Home » API Gateway

API Gateway

by admin

AWS API Gateway helps us to develop the RESTful APIs. In some cases, especially for a B2B business, sometimes we need to expose the API’s to a few customers and restrict them on the number or the rate of API calls.

Usage plans help you to define maximum request quotas and manage request rates while sharing your API with others. API Gateway allows us to create API Keys for each of the customers.

By using Usage Plans you can control the 3 aspects to access an API:

  1. Quota
  2. Throttling
  3. API/Stage that can be accessed

Create a usage plan

  1. Go to API Gateway console and go to Usage plans on left side pane.
  2. Enter the Usage Plan name, throttling rate, quota that you want to set on the API and click on Next
    API Gateway - Create usage plan

    API Gateway – Create usage plan

  3. On next window, Associated API Stages, select the API from drop-down and then select the corresponding stage on which you want to apply usage plan. Click on Next.
  4. Now comes the API Keys part. Create a new API Key. Give Customer name and you can select Auto Generate option or provide your own Custom Key. Save it.


API Gateway - API Key

API Gateway – API Key

Now, as we have configured the usage plan with an API Key, it will start tracking the number of call if customer makes the call using the API Key. You can see the usage by going to the plan and go to API Keys tab and click on Usage.

To complete the configuration, go to the API to which you have applied the Usage plan.

Under Method Execution, set API Key Required to true, so that API can’t be invoked without the key.

Do not forget to deploy the API after making the changes.

API Gateway - Configuration

API Gateway – Configuration

Now, when calling the API, the person needs to give the API key in x-API-key header and the usage can be tracked and limited.

Thus, Usage Plans helps the business to track the API call by the customer which can be part of different plans. Also, the end customer can be billed based on the usage of the API’s. You can also control the access to the API and its resources and allow special grants to users as needed

Written by – Atin Mittal