recommend TLS 1.2 or later.
• Setting up API and user activity logging with AWS CloudTrail.
• Using AWS encryption solutions, along with all default security controls within AWS services.
• Using advanced managed security services like Amazon Macie, which assists in discovering and securing personal data that is stored in Amazon S3. 

Amazon API Gateway Use Cases

We now move on to describe its uses cases in detail:

Create RESTful APIs 

Features of RESTful APIs created by API Gateways:

1. RESTful APIs are HTTP-based.
2. They enable stateless client-server communication.
3. They implement standard HTTP methods like GET, POST, PUT, PATCH, and DELETE.   

API Gateway offers the following REST APIs management functionalities are:

• Supporting SDKs generation and API documentation creation using API Gateway extensions to OpenAPI
• Throttling the HTTP requests

Create WebSocket APIs

Features of WebSocket APIs created by API Gateways:

1. WebSocket APIs adhere to the WebSocket protocols, that allow stateful,
   full-duplex communication between client and server.
2. They route incoming messages based on message content. A WebSocket route in API Gateway is employed to direct incoming messages to a particular integration, like an AWS Lambda function.

Specific use-cases include real-time applications such as the following:

• Chat applications
• Real-time dashboards like stock tickers
• Any type of real-time alerts and notifications

Prominent users of API Gateway 

There are two types of developers who need API Gateway. They are app developers and API developers. 

An app developer develops a functioning application to call AWS services by calling a WebSocket or REST API built by an API developer in API Gateway. An app developer uses the API Gateway service element for execution of API , called execute-api, to invoke an API that was developed or deployed in API Gateway.

An API developer builds and deploys an API to allow the needed functionality in API Gateway. The API developer should be an IAM(Identity and Access Management) user in the AWS account that owns the API. An API developer specifically works with the API Gateway service component for API management, named apigateway, for creating, configuring, and deploying an API.

The app developer is actually the customer of the API developer. The app developer is not required to have an AWS account, provided that the API either doesn't require IAM permissions or supports the authorization of users through third-party federated identity providers

Frequently Asked Questions 

What is API caching?

With API caching, API Gateway caches the responses from the endpoint for a specified time-to-live period, in seconds. Instead of making requests to the endpoint,  API Gateway responds to the requests by looking up the response from the cache. 
There is a reason, API caching is required. API Caching leads to reduction in the number of calls made to the endpoint consequently improving the latency of the requests to the API.

What is a resource?

A resource is a part of the API domain. It has the associated relationships, data model to other resources. It can also define resources as variables for intercepting.

Who are the major users of API Gateway?

App developers and API developers are the major users of API Gateway.

Conclusion

This article extensively discusses Amazon API Gateway, its features, SEcurity in Amazon API Gateway, Data Protection in Amazon API Gateway and use cases

We hope that this blog has helped you enhance your knowledge regarding Amazon API Gateway, and if you would like to learn more, check out our articles on Coding Ninjas Blogs. 
You can refer to our Interview Experiences, Problems, and Guided Paths to strengthen your placement preparation.

Do upvote our blog to help other ninjas grow!

Happy Coding!