# AWS API Gateway

<p align=center><a href=https://aws.amazon.com/api-gateway><img src=images/API_Gateway_Logo.png width=250></a></p>

## Introduction
*Amazon API Gateway* is an AWS service that allows the creation, maintenance and securing of scalable *REST*, *HTTP* and *Websocket* APIs. APIs can be created to access AWS services and other web services or data stored in the AWS Cloud. As a developer, you can use the service to create APIs that serve your client's applications or that are available to third-party app developers.

## Types of APIs

* **REST APIs** are the de facto standard for client-server communication. Although REST APIs have a higher latency rate than HTTP APIs, they have full endpoint support, supporting edge-optimised, regional and private endpoints. They also support endpoint caching and response validation, unlike HTTP APIs.<br>
 
* **HTTP APIs** were created to be the version of REST APIs that offers relatively low latency rates and cost implementation. Amazon created this API in 2019 and reported that it can offer up to a 60% reduction in latency. However, it does not offer as many features as REST APIs, and it only has regional endpoint support on AWS.<br>
 
* **Websocket APIs** allow full-duplex communication between client and server. Simply put, communication can be initiated in both directions. The client can send requests to the server AND the server can send requests to the client. They can be used to create real-time applications, such as messaging applications, where the server might send you a notification, and you might send it a message for a friend.

The full breakdown of the differences between HTTP APIs and REST APIs by AWS can be found [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html).



## Creating an AWS Gateway REST API

Upon opening the AWS API Gateway from the AWS Services dashboard, you will be met with this landing page: 

<p align="center">
    <img src="images/API Gateway Console.png" width="800"/>
</p>


After selecting **Create API**, you can chose the type of API you want to build (HTTP, REST or WebSocket) or import your externally developed API. 

<p align="center">
    <img src="images/APIs Types.png" height="400" width="550"/>
</p>


For this example, we will be building a new REST API. Select **Build** from the REST API option to create a new REST API. 

Under **Choose the protocol** select REST API, and under **Create new API** select New API. Name the API, and provide a description. Subsequently, you will be required to select the **Endpoint type** for the API.

<p align="center">
    <img src="images/Create API.png" width="700" height="400"/>
</p>

## API endpoint types

* **Regional:** For APIs that are only available in the specific AWS region for which the API was created
* **Edge optimised:** For APIs to be deployed to the AWS Cloudfront
* **Private:** For APIs that are only available through a configured VPC endpoint

More details on API endpoints can be found in the AWS documentation [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-endpoint-types.html).

In our case, a regional API will suffice. Once selected, create the API by clicking the Create API button.

After creating your API, you will be met with the main dashboard, where you can begin to build the API. The sidebar on the left-hand side provides many options for creating your API. We will focus on the main areas:

* **Resources:** Collection of resources and methods, such as HTTP endpoints, lambda functions or AWS services, which can interact with the API
* **Stages:** Create staging areas (e.g. pre-deployment and post-deployment areas) for testing the gateway before serving the API to the end-user
* **Authorizers:** Use a lambda function or Amazon cognito user pool to control which users have access to your gateway
* **Models:** Define the structure of the incoming payload between the client and server
* **Gateway Responses:** Configure the common gateway responses, e.g. access denied, default 4XX, bad request body in the case of the gateway failing, etc.
* **Resource Policy:** Configure access control to the API with IAM conditions or VPC endpoints
* **Documentation:** Add documentation so that users of your API can understand how it is used<br></br>
  

<p align="center">
    <img src="images/API Methods.png" width="800" height="450"/>
</p>

## API Resources

On the **Actions** dropdown list, you will be presented with the various options for creating resources and methods:

* **Create Method:** The methods are the same methods you would find in any other REST API, such as GET, POST, PUSH, etc.
* **Create Resource:** Define a new API resource that we can assign methods to operate on 
* **Enable Cross-Origin Resource Sharing (CORS):** CORS sharing allows you to define how resources in another domain might interact securely with your API gateway. More details can be found [here](https://docs.aws.amazon.com/AmazonS3/latest/userguide/cors.html). <br></br>


<p align="center">
    <img src="images/Create Resource.png" width="800" height="450"/>
</p>

We will create a new child resource for our API. Select **Configure as proxy resource**. For **Resource Name** enter `proxy` and for **Resource Path** enter `/{proxy+}`. Finally, select **Enable API Gateway CORS** and choose **Create Resource**.

<p align="center">
    <img src="images/New Child Resource.png" width="750" height="350"/>
</p>

After you create the resource, the **Create Method** window will open up. To use a method, you need to 'integrate' it with an endpoint on the backend. These endpoints can be an integration, such as an HTTP endpoint, lambda function or AWS service. Below are the types of integrations available:

* **Lambda function:** Integrate your service with an AWS lambda function.
* **HTTP:** Enable your API to communicate with an HTTP-endpoint backend.
* **Mock:** Allow the API to return a response without sending the backend; useful for testing your API.
* **AWS Service:** Integrate your API with an AWS service.
* **VPC Link:** Integrate your API with a VPC link, allowing you to connect your API to private resources.

Detailed information on the types of integrations can be found in the AWS docs [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-integration-types.html).

## Proxy Integrations

When creating your integration, you will have the option of creating it as a proxy integration. Proxy integrations provide the selected integration access to many resources and features at once, without specifying multiple resource paths using the greedy parameter, **{proxy+}**. For instance, consider that your API has the resource paths:

> - **car/{type}/{subtype}/{parts}**
> - **car/{type}/{subtype}/{colour}**
> - **car/{type}/{subtype}/{colour}/{cost}**

As your API grows, it can be very tedious to specify these paths individually for your integration when you enable access to all available resources. By creating a proxy resource with the **{proxy+}** parameter and the **ANY** method, you can provide your integration with access to all available resources. A more detailed explanation of proxy integrations can be found [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-lambda-proxy-integrations.html). 


Once the integration is created and configured, you will be to access the **Method Execution** screen by selecting **OPTIONS** under our `/{proxy+}`. The Method Execution panel shows the execution order of the methods and allows you to test the method. There are four main steps when processing the request and response.

* **Method Request:** This step is used to configure security settings (API keys, authorization, validation), query-string parameters and request headers.
* **Integration Request:** At this step, the gateway makes a request to the integration, passing along the request data and transforming it, if necessary.
* **Integration Response:** Here the result is returned from the backend. Afterwards, the results are transformed if required, and sent to the method response. 
* **Method Response:** The method response contains the output of the API, which will be served to the user. Usually, the output contains the HTTP status code, headers and a body.

You can read more about responses and request-data mapping [here](https://docs.aws.amazon.com/apigateway/latest/developerguide/request-response-data-mappings.html). 

<p align="center">
    <img src="images/Method Execution.png" width="600" height="300"/>
</p>

## Deploy API

From drop-down **Actions** menu select **Deploy API**. For **Deploymnet stage**, choose New Stage. For **Stage name** enter the desired stage name(for example dev, test or production). Finally choose **Deploy**.

<p align="center">
    <img src="images/Deploy API.png" width="400" height="300"/>
</p>

Make note of the **Invoke URL** after deploying the API. Your external URL will look like: 

`https://YourAPIInvokeURL/test/` 


## API Repsonses in Python

Now we can use the Python requests library to test the API and obtain a response. To do this, you will have to send `POST` requests to your **Invoke URL** with the desired data.

To see whether the request was successfully processed we can `print(response.status_code)`, which should return a status 200, indicating success.

## Conclusion
At this point, you should have a good understanding of:

* The different types of APIs available from API Gateway
* The different types of methods we can create and the available integrations from API Gateway
* The difference between responses and requests
* The difference between methods and resources
* How to configure different types of API methods and the role of each method
