Amazon API Gateway

  • Enables developers to create, publish, maintain, monitor, and secure APIs at any scale.
  • This is a HIPAA eligible service.
  • Allows creating, deploying, and managing a RESTful API to expose backend HTTP endpoints, Lambda functions, or other AWS services.
  • Together with Lambda, API Gateway forms the app-facing part of the AWS serverless infrastructure.
  •  Concepts
    • API deployment – a point-in-time snapshot of your API Gateway API resources and methods. To be available for clients to use, the deployment must be associated with one or more API stages.
    • API endpoints – host names APIs in API Gateway, which are deployed to a specific region and of the format:
    • API key – An alphanumeric string that API Gateway uses to identify an app developer who uses your API.
    • API stage – A logical reference to a lifecycle state of your API. API stages are identified by API ID and stage name.
    • Model – Data schema specifying the data structure of a request or response payload.
    • Private API – An API that is exposed through interface VPC endpoints and isolated from the public internet
    • Private integration – An API Gateway integration type for a client to access resources inside a customer’s VPC through a private API endpoint without exposing the resources to the public internet.
    • Proxy integration – You can set up a proxy integration as an HTTP proxy integration type or a Lambda proxy integration type.
      • For the HTTP proxy integration, API Gateway passes the entire request and response between the frontend and an HTTP backend.
      • For the Lambda proxy integration, API Gateway sends the entire request as an input to a backend Lambda function.
    • Usage plan – Provides selected API clients with access to one or more deployed APIs. You can use a usage plan to configure throttling and quota limits, which are enforced on individual client API keys.
  • API Endpoint Types

    • Edge-optimized API endpoint: The default host name of an API Gateway API that is deployed to the specified region while using a CloudFront distribution to facilitate client access typically from across AWS regions. API requests are routed to the nearest CloudFront Point of Presence.
    • Regional API endpoint: The host name of an API that is deployed to the specified region and intended to serve clients, such as EC2 instances, in the same AWS region. API requests are targeted directly to the region-specific API Gateway without going through any CloudFront distribution.
      • You can apply latency-based routing on regional endpoints to deploy an API to multiple regions using the same regional API endpoint configuration, set the same custom domain name for each deployed API, and configure latency-based DNS records in Route 53 to route client requests to the region that has the lowest latency.
    • Private API endpoint: Allows a client to securely access private API resources inside a VPC. Private APIs are isolated from the public Internet, and they can only be accessed using VPC endpoints for API Gateway that have been granted access.
  • Features

    • API Gateway can execute Lambda code in your account, start Step Functions state machines, or make calls to Elastic Beanstalk, EC2, or web services outside of AWS with publicly accessible HTTP endpoints.
    • API Gateway helps you define plans that meter and restrict third-party developer access to your APIs.
    • API Gateway helps you manage traffic to your backend systems by allowing you to set throttling rules based on the number of requests per second for each HTTP method in your APIs.
    • You can set up a cache with customizable keys and time-to-live in seconds for your API data to avoid hitting your backend services for each request.
    • API Gateway lets you run multiple versions of the same API simultaneously with API Lifecycle.
    • After you build, test, and deploy your APIs, you can package them in an API Gateway usage plan and sell the plan as a Software as a Service (SaaS) product through AWS Marketplace.
    • API Gateway offers the ability to create, update, and delete documentation associated with each portion of your API, such as methods and resources.
    • Amazon API Gateway offers general availability of HTTP APIs, which gives you the ability to route requests to private ELBs AWS AppConfig, Amazon EventBridge, Amazon Kinesis Data Streams, Amazon SQS, AWS Step Functions and IP-based services registered in AWS CloudMap such as ECS tasks. Previously, HTTP APIs enabled customers to only build APIs for their serverless applications or to proxy requests to HTTP endpoints.
    • Use wildcard custom domain names (* to create multiple URLs that route to one API Gateway HTTP API.
  • All of the APIs created expose HTTPS endpoints only. API Gateway does not support unencrypted (HTTP) endpoints.
  • Monitoring

    • API Gateway console is integrated with CloudWatch, so you get backend performance metrics such as API calls, latency, and error rates.
    • You can set up custom alarms on API Gateway APIs.
    • API Gateway can also log API execution errors to CloudWatch Logs.
  • Security

    • To authorize and verify API requests to AWS services, API Gateway can help you leverage signature version 4. Using signature version 4 authentication, you can use IAM and access policies to authorize access to your APIs and all your other AWS resources.
    • You can enable AWS WAF for your APIs in Amazon API Gateway, making it easier to protect your APIs against common web exploits such as SQL injection and Cross-Site Scripting (XSS).
    • For API Gateway HTTP APIs, in addition to the previously supported OIDC/OAuth2 authorization option, you can also secure them using Lambda authorizers and IAM authorizers.
  • Pricing

    • You pay only for the API calls you receive and the amount of data transferred out.
    • API Gateway also provides optional data caching charged at an hourly rate that varies based on the cache size you select.
IT Certification Category (English)728x90

Building APIs with Amazon API Gateway:

Amazon API Gateway-related Cheat Sheets:

Note: If you are studying for the AWS Certified Advanced Networking Specialty exam, we highly recommend that you take our AWS Certified Advanced Networking – Specialty Practice Exams and read our Advanced Networking Specialty exam study guide.

AWS Certified Advanced Networking Specialty Practice Exams

Validate Your Knowledge

Question 1

In the tech startup where you are working as a Network Architect, an application uses a RESTful API hosted in AWS, which uses Amazon API Gateway and AWS Lambda. You were required by your manager to trace and analyze user requests as they go through your Amazon API Gateway API’s and eventually to the underlying services. 

Which of these options is the most appropriate tool that will meet the requirement?

  1. CloudTrail
  2. AWS X-Ray
  3. CloudWatch
  4. VPC Flow Logs

Correct Answer: 2

You can use AWS X-Ray to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services. API Gateway supports AWS X-Ray tracing for all API Gateway endpoint types: regional, edge-optimized, and private. You can use AWS X-Ray with Amazon API Gateway in all regions where X-Ray is available.

X-Ray gives you an end-to-end view of an entire request, so you can analyze latencies in your APIs and their backend services. You can use an X-Ray service map to view the latency of an entire request and that of the downstream services that are integrated with X-Ray. And you can configure sampling rules to tell X-Ray which requests to record, at what sampling rates, according to criteria that you specify. If you call an API Gateway API from a service that’s already being traced, API Gateway passes the trace through, even if X-Ray tracing is not enabled on the API.

You can enable X-Ray for an API stage by using the API Gateway management console, or by using the API Gateway API or CLI.

CloudTrail is incorrect because it is primarily used for API logging of all of your AWS resources.

CloudWatch is incorrect because it is a monitoring and management service. It does not have the capability to trace and analyze user requests as they travel through your Amazon API Gateway APIs.

VPC Flow Logs is incorrect because it is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your entire VPC. Although it can capture some details about the incoming user requests, it is still better to use AWS X-Ray as it provides a better way to debug and analyze your microservices applications with request tracing so you can find the root cause of your issues and performance.


Question 2

A developer configured an Amazon API Gateway proxy integration named MyAPI to work with a Lambda function. However, when the API is being called, the developer receives a 502 Bad Gateway error. She tried invoking the underlying function but it properly returns the result in XML format.

What is the MOST likely root cause of this issue?

  1. The API name of the Amazon API Gateway proxy is invalid.
  2. There has been an occasional out-of-order invocation due to heavy loads.
  3. The endpoint request timed-out.
  4. There is an incompatible output returned from a Lambda proxy integration backend.

Correct Answer: 4

Amazon API Gateway Lambda proxy integration is a simple, powerful, and nimble mechanism to build an API with a setup of a single API method. The Lambda proxy integration allows the client to call a single Lambda function in the backend. The function accesses many resources or features of other AWS services, including calling other Lambda functions.

In Lambda proxy integration, when a client submits an API request, API Gateway passes the raw request as-is to the integrated Lambda function, except that the order of the request parameters is not preserved. This request data includes the request headers, query string parameters, URL path variables, payload, and API configuration data. The configuration data can include current deployment stage name, stage variables, user identity, or authorization context (if any). The backend Lambda function parses the incoming request data to determine the response that it returns.

For API Gateway to pass the Lambda output as the API response to the client, the Lambda function must return the result in the following JSON format:

    "isBase64Encoded": true|false,
    "statusCode": httpStatusCode,
    "headers": { "headerName": "headerValue", ... },
    "body": "..."

Since the Lambda function returns the result in XML format, it will cause the 502 errors in the API Gateway. Hence, the correct answer is that there is an incompatible output returned from a Lambda proxy integration backend.

Tutorials Dojo Study Guide and Cheatsheet

The option that says: The API name of the Amazon API Gateway proxy is invalid is incorrect because there is nothing wrong with its MyAPI name.

The option that says: There has been an occasional out-of-order invocation due to heavy loads is incorrect because although this is a valid cause of a 502 error, the issue is most likely caused by the Lambda function’s XML response instead of JSON.

The option that says: The endpoint request timed-out is incorrect because this will likely result in 504 errors and not 502’s.



For more AWS practice exam questions with detailed explanations, visit the Tutorials Dojo Portal:

Tutorials Dojo AWS Practice Tests


Additional Training Materials: Amazon API Gateway Video Courses on Udemy

  1. AWS Serverless APIs & Apps – A Complete Introduction by Maximilian Schwarzmüller
  2. AWS Lambda & Serverless Architecture Bootcamp (Build 5 Apps) by Riyaz Sayyad
  3. Serverless Architecture on Amazon Web Services by Mahmoud Matouk



Pass your AWS and Azure Certifications with the Tutorials Dojo Portal

Tutorials Dojo portal

Our Bestselling AWS Certified Solutions Architect Associate Practice Exams

AWS Certified Solutions Architect Associate Practice Exams

Enroll Now – Our AWS Practice Exams with 95% Passing Rate

AWS Practice Exams Tutorials Dojo

Enroll Now – Our Azure Certification Exam Reviewers

azure reviewers tutorials dojo

Tutorials Dojo Study Guide and Cheat Sheets eBooks

Tutorials Dojo Study Guide and Cheat Sheets-2

FREE Intro to Cloud Computing for Beginners

FREE AWS Practice Test Samplers

Browse Other Courses

Generic Category (English)300x250

Recent Posts