Fully managed service to create, publish, secure, and monitor APIs — often paired with AWS Lambda for serverless architectures. No servers to provision or manage.
Key Features
- Supports REST and WebSocket APIs.
- API versioning via path mapping (e.g.,
/v1,/v2).
- Multiple stages for environments (dev, test, prod).
- Built-in authentication & authorization:
- IAM policies
- Cognito User Pools
- Custom Lambda authorizers
- API keys with usage plans and throttling to control request rates.
- Import API definitions via Swagger/OpenAPI.
- Request/response transformation and validation.
- Automatic SDK generation and downloadable API specifications.
- Caching at the API Gateway level to reduce backend load and improve latency.
Commonly used to expose microservices and integrate serverless components while providing centralized security, scaling, and monitoring.