What is the difference between REST API and HTTP API in API Gateway?

HTTP APIs are newer, lower-latency, and cost less for many Lambda integrations. REST APIs offer the broadest feature set including API keys, usage plans, request validation, and some edge cases like private REST integrations. Choose HTTP API for most new public APIs; use REST API when you need a specific capability only available there.

How does API Gateway integrate with AWS Lambda?

API Gateway invokes Lambda synchronously for HTTP methods mapped to Lambda proxy or non-proxy integrations. Lambda proxy passes the full request as an event object and expects a structured response including status code, headers, and body.

What controls throttling on Amazon API Gateway?

Account-level and per-stage limits apply, and you can configure burst and steady-state rate limits. Usage plans and API keys can throttle specific clients. Lambda concurrency and downstream systems often become the real bottleneck before API Gateway limits.

AWS service guide // Integration & APIs

AMAZON API
GATEWAY

Fully managed front door for REST, HTTP, and WebSocket APIs. Offload TLS, authentication, throttling, and request routing so backends stay focused on business logic.

design --edge api-gateway --integrations lambda,vpc,http
> Model stages, authorizers, and quotas before production traffic
> Align latency budgets with Lambda and VPC link capacity

Why teams use it

Single entry point for microservices

API Gateway sits between clients and compute (Lambda, ECS, EC2), other AWS APIs, or HTTP backends. It standardizes auth, logging, and traffic shaping—critical when many services evolve on different release cycles.

This guide covers API types, integration patterns, security, throttling, observability, and cost signals teams model in pinpole before changing live configurations.

Deep dive

What is Amazon API Gateway?

Amazon API Gateway is a regional AWS service that publishes APIs at scale. You define routes (REST/HTTP) or routes and connections (WebSocket), attach integrations that run your code or call backends, and deploy to stages such as dev, staging, and prod. It integrates natively with AWS Lambda, Application Load Balancer, HTTP endpoints, and AWS services (for example DynamoDB via direct integration in supported designs).

REST API vs HTTP API vs WebSocket API

API type	Best for	Notes
HTTP API	New public APIs, Lambda backends, JWT authorizers	Lower latency and cost for many workloads; fewer legacy knobs than REST.
REST API	Usage plans & API keys, request validation, private integrations	Broadest feature surface; use when you need a specific capability.
WebSocket API	Stateful bidirectional streams, collaboration, fan-out	Routes and integrations differ from HTTP; manage connection lifecycle explicitly.

Integration patterns

Lambda proxy integration

The most common pattern maps an entire method to one Lambda. The function receives a normalized event (path, query, headers, body) and returns status code, headers, and body—ideal for BFFs and micro-APIs.

HTTP proxy and private integrations

Forward requests to existing HTTP services or to resources inside a VPC via VPC link (Network Load Balancer). Essential for strangling monoliths or connecting to private microservices without exposing them publicly.

Mock integrations

Return fixed responses for health checks, contract testing, or gradual rollouts while backends catch up—useful in simulation and canary planning.

Security and access control

API Gateway supports IAM signing (SigV4) for machine-to-machine calls, Amazon Cognito user pools or JWT authorizers for OAuth/OIDC flows, and Lambda authorizers for custom token or policy logic. Combine with resource policies to restrict invokers by IP or account. For public internet exposure, always terminate TLS at the edge and avoid embedding secrets in client apps—prefer short-lived tokens.

Throttling, quotas, and reliability

Each stage can enforce rate and burst limits. Usage plans tie API keys to quotas for partners or tiers. In practice, Lambda concurrency, downstream database connection pools, or NLB targets often limit throughput before API Gateway does—capacity planning should include end-to-end chains, not just API limits.

Observability

Enable access logging to capture request identifiers, latency, and integration status. Use Amazon CloudWatch metrics for 4xx/5xx, integration latency, and cache hits. For distributed traces, integrate with AWS X-Ray where supported so you can see API Gateway alongside Lambda and downstream calls.

Pricing signals

Billing typically includes API calls, optional data transfer, and—for REST APIs—caching if enabled. HTTP APIs often reduce cost for high-volume Lambda-backed APIs. WebSocket charges include message volume and connection minutes. Treat pricing as a function of call volume × regions × caching—model growth scenarios before committing to cache tiers or multi-region patterns.

How Pinpole fits

Pinpole helps teams visualize API Gateway alongside Lambda, VPC links, and data stores, then simulate traffic and configuration choices to surface latency and failure modes before deployment. Use this page as reference architecture context; map your own routes and stages in the canvas to stress-test assumptions.

Simulation focus

Design gates

Auth path — JWT vs Lambda authorizer latency and cache TTL.
VPC link — NLB target health and cold paths to private services.
Stage strategy — Separate throttling and logging per environment.
Error budget — 4xx from bad clients vs 5xx from integrations.

Quick reference

Core concepts

Resource / route — URL path and HTTP method (or WebSocket route key).
Integration — Backend that fulfills the request.
Deployment & stage — Immutable snapshot and named environment.
Authorizer — Pre-request auth decision.

polesim checklist --service api-gateway
> CORS, auth, throttle, logs, alarms, dashboards

Next step

Model this architecture in Pinpole

Connect API Gateway to your compute and data layers on the canvas, run simulations, and compare configurations before you ship to production.

Open platform Book demo

AMAZON API GATEWAY