Skip to main content
Serverless Development
Technology ServicesServerless · AWSAPI GatewayVirginia · US-Based

AWS API Gateway

AWS API Gateway is the managed front door for APIs on AWS. It handles request routing, authentication, throttling, caching, and transformation so that the Lambda functions or backend services behind it can focus on business logic rather than HTTP plumbing. We design API Gateway configurations that are maintainable, secure, and correctly sized for the traffic they need to handle.

REST APIHTTP APILambda IntegrationCognito AuthorizerLambda AuthorizerUsage PlansWAFTerraform

Capabilities

What we configure with API Gateway

Resources · Methods · Stages

REST API Design

REST API configuration with resource paths, HTTP methods, request and response models, and integration mappings to Lambda functions, HTTP backends, or AWS service integrations.

Low-latency · JWT auth

HTTP API (v2)

HTTP API (the newer, lower-latency, lower-cost API Gateway type) for simpler use cases: Lambda proxy integration, JWT authorizers, and CORS configuration. We choose HTTP API over REST API when the full REST API feature set is not required.

Cognito · Lambda authorizer

Authorization

API authorization via Cognito User Pool authorizers for standard JWT validation, or custom Lambda authorizers for API key validation, token introspection, and multi-tenant access control logic.

Throttling · Quotas

Usage Plans and API Keys

Usage plan configuration with per-API-key rate limits and quota enforcement. For public APIs that need to differentiate between tiers of consumers.

DDoS · Bot protection

WAF Integration

AWS WAF association with API Gateway stages to block known bad actors, rate-limit by IP, and apply managed rule groups for common web attack patterns.

DNS · TLS · Stages

Custom Domains and Stage Management

Custom domain configuration with ACM certificates and Route 53 alias records, and stage configuration for dev, staging, and production environments on the same API.

Our approach

HTTP API versus REST API

REST API is the original API Gateway type with the full feature set: request transformation, response mapping templates, API keys, usage plans, and advanced integration types. HTTP API is newer, cheaper, and lower-latency, but supports fewer features. We choose based on what the API actually needs, not on marketing messaging.

Authorizers belong at the gateway

Authentication and authorization logic that runs inside each Lambda function is duplicated, error-prone, and hard to change consistently. API Gateway authorizers centralize this at the edge so that unauthorized requests never reach the Lambda function at all.

Throttling protects downstream services

Lambda functions and the services they call have concurrency and throughput limits. API Gateway throttling configuration prevents a sudden traffic spike from consuming all Lambda concurrency and cascading into a larger system failure.

Defined as infrastructure code

API Gateway configurations are complex enough that managing them through the console reliably is difficult. We define API definitions, authorizers, stages, usage plans, and WAF associations in Terraform so that the complete API configuration is version-controlled and reproducible.

api_gateway_spec.json
type: [
"REST API",
"HTTP API (v2)"
]
integration: [
"Lambda Proxy",
"HTTP Proxy",
"AWS Service"
]
auth: [
"Cognito",
"Lambda Authorizer",
"IAM"
]
protection: [
"WAF",
"Usage Plans",
"Throttling"
]
infra: [
"Terraform",
"AWS CDK"
]
engineering: [
"Virginia, United States"
]

All engineering work is done by US-based engineers. We do not offshore any development or architecture work.

Part of our serverless practice

FAQ

Common questions

Virginia · United States

Need API Gateway expertise?

If you are designing a new API or troubleshooting an existing configuration, reach out and we will assess the setup before any work begins.