AWS API Gateway: REST API vs HTTP API - amazon-web-services

What is the difference between AWS API Gateway REST API vs HTTP API? Why would you use one over the other. What different functionalities does each support?
The documentation says:
API Gateway REST API A collection of HTTP resources and methods that
are integrated with backend HTTP endpoints, Lambda functions, or other
AWS services.........Each API resource can expose one or more API
methods that have unique HTTP verbs supported by API Gateway.
API Gateway HTTP API A collection of routes and methods that are
integrated with backend HTTP endpoints or Lambda functions....Each route can expose
one or more API methods that have unique HTTP verbs supported by API
Gateway.
However I cannot make much sense out of this.

According to their documentation from 2019, they're stating the following:
HTTP APIs are up to 71% cheaper compared to REST APIs, but offer only API proxy functionality.
So it seems you can't use the HTTP api's for anything other than proxying your own backend API.
Additionally, check this comprehensive documentation on when to use one over the other.

Related

AWS api gateway upstream authentications

I have a question about aws api gateway and it's possibility about upstream authentication.
We come from a monolithic approach and we try to slice into multiple services. We introduced SSO a few weeks ago.
There are some legacy services in place with basic auth credentials or api keys used for machine to machine communication.
Now we want to introduce an api gateway to have a single entrypoint for our clients.
The gateway needs to pass multipart/form-data in form of files and simple json requests as well. The plan is to validate the users in the API Gateway and passthrough the requests to the upstream services.
The services as mentioned above have unfortunately different ways of authentication.
I tried to use AWS API Gateway HTTP API to authenticate against ab backend API secured with basic auth credentials.
The HTTP Api has the advantage that you already have a jwt authroizer in place and you don't need to build your own lambda function for that. Unfortunately you can't set the Authorization header in the HTTP API but you can do in the REST API. I'm also not sure if the REST API will handle multipart/form-data passing through to the destination service.
I already know, that the file limit is 10MB for this requests.
Alternatives like kong, krakend, tyk or others are also welcome when the provide this capabilities as easy as possible.
Thanks a lot.

Use HTTP API with AWS Amplify

I have the "new" HTTP API with a DynamoDB and lambda, I want to provide support for my app to the macOS computers. Is it possible to use the HTTP API Gateway with Amplify? I only see an option for GraphQL and REST
Thaks

AWS ApiGatewayV2 HTTP API with custom authorization lambda

Is it possible to use a custom authorization lambda with ApiGatewayV2 for a HTTP API?
I know it's supported for a WebSocket API but there seems to only be support for AWS' own JWT authorizer for HTTP APIs. Does anyone know of a smart way to solve this?
The reason I'm asking is I need to validate third party tokens that do not fully follow OAuth2 standards (and therefore cannot use the out of the box JWT authorizer).
It is possible to have a custom authorizer lambda with an AWS ApiGatewayV2 HTTP API.
For me at the moment (still early in my development) I actually have both a V2 WEBSOCKET and a V2 HTTP API using the same lambda for authentication, and both APIs using another lambda for the route handling -- yes, only 2 lambdas handling both APIs.
It is a bit of a mess because each API type has different event formats.
I created the WEBSOCKET API first and got the authorization lambda for it working first using OAUTH "client_credentials" and JWTs.
Then I added the HTTP API -- but it did require specifically declaring (I use terraform) the $default stage, a deployment, an integration, and a route with a $default route_key. The route is where the "CUSTOM" authorizer gets tied in. The point here is that using the so-called "quick create" V2 HTTP api does not appear to allow a custom authorizer.
Edit
This is now a feature added to HTTP API Gateways, more can be found in the Introducing IAM and Lambda authorizers for Amazon API Gateway HTTP APIs announcement.
Original
Unfortunately Lambda custom authorizers have not been migrated to be supported by HTTP API Gateways yet.
To build RESTful APIs, you can use either HTTP APIs or REST APIs from API Gateway. REST APIs offer a wide variety of features for building and managing RESTful APIs. HTTP APIs are up to 71% cheaper compared to REST APIs, but offer only API proxy functionality. HTTP APIs are optimized for performance—they offer the core functionality of API Gateway at a lower price.
The above quote from the announcement indicates that this is a light weight version of API Gateway at the moment.

AWS Api Gateway / AWS ALB / Kong Api Gateway

I have a task to replace current CA layer 7 with new API gateway.
New API gateway should be able to handle
1. Rate limiting
2. Authentication
3. Version handling etc.,
After researching i found we could use AWS api gateway or Kong api gateway or AWS ALB with Cognito for authentication support.
This is so overwhelming to understand the basic differences, could you please give some insight on basic concept in simple words and some pointers or link that i should refer to start with.
API Gateway keep track of every deploy you make in the Deployment History tab. There you will find all versions of your API and you can change to any of them whenever you want.
You can also create your api gateway from a Swagger file.
For every method that you create for a resource you need to configure the Method Request, the Integration Request, the Integration Response and the Method Response.
The Integration Request is where everything happens. You will set there how you are going to handle your requests, if you are going to integrate with any aws service like firehose or if you are going for a lambda integration or with an existing HTTP endpoint.
Mapping Templates uses Apache Velocity Template Language (VTL). http://velocity.apache.org/engine/1.7/vtl-reference.html
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html
Getting started with REST apis:
https://docs.aws.amazon.com/apigateway/latest/developerguide/getting-started.html
API GATEWAY INTEGRATION TYPES:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-integration-types.html
How to import a rest api:
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-import-api.html
Limits and known issues:
https://docs.aws.amazon.com/apigateway/latest/developerguide/limits.html
Deploying:
https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-deploy-api.html
Publish:
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-publish-your-apis.html
AWS API Gateways supports lambda authoriser for authentication which is integrated with any identity provider - Azure AD, Cognito pool etc. It supports both Client Credentials (service to service) authentication and Authentication code(user based authentication) but AWS ALB don't support client credentials authentication flow.
AWS API Gateway also provides caching, request & response mapping, customise handling for each response type, request validation, throttling where AWS ALB is yet to be improved for all these feature.
Kong api gateway also provide similar feature as AWS API Gateway with added features
If all the backend services are deployed in AWS and you don't need
complex API gateway then go for AWS API Gateway. It is pay per use service and you don't need to pay for extra support for API gateway assuming your services are already deployed in AWS.
If you need api gateway solution with complex requirement and extra features then Kong API gateway can be considered. But you will need to either pay for Kong API gateway support or need extra effort in coding when used open source.
AWS ALB can be used only for specific scenarios and it is getting matured day by day.

Sign API Gateway Request With AWS SDK

When you download an auto-generated API client for Java or JavaScript they reference base helper components. Is a version of these available for Xamarin, or is there any way to make or sign requests to the API Gateway using the Xamarin AWS SDK? The only thing I see is the 'test' method in the AWSSDK.APIGateway client, which seems intended for management operations.
My API requires authentication, I'm using Cognito to authenticate users.
UPDATE:
So I didn't realize at first that it was possible to call my Lambda functions directly using the AWS SDK and I don't need to use the API Gateway at all.
the auto-generated API clients are only available for iOS, Android, and JavaScript at this time. We have received requests for multiple other languages, which are on our backlog.
The API Gateway client in all of the traditional AWS SDKs is only built for the API Gateway control APIs, which are used to configure and deploy your RestApis.
You'll have to write/extend your own signer. This may be helpful: https://github.com/awslabs/aws-sdk-xamarin/blob/master/AWS.XamarinSDK/AWSSDK_Core/Amazon.Runtime/Pipeline/Handlers/Signer.cs
or the public signature docs: http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html