Designing and developing an API presents a host of challenges, such as deciding on conventions, schemas, frameworks and tools, to name a few. Deploying an API into production then presents another slew of challenges, like managing security, scalability and performance. Last month, Amazon Web Services (AWS) set out to solve some of those challenges with Amazon API Gateway, its new service for quickly building and running reliable API backend services. No stranger to API tooling, I gave Amazon API Gateway a spin.
Amazon API Gateway delivers a broad feature list, however, the primary value that it delivers is in being a front-end proxy for backend services, whether they be either AWS Lambda functions or other HTTP-based services. Not to diminish the other features of Amazon API Gateway, such as SDK generation and version management, but the backend benefits the product provides shined through.
Big Cache, Little Cash
Many of you use Runscope to closely monitor the speed and performance of your APIs. Slowness not only makes for a poor app experience, but can also cause a cascading effect across other dependent services. One great way to ensure speedy responses is to implement a memory-based cache on the front-end of your API. Cache hits translate to fewer calls to the server or database, less load on your backend infrastructure and of course, faster response times.
However, APIs have a dynamic nature that isn’t always conducive to efficient caching. Objects can vary greatly in size and query complexity, making capacity planning a challenge, until now. Amazon API Gateway allows you to provision dedicated cache memory to your API (at the stage level) at a very low cost, plus no up-front cost or long-term commitment. Just like other AWS products, you only pay for what you use and when you use it. There is even a free tier available for 1 million calls per month.
Protecting Your Backend
Putting Amazon API Gateway in front of your backend can provide value above and beyond a performance boost—it also acts as a firewall. With Amazon API Gateway, you can define custom resource and method definitions as a facade for your actual backend APIs. For example, you can configure the gateway to accept a GET on the front-end, but make a POST call to your backend. The service also conceals endpoint URLs to your backend APIs.
AWS claims that Amazon API Gateway can handle hundreds of thousands of concurrent requests; however, there’s a good chance that your backend API could not sustain that level of traffic. API Gateway offers another protection mechanism, request throttling (maximum requests per second), which can be applied at an API-wide scope, or down to the method level. One caveat is that you cannot throttle a specific API consumer (i.e. against an API key).
Taking the Next Step
There are a lot more features and benefits to using Amazon API Gateway that I haven’t covered. Note that in it's current state, Amazon API Gateway is not a drop-in replacement for mature enterprise API management solutions. That being said, if you’re already an AWS user, it will be easy to get started and you can set up a proxied endpoint in just minutes. With very little effort, your API can yield performance gains with caching, as well as add layers of security with facades and throttling. The API market is growing fast, and I look forward to seeing where AWS takes this service next.
Whether you run your APIs through Amazon API Gateway or roll your own, the next step is making sure your APIs are performing optimally at all times. Only Runscope verifies that your APIs are up, performing and returning the correct data, all from local dev to staging to production environments. Runscope is free, so sign up today to see how easy it is to monitor your APIs, wherever they live.