Hide sidebar
leetcode/DSA courseSystem Design

AWS API Gateway

AWS API Gateway
Medium
AWS API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. It acts as a "front door" for applications to access data, business logic, or functionality from your back-end services, such as workloads running on Amazon Elastic Compute Cloud (Amazon EC2), code running on AWS Lambda, or any web application.

Variants:

Google Cloud EndpointsAzure API ManagementKong API Gateway

What is AWS API Gateway?

At its core, API Gateway allows you to create a unified API endpoint for your clients, regardless of how many microservices or backend systems you have. It handles all the tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.

Your interviewer will expect you to understand that using an API Gateway is a standard pattern for building modern, microservices-based applications. It simplifies the client-side code and allows you to evolve your backend services without impacting your clients.

Key Features of API Gateway

  • Scalability: API Gateway automatically scales to handle the amount of traffic your API receives.
  • Security: It provides multiple mechanisms for controlling access to your APIs, including AWS Identity and Access Management (IAM), Amazon Cognito, and Lambda authorizers.
  • Monitoring: API Gateway integrates with Amazon CloudWatch, allowing you to monitor metrics like the number of calls, latency, and error rates.
  • Caching: You can enable API caching in API Gateway to cache your endpoint's responses. Caching can reduce the number of calls made to your endpoint and also improve the latency of requests to your API.
  • Throttling and Rate Limiting: You can set throttling rules based on the number of requests per second for each API or even for each method in your APIs.

Request and Response Transformations

A powerful feature of API Gateway is the ability to transform requests and responses. This allows you to decouple your public-facing API from your backend services. Your interviewer will be impressed if you can discuss how you would use this feature to build a more flexible and resilient system.

  • Request Transformation: You can use API Gateway to modify the request before it's sent to your backend service. For example, you could add headers, modify the request body, or even change the request path. This is useful if your backend service expects a different request format than what your clients are sending.

  • Response Transformation: You can also use API Gateway to modify the response before it's sent to the client. For example, you could filter out certain fields, add new fields, or even change the response status code. This is useful if you want to expose a simplified or modified version of your backend service's response to your clients.

Velocity Template Language (VTL)

API Gateway uses the Velocity Template Language (VTL) for request and response transformations. VTL is a simple but powerful template language that allows you to access and manipulate the request and response data.

Authentication and Authorization

API Gateway provides multiple ways to secure your APIs. Your interviewer will expect you to be able to discuss the different options and choose the best one for a given scenario.

  • IAM Roles and Policies: You can use IAM roles and policies to grant access to your APIs. This is a good choice for internal APIs that are only accessed by other AWS services.

  • Amazon Cognito: Cognito is a fully managed user identity and authentication service. You can use it to add user sign-up, sign-in, and access control to your web and mobile apps. Cognito integrates with API Gateway to provide a secure and scalable way to authenticate and authorize your users.

  • Lambda Authorizers: For more custom authorization logic, you can use a Lambda authorizer. A Lambda authorizer is a Lambda function that you provide to control access to your API methods. When a client makes a request to your API, API Gateway calls your Lambda authorizer, which returns an IAM policy that specifies whether the client is authorized to make the request. This is a great way to integrate with a third-party authentication provider or to implement your own custom authorization logic.

Types of API Gateways

API Gateway offers three different types of APIs, and your interviewer may ask you to choose the best one for a given scenario.

  • HTTP API: This is the newest and most cost-effective type of API Gateway. It's designed for building low-latency, high-performance APIs. It's a great choice for serverless workloads and simple, stateless APIs.

  • REST API: This is the original type of API Gateway and provides a wider range of features than HTTP APIs, including API keys, per-client throttling, and request validation. It's a good choice for more complex APIs that require more control and flexibility.

  • WebSocket API: This type of API Gateway is used for building real-time, two-way communication applications, such as chat apps or real-time dashboards. It maintains a persistent connection between the client and the server, allowing the server to push data to the client without the client having to poll for it.

How to Use API Gateway in a System Design Interview

When you're in a system design interview, you don't need to be an expert on every feature of API Gateway. However, you should be able to articulate why you would use it and how it fits into your overall architecture.

A great way to introduce API Gateway is to first design your system with clients talking directly to your microservices. Then, you can identify the challenges with this approach (e.g., multiple points of entry, duplicated authentication logic, difficulty in monitoring) and introduce API Gateway as a solution.

Here are some key points to mention:

  • Single Point of Entry: Explain that API Gateway provides a single, unified entry point for all your clients. This simplifies the client-side code and makes it easier to manage your APIs.
  • Authentication and Authorization: Mention that you would use API Gateway to handle authentication and authorization. You can talk about using a Lambda authorizer to validate a JWT token or using IAM roles to control access to specific endpoints.
  • Rate Limiting and Throttling: Discuss how you would use API Gateway to protect your backend services from being overwhelmed with traffic. This is especially important for public-facing APIs.
  • Integration with other AWS Services: A key selling point of API Gateway is its tight integration with other AWS services. You can mention how you would use it to trigger Lambda functions, proxy requests to EC2 instances, or integrate with other services like SQS or Kinesis.

By discussing these points, you'll demonstrate to your interviewer that you understand the value of an API Gateway and how it can be used to build a scalable, secure, and reliable system.