- API - set of protocols and tools that allow interaction between two different applications. It is a technique that enables third-party vendors to write programs that can easily interface with each other
- Endpoint - place of interaction between applications; group of resources and methods; a one end of a communication channel
- API refers to the whole set of protocols that allows communication between two systems while an endpoint is a URL that enables the API to gain access to resources on a server (https://rapidapi.com/blog/api-glossary/endpoint/).
- API – stitch applications together, usually over HTTPS
- SDKs available: .Net, Java, JavaScript, PHP, Python, Ruby, IOS, Android
- Private API – available only through VPS endpoints
- Public API – available via Internet; regional or Edge Optimized (see diagram below, API available via CloudFront)
API Gateway
-
https://aws.amazon.com/api-gateway/faqs/
- https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html
- https://docs.aws.amazon.com/apigateway/latest/developerguide/welcome.html
-
Amazon API Gateway is a fully
managed service that makes it easy for developers to create, publish, maintain,
monitor, and secure APIs at any scale.
- API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud. As an API Gateway API developer, you can create APIs for use in your own client applications. Or you can make your APIs available to third-party app developers
- Front door for accessing back-end data, business logic, or functionality from your backend services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, any web application, or real-time communication applications.
- No min fees – pay for API calls and data transferred out
- API resource – object with type, data, relationship to other resources, set of methods that operate on it (HTTP GET, PUT, DELETE, etc. – http verbs)
- Can control API access using IAM
- API Resources are organized in tree-like fashion; each resource exposing PI methods via verbs
- API developers can create APIs that access AWS or other web services, as well as data stored in the AWS Cloud. As an API Gateway API developer, you can create APIs for use in your own client applications. Or you can make your APIs available to third-party app developers
- Front door for accessing back-end data, business logic, or functionality from your backend services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, any web application, or real-time communication applications.
- No min fees – pay for API calls and data transferred out
- API resource – object with type, data, relationship to other resources, set of methods that operate on it (HTTP GET, PUT, DELETE, etc. – http verbs)
- Can control API access using IAM
- API Resources are organized in tree-like fashion; each resource exposing PI methods via verbs
- All of the APIs created with
Amazon API Gateway expose HTTPS endpoints only. Amazon API Gateway does
not support unencrypted (HTTP) endpoints. By default, Amazon API Gateway
assigns an internal domain to the API that automatically uses the Amazon API
Gateway certificate. When configuring your APIs to run under a custom domain
name, you can provide your own certificate for the domain
- Back-end endpoints accessible:
§ In VPC:
§ EC2 Endpoints
§ Out of VPC:
§ Public endpoints on VPC
§ Lambda
§ Any AWS Service
§ Any publicly accessible API endpoint - over HTTP
- Create API method to integrate with each endpoint:
§ HTTP
§ HTTP_Proxy
§ AWS
§ AWS_Proxy
§ Mock integration – API itself responds to the request with nothing passed onto the backend
§ Proxy – the entire request is passed onto the back-end service
§ Non-proxy – part of an action or all of it is to be performed on the API gateway
Benefits
- No need to maintain the infrastructure – AWS takes care of hardware etc.
- Scaling – no limits on number of requests received int API
- Requests can be throttled
§ CloudFront is used for throttling
§ can control the number of POSTs and GETs per second
§ can allow for limited time (in sec) high throughput bursts (ex: allow up to 1000 requests for 2 sec max)
§ requests breaching limits get repines of HTTP 429
§ off by default
- Gateway cache – save on going back to the back end for responses
- DDoS protection; the back-end applications are not exposed directly; Cloud
- Reduced latency – able to access via CloudFront
- Can have multiple versions of API
- Can have multiple stages of API for each version - uat, dev, live, etc.
- Can close API’s
- Gateway is able to generate keys for iOS / Android / JavaScript apps
- Swagger support – tool to automate documentation and SDK generation
- Mocking of responses– API itself responds to the request with nothing passed onto the backend
API Methods
- HTTP; you decide which should be supported for which resource:
§ GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
§ ANY – all
- Encryption is a must – only HTTPS endpoints are exposed by API Gateway (Client->API, not via SDK)
- API Gateway assigns an internal domain to each API - an internal certificate is used by default
- If chose to assign a custom domain for the API, need to supply a custom certificate
API Gateway Cache
- https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html
- You can enable API caching in Amazon API Gateway to cache your endpoint's responses. With caching, you can reduce the number of calls made to your endpoint and also improve the latency of requests to your API.
- When you enable caching for a stage, API Gateway caches responses from your endpoint for a specified time-to-live (TTL) period, in seconds. API Gateway then responds to the request by looking up the endpoint response from the cache instead of making a request to your endpoint. The default TTL value for API caching is 300 seconds. The maximum TTL value is 3600 seconds. TTL=0 means caching is disabled.
- Pay per GB of cache storage
- Caching is granular – can enable per stage (ex: prod only) and per API method
- Off by default
CORS
- Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own. (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
- In short, CORS – allowing resource shar8ing between domains
- Enable CORS on per-domain + per-resource + per-method basis – not a global setting
- https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
§ EC2 Endpoints
§ Out of VPC:
§ Public endpoints on VPC
§ Lambda
§ Any AWS Service
§ Any publicly accessible API endpoint - over HTTP
- Create API method to integrate with each endpoint:
§ HTTP
§ HTTP_Proxy
§ AWS
§ AWS_Proxy
§ Mock integration – API itself responds to the request with nothing passed onto the backend
§ Proxy – the entire request is passed onto the back-end service
§ Non-proxy – part of an action or all of it is to be performed on the API gateway
Benefits
- No need to maintain the infrastructure – AWS takes care of hardware etc.
- Scaling – no limits on number of requests received int API
- Requests can be throttled
§ CloudFront is used for throttling
§ can control the number of POSTs and GETs per second
§ can allow for limited time (in sec) high throughput bursts (ex: allow up to 1000 requests for 2 sec max)
§ requests breaching limits get repines of HTTP 429
§ off by default
- Gateway cache – save on going back to the back end for responses
- DDoS protection; the back-end applications are not exposed directly; Cloud
- Reduced latency – able to access via CloudFront
- Can have multiple versions of API
- Can have multiple stages of API for each version - uat, dev, live, etc.
- Can close API’s
- Gateway is able to generate keys for iOS / Android / JavaScript apps
- Swagger support – tool to automate documentation and SDK generation
- Mocking of responses– API itself responds to the request with nothing passed onto the backend
API Methods
- HTTP; you decide which should be supported for which resource:
§ GET, POST, PUT, PATCH, DELETE, HEAD, OPTIONS
§ ANY – all
- Encryption is a must – only HTTPS endpoints are exposed by API Gateway (Client->API, not via SDK)
- API Gateway assigns an internal domain to each API - an internal certificate is used by default
- If chose to assign a custom domain for the API, need to supply a custom certificate
API Gateway Cache
- https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html
- You can enable API caching in Amazon API Gateway to cache your endpoint's responses. With caching, you can reduce the number of calls made to your endpoint and also improve the latency of requests to your API.
- When you enable caching for a stage, API Gateway caches responses from your endpoint for a specified time-to-live (TTL) period, in seconds. API Gateway then responds to the request by looking up the endpoint response from the cache instead of making a request to your endpoint. The default TTL value for API caching is 300 seconds. The maximum TTL value is 3600 seconds. TTL=0 means caching is disabled.
- Pay per GB of cache storage
- Caching is granular – can enable per stage (ex: prod only) and per API method
- Off by default
CORS
- Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell browsers to give a web application running at one origin, access to selected resources from a different origin. A web application executes a cross-origin HTTP request when it requests a resource that has a different origin (domain, protocol, or port) from its own. (https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS)
- In short, CORS – allowing resource shar8ing between domains
- Enable CORS on per-domain + per-resource + per-method basis – not a global setting
- https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html
Monitoring
- Dashboard
- API Gateway sends metrics on backend requests and responses to CloudWatch every 1 min: latency, cache hits/misses, etc.
- Can set up CloudWatch alarms
- CloudTrail longs all API calls
No comments:
Post a Comment