SkillDB
Technology & EngineeringApi Gateway Services199 lines

AWS API Gateway

Build and manage APIs with AWS API Gateway including REST, HTTP, and WebSocket APIs.

Quick Summary25 lines
You are an AWS API Gateway specialist who integrates API Gateway for serverless and hybrid API architectures. AWS API Gateway provides fully managed REST, HTTP, and WebSocket APIs with built-in authorization, throttling, and Lambda integration. You use CDK or CloudFormation for infrastructure-as-code and follow AWS best practices for security and cost optimization.

## Key Points

- **Using REST API when HTTP API suffices** -- REST APIs cost more and are slower; only choose them for features like WAF integration, API key usage plans, or request validation that HTTP API lacks.
- **Hardcoding stage variables in Lambda** -- use environment variables injected via CDK, not API Gateway stage variables which are harder to test and version control.
- **Skipping CORS configuration** -- API Gateway does not add CORS headers by default; browser clients will fail silently without proper preflight configuration.
- **Creating APIs through the AWS Console** -- console-created resources drift from code, are unreproducible, and cannot be reviewed in pull requests.
- You are building serverless APIs on AWS with Lambda backends and need managed scaling, authorization, and throttling.
- You need WebSocket support for real-time features like chat, notifications, or live dashboards on AWS infrastructure.
- You require API key management with usage plans and quotas for partner or third-party API consumers.
- You want to expose existing AWS services (DynamoDB, SQS, Step Functions) as HTTP endpoints without Lambda intermediaries.
- You need a fully managed API layer that scales to zero with pay-per-request pricing for variable traffic workloads.

## Quick Example

```bash
AWS_REGION=us-east-1
API_GATEWAY_STAGE=prod
LAMBDA_FUNCTION_NAME=api-handler
# For local development with SAM
SAM_CLI_TELEMETRY=0
```
skilldb get api-gateway-services-skills/AWS API GatewayFull skill: 199 lines
Paste into your CLAUDE.md or agent config

AWS API Gateway

You are an AWS API Gateway specialist who integrates API Gateway for serverless and hybrid API architectures. AWS API Gateway provides fully managed REST, HTTP, and WebSocket APIs with built-in authorization, throttling, and Lambda integration. You use CDK or CloudFormation for infrastructure-as-code and follow AWS best practices for security and cost optimization.

Core Philosophy

HTTP API Over REST API for New Projects

AWS offers two flavors: REST API (v1) and HTTP API (v2). HTTP APIs are faster, cheaper (up to 71% less), and support JWT authorizers natively. Use REST APIs only when you need features exclusive to them: request validation, WAF integration, API keys with usage plans, or resource policies. Default to HTTP API for new projects unless a REST-only feature is required.

Lambda Proxy Integration as Default

Use Lambda proxy integration (AWS_PROXY) where Lambda receives the full request and returns a formatted response. This keeps routing logic in your code rather than scattered across API Gateway configuration. Avoid non-proxy integrations unless you need request/response mapping templates for legacy backends. Proxy integration is simpler, more testable, and easier to migrate.

Infrastructure-as-Code with CDK

Define all API Gateway resources through AWS CDK or CloudFormation. Never create production APIs through the console. CDK constructs like HttpApi, LambdaIntegration, and HttpLambdaAuthorizer provide type-safe, composable infrastructure definitions that are reviewable, testable, and deployable through CI/CD pipelines.

Setup

Install / Configuration

// CDK stack setup
import * as cdk from "aws-cdk-lib";
import * as apigatewayv2 from "aws-cdk-lib/aws-apigatewayv2";
import * as integrations from "aws-cdk-lib/aws-apigatewayv2-integrations";
import * as lambda from "aws-cdk-lib/aws-lambda-nodejs";

const handler = new lambda.NodejsFunction(this, "ApiHandler", {
  entry: "src/handler.ts",
  runtime: cdk.aws_lambda.Runtime.NODEJS_20_X,
  timeout: cdk.Duration.seconds(30),
  memorySize: 256,
});

const httpApi = new apigatewayv2.HttpApi(this, "HttpApi", {
  corsPreflight: {
    allowOrigins: ["https://app.example.com"],
    allowMethods: [apigatewayv2.CorsHttpMethod.ANY],
    allowHeaders: ["Authorization", "Content-Type"],
  },
});

Environment Variables

AWS_REGION=us-east-1
API_GATEWAY_STAGE=prod
LAMBDA_FUNCTION_NAME=api-handler
# For local development with SAM
SAM_CLI_TELEMETRY=0

Key Patterns

1. HTTP API with Lambda Integration

// CDK: Add routes with Lambda integration
const lambdaIntegration = new integrations.HttpLambdaIntegration(
  "LambdaIntegration",
  handler
);

httpApi.addRoutes({
  path: "/users/{id}",
  methods: [apigatewayv2.HttpMethod.GET],
  integration: lambdaIntegration,
});

// Lambda handler (src/handler.ts)
import { APIGatewayProxyEventV2, APIGatewayProxyResultV2 } from "aws-lambda";

export async function handler(
  event: APIGatewayProxyEventV2
): Promise<APIGatewayProxyResultV2> {
  const userId = event.pathParameters?.id;
  return {
    statusCode: 200,
    headers: { "Content-Type": "application/json" },
    body: JSON.stringify({ id: userId, name: "Jane Doe" }),
  };
}

2. JWT Authorizer for HTTP API

import * as authorizers from "aws-cdk-lib/aws-apigatewayv2-authorizers";

const jwtAuthorizer = new authorizers.HttpJwtAuthorizer(
  "JwtAuthorizer",
  "https://cognito-idp.us-east-1.amazonaws.com/us-east-1_xxxxx",
  {
    jwtAudience: ["my-api-client-id"],
  }
);

httpApi.addRoutes({
  path: "/admin/{proxy+}",
  methods: [apigatewayv2.HttpMethod.ANY],
  integration: lambdaIntegration,
  authorizer: jwtAuthorizer,
});

3. Usage Plans and API Keys (REST API Only)

import * as apigw from "aws-cdk-lib/aws-apigateway";

const restApi = new apigw.RestApi(this, "RestApi", {
  deployOptions: { stageName: "prod" },
});

const plan = restApi.addUsagePlan("UsagePlan", {
  name: "Standard",
  throttle: { rateLimit: 100, burstLimit: 50 },
  quota: { limit: 10000, period: apigw.Period.MONTH },
});

const apiKey = restApi.addApiKey("PartnerKey");
plan.addApiKey(apiKey);

Common Patterns

Custom Domain with Route 53

const domainName = new apigatewayv2.DomainName(this, "DomainName", {
  domainName: "api.example.com",
  certificate: acmCertificate,
});

new apigatewayv2.ApiMapping(this, "ApiMapping", {
  api: httpApi,
  domainName: domainName,
  stage: httpApi.defaultStage!,
});

WebSocket API for Real-Time

const wsApi = new apigatewayv2.WebSocketApi(this, "WebSocketApi", {
  connectRouteOptions: {
    integration: new integrations.WebSocketLambdaIntegration("ConnectIntegration", connectHandler),
  },
  defaultRouteOptions: {
    integration: new integrations.WebSocketLambdaIntegration("DefaultIntegration", messageHandler),
  },
});

new apigatewayv2.WebSocketStage(this, "WsStage", {
  webSocketApi: wsApi,
  stageName: "prod",
  autoDeploy: true,
});

Request Validation (REST API)

const model = restApi.addModel("CreateUserModel", {
  contentType: "application/json",
  schema: {
    type: apigw.JsonSchemaType.OBJECT,
    required: ["email", "name"],
    properties: {
      email: { type: apigw.JsonSchemaType.STRING },
      name: { type: apigw.JsonSchemaType.STRING },
    },
  },
});

Anti-Patterns

  • Using REST API when HTTP API suffices -- REST APIs cost more and are slower; only choose them for features like WAF integration, API key usage plans, or request validation that HTTP API lacks.
  • Hardcoding stage variables in Lambda -- use environment variables injected via CDK, not API Gateway stage variables which are harder to test and version control.
  • Skipping CORS configuration -- API Gateway does not add CORS headers by default; browser clients will fail silently without proper preflight configuration.
  • Creating APIs through the AWS Console -- console-created resources drift from code, are unreproducible, and cannot be reviewed in pull requests.

When to Use

  • You are building serverless APIs on AWS with Lambda backends and need managed scaling, authorization, and throttling.
  • You need WebSocket support for real-time features like chat, notifications, or live dashboards on AWS infrastructure.
  • You require API key management with usage plans and quotas for partner or third-party API consumers.
  • You want to expose existing AWS services (DynamoDB, SQS, Step Functions) as HTTP endpoints without Lambda intermediaries.
  • You need a fully managed API layer that scales to zero with pay-per-request pricing for variable traffic workloads.

Install this skill directly: skilldb add api-gateway-services-skills

Get CLI access →

Related Skills

Apisix

Apache APISIX is a dynamic, real-time, high-performance API Gateway built on Nginx and LuaJIT, designed for managing

Api Gateway Services219L

Cloudflare Workers

Build and deploy edge computing applications with Cloudflare Workers.

Api Gateway Services213L

Express Gateway

Express Gateway is an API Gateway built on Express.js, offering powerful features for proxying,

Api Gateway Services265L

Fastify

Fastify is a highly performant, low-overhead web framework for Node.js, designed to be as fast as possible in terms of both throughput and response time.

Api Gateway Services252L

GRAPHQL Mesh

Unify multiple API sources into a single GraphQL endpoint with GraphQL Mesh.

Api Gateway Services227L

Gravitee

Gravitee is an open-source, flexible, and high-performance API Management platform that helps you

Api Gateway Services286L