Riptide Blog

API Gateway: Scalable & Server-less Backend Development with AWS

Posted by Cesar Gonzalez on July 29, 2015

It’s no secret that developing and maintaining APIs can be challenging. Tasks like hosting multiple versions of your APIs, monitoring third-party developers access, access authorization controls, traffic spikes, and scaling servers, are all things that require a lot of attention and resources.

Leveraging API Gateway + Lambda

Screen Shot 2015-07-28 at 1.21.04 PM


To address these challenges, AWS (Amazon Web Services) introduced a new gateway service that helps developers deliver robust, secure and scalable mobile, and web application backends. With the new API Gateway service, developers can easily define the API structure he wants and connect it with other AWS or third parties services.

API Gateway simplifies the client side development as there’s only a need to point to a single set of APIs, while you can wire and replace the services that this APIs are pointing. In some occasions without the need to modify or redeploy a new client application.


Managing multiple versions

With API Gateway you can easily define and point multiple versions of your API to different servers, those APIs can be deployed on the same end server, multiple servers or Lambda service. You can easy deprecate or return back a version through the console interface.

Control third-party developers access

Another challenge that is controlling the access and usage of your APIs by third parties, API Gateway provides you a great solution by allowing developers to distribute API keys to third party providersthe APIs and stages that they can access. You can also do authentication and authorization leveraging Cognito, and provide access to the resources you want.


Another really useful feature is the throttling settings, that can be set at Stage Level or Method Level. You can set the maximum number of times the api can be called per second.

SDK Generation

To make developers life easier API Gateway service generates code for the consumption of the API, you can generate sdk’s for Android(Java), iOS(Objective-c) and Web Pages(Javascript). You just need to download the sdk’s and include the AWS API Gateway framework in your project and you  are good to go, the code generated syncs all of the endpoints and in all the cases is suggested to use IAM (Identity and Access Management service) for authorization. I would suggest to use Cognito for handling all the authentication/authorization process.

HTTP Methods

API Gateway support most of the http methods, including: POST, PUT, GET, DELETE, HEAD, OPTIONS, PATCH.

Stages — Environments

API Gateway allows you to create multiple stages that will help you organize your deployments, you can use the classic structure comprised of DEV, UAT/QA, PROD. You can also use the stages for versioning of your environments.

Scalability ( API Gateway + Lambda )

If you want to build a robust and scalable backend you should consider combining the API Gateway and Lambda services. Lambda allows you to run code in Amazon and be charged by the time the code runs ( measured in increment of 100 milliseconds ) and the memory the execution uses. You don’t need to worry about scaling your code, AWS will run your code every time is invoked and allocate the memory and processing needed for you.

Lambda allows you to deploy code developed in nodejs or Java. Your code needs to be stateless in order to run in Lambda, following the paradigm of microservices — service oriented architecture.

Security ( API Gateway + Lambda + Cognito)

For Authentication and Authorization you can leverage Cognito


If you would like to learn more about scalable and server-less backend development, come to one of our AWS Meetups! I will be presenting on this topic in Miami tomorrow at Rokk3Labs, please RSVP here. I will also be presenting in Orlando next week at the Iron Yard, you can RSVP here too. Hope to see familiar and new faces at both meetups!


Topics: API, API Gateway, Cloud/IoT, Cognito, DELETE, DEV, GET, HEAD, Lambda, OPTIONS, PATCH, POST, PROD, PUT, Solutions, UAT/QA

Written by Cesar Gonzalez

Subscribe to the Riptide Learning Blog

eLearning Learning