Learn REST vs HTTP APIs, authentication options, throttling, caching, and the standard serverless API architecture pattern.
API Gateway — Create and Manage APIs
API Gateway is a fully-managed service for creating REST APIs, HTTP APIs, and WebSocket APIs. It handles authentication, throttling, caching, and routing — so you focus on your Lambda functions, not the API plumbing.
Teacher Note: API Gateway is the front door of your serverless application. It is like a receptionist who: checks who is calling (authentication), limits how many calls can come in (throttling), remembers recent answers (caching), and directs calls to the right person (routing to Lambda or backend services).
REST API vs HTTP API
| Feature | REST API | HTTP API |
|---|
| Cost | More expensive | 70% cheaper |
| Features | Full-featured: usage plans, request/response transforms, caching, WAF | Simple: JWT auth, CORS, Lambda integration |
| Performance | Slightly higher latency | Lower latency |
| Best For | Complex APIs needing all features | Most Lambda APIs — recommended default |
Key Features
- Authentication: Cognito User Pools (JWT), Lambda Authorizer (custom logic), API Keys
- Throttling: rate limiting per API key or globally — prevents abuse and runaway costs
- Caching: cache GET responses for configurable TTL — reduces Lambda invocations
- Stage Variables: deploy same API to dev/staging/prod with different Lambda aliases
- Usage Plans: monetise your API — different plans with different rate limits for customers
Common Serverless API Pattern
Client --> HTTPS --> API Gateway --> Lambda --> DynamoDB
With auth:
Client --> HTTPS --> API Gateway --> [Cognito Authorizer] --> Lambda --> DynamoDB
|
Validates JWT token
Rejects invalid tokens
Returns 401 Unauthorized
Exam Tip: HTTP API is the recommended choice for most new Lambda-backed APIs. It is simpler, cheaper, and faster. Choose REST API only when you need: request/response transformation, API caching, WAF integration, or usage plans for monetisation.