1. Amazon API Gateway is an AWS service for creating, publishing, maintaining, monitoring, and securing REST, HTTP, and WebSocket APIs at any scale.
2. API Gateway handles all the tasks of concurrent API calls, including traffic management, CORS support, authorization and access control, throttling, monitoring, and API version management.
3. An Amazon API Gateway can be considered as the collection of resources and methods which are integrated with back-end HTTP endpoints, Lambda functions or other AWS services.
4. API Gateway provides pay-as-you-go service that handles all aspects of creating and operating APIs for application back ends.
5. WebSocket routing in Amazon API Gateway is used to correctly route the messages to a specific integration. You specify a routing key and integration backend to invoke when defining your WebSocket API.
6. API Gateway forms the app-facing part of the AWS serverless infrastructure when combined with Lambda.
7. API Gateway’s Back-end services include Amazon EC2, AWS Lambda or any web application.
8. CloudFront can be used as the public endpoint for API Gateway.
9. Custom domain and SNI are supported by API Gateway.
10. APIs created with Amazon API Gateway expose HTTPS endpoints only.
11. API Gateway assigns an internal domain that automatically uses the API Gateway certificates.
12. Supported data formats include JSON, XML, query string parameters, and request headers.
13. Can enable Cross Origin Resource Sharing (CORS) for multiple domain.
14. Any payload sent over HTTP (always encrypted over HTTPS).
15. You can add caching to API calls by provisioning an Amazon API Gateway cache and specifying its size in gigabytes.
16. The API endpoint type can be edge-optimized, regional, or private.
17. An edge-optimized API endpoint is best for geographically distributed clients. API requests are routed to the nearest CloudFront Point of Presence (POP).
18. Edge-optimized APIs capitalize the names of HTTP headers.
19. For a regional API, any custom domain name that you use is specific to the region where the API is deployed.
20. Regional API endpoints pass all header names through as-is.
21. A private API endpoint is an API endpoint that can only be accessed from your Amazon Virtual Private Cloud (VPC) using an interface VPC endpoint, which is an endpoint network interface (ENI) that you create in your VPC.
22. Private API endpoints pass all header names through as-is.
23. Option to use AWS Sig-v4 to authorize access to APIs.
24. API Gateway allows you to maintain a cache to store API responses.
25. Request/response data transformation and API mocking.
26. Resiliency through throttling rules based on the number of requests per second for each HTTP method.
27. Throttling can be configured at multiple levels including Global and Service Call.
28. Caching features include customizable keys and time-to-live (TTL) in seconds for your API data which enhances response times and reduces load on back-end services.
29. API Gateway can scale to any level of traffic received by an API.
30. The Amazon API Gateway logs (near real time) back-end performance metrics such as API calls, latency, and error rates to CloudWatch.
31. You can monitor through the API Gateway dashboard (REST API).
32. API Gateway also meters utilization by third-party developers.
33. API Gateway utilization data is available in the API Gateway console and through APIs.
34. Amazon API Gateway is integrated with AWS CloudTrail as well.
35. You pay only for the API calls you receive and the amount of data transferred out.
36. There are no data transfer out charges for Private APIs.
37. API Gateway uses the following things to realize an API that can be exposed to the end-user
37.a. A container which defines the API to be exposed
37.b. Request types that are supported for the API container.
37.c. URL Paths that have to be supported as part of the API (/main, /help, /register etc.).
37.d. Destinations like Lambda, EC2 instances etc. which receive the request.
38. API Gateway provides several features as
38.a. Metering : Define plans that meter and restrict third-party developer access to APIs.
38.b. Security : Multiple tools to authorize access to APIs and control service operation access.
38.c. Resiliency : Manage traffic with throttling.
38.d. Operations Monitoring : A metrics dashboard to monitor calls to services.
38.e. Lifecycle Management : Operate multiple API versions and multiple stages for each version simultaneously.