πŸ“£ Limited offer: subscribe to cloudonaut plus, get a t-shirt for free

πŸ“£ Limited offer: free cloudonaut t-shirt

Comparing API Gateways on AWS

Andreas Wittig – 11 Nov 2020

Of the different API gateways offered by AWS, which option fits your needs? An API Gateway is β€œa server that acts as an API front-end, receives API requests, enforces throttling and security policies, passes requests to the back-end service, and then passes the response back to the requester.”

This is a cross-post from the Cloudcraft blog.

AWS offers five different types of API Gateways:

  • API Gateway REST API
  • API Gateway HTTP API
  • API Gateway WebSocket API
  • AppSync
  • Application Load Balancer (ALB)

Comparing API Gateways on AWS

Do you prefer listening to a podcast episode over reading a blog post? Here you go!

Typically, an API Gateway forwards requests to Lambda, DynamoDB, a load balancer (ELB), or even on-premises or third-party endpoints.

What's an API Gateway all about?

API Gateway REST API

The most mature API gateway option is called API Gateway REST API which is the full-feature flagship service to build REST APIs and has been available since 2015. As implied by the name, the service is about making RESTful web services, probably the most popular API schema those days.

A feature that makes the API Gateway REST API service stand out from the crowd is user/tenant-based throttling. The feature allows you to limit the number of requests per user or tenant. A functionality that is important for building APIs for a Software-as-a-Service business or any other scenario where 3rd parties interact with your API.

One point of criticism on API Gateway REST API is the mediocre user experience for developers. Configuring an API Gateway is complicated and cumbersome because of its feature-richness and flexibility.

In general, I recommend API Gateway REST API for Serverless applications consumed by 3rd parties as well as for enterprise scenarios.

API Gateway HTTP API

AWS announced HTTP APIs as a modern alternative to REST APIs. Despite the name, API Gateway HTTP API is also about RESTful APIs. AWS promises to deliver lower latency, reduced costs, and improved user experience with HTTP APIs.

However, API Gateway HTTP API is a very new service which was announced in December 2019 and has been generally available since March 2020. As usual, new AWS services are a minimum viable product, which means important features are missing and will probably be delivered step by step in the coming years.

I do recommend API Gateway HTTP API for prototyping. I’d be careful with using HTTP APIs for production-grade workloads due to missing user/tenant-based throttling capabilities.

Special offer: cloudonaut t-shirt

Do you love our blog posts and podcast episodes? Unlock our weekly videos and online events by subscribing to cloudonaut plus.

Special offer: Join cloudonaut plus before November 30th, and we will send you a cloudonaut t-shirt for free.

Subscribe now!

API Gateway WebSocket API

Nowadays, many architectures utilize the request/response model. However, in many scenarios an event-driven approach is more promising. API Gateway WebSocket API offers an event-driven API that allows you to send messages from the client to the server but also the other way around.

The client establishes a connection to the API Gateway, while both sides aim to keep the connection alive. When the client sends an event over the WebSocket, the API Gateway forwards the event to a backend – for example a Lambda function. Whenever needed, it is possible to send API Gateway a message for the connected client as well.

Realtime API with Websockets

The API Gateway WebSocket API is a perfect choice for scenarios where minimizing latency is critical or whenever you want to push events from the server to the client.

AppSync

RESTful APIs have been popular for years. However, more and more architects are looking into GraphQL. A GraphQL API is the perfect fit for mobile applications, because of two main design goals:

  • The client asks only for the data that is needed. The API won’t return any useless attributes. Doing so reduces the amount of data that needs to be transferred.
  • The client bundles multiple queries in a single request. For example, by specifying nested queries. Doing so reduces the amount of required requests.
  • An API specification is built in automatically, defining the possible API queries in every detail. Doing so allows you to validate requests or to generate SDKs automatically.

AWS AppSync is a managed service to deploy GraphQL APIs. The service has been around since 2018. Personally, I do like the experience of building APIs with AppSync. The main reason for that, is everything starts with a GraphQL API specification. Everything else is built around that contract between client and server.

A typical use case for a GraphQL is to unify access to different backend systems (e.g., legacy applications, microservices, etc.). AppSync is definitely also a good choice for building top-notch Serverless applications.

Application Load Balancer (ALB)

Strictly speaking, an Application Load Balancer (ALB) is not an API Gateway. However, the ALB provides similar functionality. Compared to the alternatives an ALB is cost effective and very simple to use.

However, an ALB does not cover all features of a typical API Gateway. Most importantly, it is not possible to transform requests or responses. The possibilities for authentication are also limited.

Unfortunately, comparing costs between the ALB and the other options is not that simple, as their pricing models are completely different. Roughly speaking, an ALB should be more cost effective for high volume but steady workloads.

Comparison

Concluding the following table compares the different API Gateway options on AWS. As always, there is no one size fits all solution.

API Gateway REST API API Gateway HTTP API API Gateway WebSocket API AppSync ALB
Type REST API REST API Websocket GraphQL REST API
HTTPS/TLS βœ… βœ… βœ… βœ… βœ…
Backends βœ… Lambda
βœ… Public endpoint
βœ… Private endpoint
βœ… AWS Service APIs
βœ… Lambda
βœ… Public endpoint
βœ… Private endpoint
⚠️ AWS Service APIs
βœ… Lambda
βœ… Public endpoint
βœ… Private endpoint
βœ… AWS Service APIs
βœ… Lambda
βœ… Public endpoint
❌ Private endpoint
⚠️ AWS Service APIs
βœ… Lambda
❌ Public endpoint
βœ… Private endpoint
❌ AWS Service APIs
Costs πŸ’°πŸ’° πŸ’° πŸ’° πŸ’°πŸ’°πŸ’° πŸ’°πŸ’°
Maturity ⭐️⭐️⭐️⭐️⭐️ ⭐️⭐️ ⭐️⭐️⭐️⭐️ ⭐️⭐️⭐️⭐️ ⭐️⭐️⭐️⭐️
Authentication βœ… IAM
βœ… API Key
βœ… OpenID Connect
βœ… SAML
βœ… Social
βœ… Custom
βœ… IAM
❌ API Key
βœ… OpenID Connect
❌ SAML
❌ Social
βœ… Custom
βœ… IAM
❌ API Key
❌ OpenID Connect
❌ SAML
❌ Social
βœ… Custom
βœ… IAM
βœ… API Key
βœ… OpenID Connect
βœ… SAML
βœ… Social
❌ Custom
❌ IAM
❌ API Key
βœ… OpenID Connect
βœ… SAML
βœ… Social
❌ Custom
Throttling βœ… ❌ ❌ ❌ ❌
Request Validation βœ… ❌ βœ… βœ… ❌
Req./Res. Transformation βœ… ❌ βœ… βœ… ❌
Endpoints βœ… Public
βœ… Private
βœ… Public
❌ Private
βœ… Public
❌ Private
βœ… Public
❌ Private
βœ… Public
βœ… Private
WAF βœ… ❌ ❌ βœ… βœ…
Andreas Wittig

Andreas Wittig

I’m an independent consultant, technical writer, and programming founder. All these activities have to do with AWS. I’m writing this blog and all other projects together with my brother Michael.

In 2009, we joined the same company as software developers. Three years later, we were looking for a way to deploy our softwareβ€”an online banking platformβ€”in an agile way. We got excited about the possibilities in the cloud and the DevOps movement. It’s no wonder we ended up migrating the whole infrastructure of Tullius Walden Bank to AWS. This was a first in the finance industry, at least in Germany! Since 2015, we have accelerated the cloud journeys of startups, mid-sized companies, and enterprises. We have penned books like Amazon Web Services in Action and Rapid Docker on AWS, we regularly update our blog, and we are contributing to the Open Source community. Besides running a 2-headed consultancy, we are entrepreneurs building Software-as-a-Service products.

We are available for projects.

You can contact me via Email, Twitter, and LinkedIn.

Briefcase icon
Hire me