API Gateway – Der “Haupteingang” zu Ihren

Backend Services

Oliver Arafat, Enterprise Evangelist AWS

arafato@amazon.de

@OliverArafat

Microservices Webday

Agenda

• What is API Gateway and how does it work?

• Securing your API

• Throttling and Caching

• Pricing

• Demo

Your feedback

• Managing multiple versions and stages of an API is difficult.

• Monitoring third-party developers’ access is time

consuming.

• Access authorization is a challenge.

• Traffic spikes create an operational burden.

• What if I don’t want servers at all?

Brian Wagner | Solutions Architect

Host multiple versions and stages of your APIs

Create and distribute API keys to developers

Leverage AWS Sig-v4 to authorize access to APIs

Throttle and monitor requests to protect your backend

Managed cache to store API responses

SDK Generation for iOS, Android, and JavaScript

Swagger support

Request / Response data transformation and API mocking

Why should I use API Gateway?

How does it work?

An API call flow

Internet

Mobile apps

Websites

Services

API

Gateway

AWS Lambda

functions

AWS

API Gateway

cache

Endpoints on

Amazon

EC2/AWS

Elastic

Beanstalk

Any other publicly

accessible endpointAmazon

CloudWatch

monitoring

Build, deploy, clone, and roll back

• Build APIs with their resources, methods, and settings

• Deploy APIs to a stage

– Users can create as many stages as they want, each with its own throttling,

caching, metering, and logging configuration

• Clone an existing API to create a new version

– Users can continue working on multiple versions of their APIs

• Roll back to previous deployments

– We keep a history of customers’ deployments so they can revert to a

previous deployment

API configuration

• You can create APIs

• Define resources within an API

• Define methods for a resource

– Methods are resource + HTTP verb

Pet Store

/pets

/pets/{petId}

• GET

• POST

• PUT

API deployments

• API configuration can be deployed to a

stage

• Stages are different environments; for

example:

– Dev (e.g., example.com/dev)

– Beta (e.g., example.com/beta)

– Prod (e.g., example.com/prod)

– As many stages as you need

Pet Store

dev

beta

gamma

prod

Manage multiple versions and stages of your APIs

API 1 (v1)

Stage (dev)

Stage (prod)

API 2 (v2)

Stage (dev)

Custom domain names

• You can configure custom domain names

• Provide API Gateway with a signed HTTPS certificate

• Custom domain names can point to an API or a stage

• Point to an API and stage

– Beta (e.g., yourapi.com/beta)

– Prod (e.g., yourapi.com/prod)

Securing and Metering your API

Use API keys to meter developer usage

• Create API keys

• Set access permissions at the API/stage level

• Meter usage of the API keys through Amazon

CloudWatch Logs

Use API keys to authorize access

• The name “key” implies security – there is

no security in baking text in an app’s code

• API keys should be used purely to meter

app/developer usage

• API keys should be used alongside a

stronger authorization mechanism

Leverage AWS signature version 4

or use a custom header

• You can leverage AWS signature version 4 to sign

and authorize API calls

– Amazon Cognito and AWS Security Token Service (AWS STS)

simplify the generation of temporary credentials for your app

• You can support OAuth or other authorization

mechanisms through custom headers

– Simply configure your API methods to forward the custom headers to

you back end

Throttling and Caching

API throttling

• Throttling helps you manage traffic to your back end

• Throttle by developer-defined requests-per-second

limits

• Requests over the limit are throttled

– HTTP 429 response

• The generated SDKs retry throttled requests

Caching API responses

• You can configure a cache key and the Time to Live

(TTL) of the API response

• Cached items are returned without calling the back end

• A cache is dedicated to you, by stage

• You can provision between 0.5 GB and 237 GB of

cache

Request processing workflow

Receive incoming request

• Check for item in dedicated cache

• If found, return cached item

Check throttling configuration

• Check current requests-per-second rate

• If above allowed rate, return 429

Execute back-end call

Data filtering and transformation

API models

• Models are a JSON schema representation of

your API requests and responses

• Models are used for input and output filtering

and SDK generation

• You can reuse models across multiple methods

in your API

Input/output transforms

• Use Velocity templates to transform data

• Filter output results

– Remove private or unnecessary data

– Filter dataset size to improve API performance

• GET to POST

– Read all query string parameters from your GET request and create a body to

make a POST request to your back end

• JSON to XML

– Receive JSON input and transform it to XML for your back end

– Receive JSON from an AWS Lambda function and transform it to XML

Transform example: JSON to XML

API GatewayBack end

GET - /sayHelloAWS

Lambda

fn_sayHello

/sayHello

{

“message” : “hello world”

}

<xml>

<message>

Hello world

</message>

</xml>

#set($root = $input.path('$'))

<xml>

<message>

$root.message

</message>

</xml>

SDK Generation

Generate client SDKs based on Your APIs

• SDKs are generated based on API deployments (stages)

• If request-response models are defined, the SDK includes

input and output marshalling of your methods

• SDKs know how to handle throttling responses

• SDKs also know how to sign requests with AWS

temporary credentials (signature version 4)

• Support for Android, iOS, JavaScript, …

Pricing

API Gateway pricing

• $3.50 per million API Gateway requests

• Included in the AWS Free Tier

– 1 million API requests per month for 12 months

• Data Transfer Out (standard AWS prices)

– $0.09/GB for the first 10 TB

– $0.085/GB for the next 40 TB

– $0.07/GB for the next 100 TB

– $0.05/GB for the next 350 TB

Optional – Dedicated cache pricing

Cache memory

size (GB)

Price per hour

(USD)

0.5 $0.020

1.6 $0.038

6 $0.200

13 $0.250

28 $0.500

58 $1.000

118 $1.900

237 $3.800

Availability

• Today!

• Initially available in:

– US East (N. Virginia)

– US West (Oregon)

– EU West (Dublin)

• We plan to enable other regions rapidly

Demo

API GatewayBuild, deploy, and manage your APIs

http://aws.amazon.com/api-gateway

AWS Free Tier

aws.amazon.com/free

Thank you!

Questions?

Oliver Arafat, Enterprise Evangelist AWS

arafato@amazon.de

@OliverArafat

Microservices Webday