Amazon API Gateway is a fully managed service for creating HTTP and WebSocket APIs. It connects your API endpoints to backend services like AWS Lambda, replacing traditional API servers with a serverless, auto-scaling solution.
API Gateway replaces your API server with a managed service that handles routing, auth, throttling, and monitoring out of the box.
Define REST, HTTP, or WebSocket endpoints and map them to backend services. Supports path parameters, query strings, headers, and request/response transformations.
Trigger Lambda functions directly from HTTP requests. Lambda Proxy integration passes the full request payload to your function with zero configuration.
Built-in support for Amazon Cognito, Lambda custom authorizers, IAM roles, and JWT-based auth. No need to build your own auth system.
Map your own domain names with SSL certificates from AWS Certificate Manager. Use base path mappings to host multiple APIs on one domain.
Different Lambda functions serve different API endpoints. Replace individual functions transparently without affecting the rest of the API.
Rate limiting, burst control, and API keys for consumer management. Create usage plans to meter and monetize your APIs.
API Gateway sits between your API consumers and your backend services, handling the HTTP lifecycle so you don't have to run API servers.
A client sends an HTTP or WebSocket request. API Gateway validates the request, runs authorizers, and applies throttling rules.
The request is matched to an endpoint definition and forwarded to the configured backend: a Lambda function, HTTP endpoint, or AWS service.
The backend returns a response. API Gateway transforms it if needed, applies CORS headers, and sends it back to the client.
API Gateway connects directly with many AWS services, not just Lambda:
Run functions to generate API responses. The most common integration for serverless applications.
Publish notifications when API endpoints are accessed. Useful for webhooks and event fanout.
Fully managed authentication and authorization for your APIs without custom auth code.
Start state machine workflows directly from API requests for complex, multi-step operations.
Serve static content or proxy file uploads directly through API Gateway without Lambda.
Proxy requests to any public or VPC-internal HTTP service, with or without VPC Link.
The Serverless Framework uses Lambda Proxy integration to pass the full API Gateway request payload to your function. Define your API endpoints directly in serverless.yml:
service: my-api
provider:
name: aws
runtime: nodejs22.x
functions:
# REST API endpoint
getUsers:
handler: handler.getUsers
events:
- httpApi:
path: /users
method: get
# With path parameters
getUser:
handler: handler.getUser
events:
- httpApi:
path: /users/{id}
method: get
# WebSocket API
connectHandler:
handler: handler.connect
events:
- websocket: $connectThe framework handles all CloudFormation resource creation: API Gateway configuration, Lambda permissions, IAM roles, and deployment stages. It also supports custom authorizers, request validation, usage plans, and custom domain names.
AWS offers two types of API Gateway APIs. For most serverless applications, HTTP APIs are the better choice.
| Feature | REST API | HTTP API |
|---|---|---|
| Cost | $3.50 / 1M requests | $1.00 / 1M requests |
| Latency | Higher | Up to 60% lower |
| JWT auth | Via Lambda authorizer | Native support |
| Request validation | Yes | No |
| WAF integration | Yes | No |
| Usage plans / API keys | Yes | No |
| Caching | Yes | No |
| Private APIs (VPC) | Yes | No |
See our Ultimate Guide to AWS HTTP APIs for a deeper comparison.
API Gateway eliminates the need for dedicated API servers entirely. Map HTTP requests directly to Lambda functions. Each endpoint is an independent, auto-scaling unit. Combined with other AWS services, you can build fully functional web applications without maintaining a single server.
Different Lambda functions can serve different parts of your API, encapsulating functionality cleanly. You can replace the function behind any endpoint transparently without consumers noticing. This enables independent deployment and scaling of each API segment.
Authentication via Cognito or custom Lambda authorizers, without building your own auth system. Auto-generated developer portals from your API schema. CloudTrail for audit logging, CloudWatch for metrics and alarms, X-Ray for distributed tracing, all integrated out of the box.
Build real-time applications with WebSocket APIs. Map connection, disconnection, and message events to Lambda functions for in-app updates, notifications, chat, and live data streaming, all serverless and auto-scaling.
API Gateway is the right choice for most serverless APIs, but these constraints are worth understanding upfront.
API Gateway adds milliseconds to response times. For most applications this is negligible, but if you're building ultra-low-latency APIs, this overhead matters. HTTP APIs are ~60% faster than REST APIs.
As a fully managed service, AWS doesn't expose performance parameters. You can't tweak connection pooling, keep-alive settings, or buffer sizes.
Backend integrations must respond within 29 seconds. For long-running operations, use an async pattern: accept the request, return a job ID, and let the client poll for results.
Responses are capped at 10 MB (Lambda itself caps at 6 MB synchronously). For large payloads, use S3 presigned URLs.
Most teams won't hit this, but large organizations with many development teams may need multiple AWS accounts.
API Gateway pricing is based on the number of API calls, plus data transfer. HTTP APIs are significantly cheaper than REST APIs.
1M
REST API calls / month
1M
HTTP API calls / month
1M
WebSocket messages / month
| Service | Price |
|---|---|
| HTTP API calls | $1.00 – $1.17 / 1M requests |
| REST API calls | $1.51 – $3.50 / 1M requests |
| REST API caching | $0.02 – $3.80 / hour (by cache size) |
| WebSocket messages | $0.80 – $1.00 / 1M messages |
| WebSocket connection minutes | $0.25 / 1M minutes |
100M requests × $1.00/1M (HTTP API) = $100/month
100M requests × $3.50/1M (REST API) = $350/month
Plus Lambda compute costs for generating responses. Most teams save 60–70% by using HTTP APIs.
See the official API Gateway pricing page for current regional rates.
Use API Gateway whenyou're building serverless HTTP or WebSocket APIs, need managed auth and throttling, want automatic scaling without maintaining API servers, or are composing microservices behind a unified API layer.
Consider alternatives when you need ultra-low-latency request routing (consider running your own reverse proxy), want fine-grained control over HTTP processing, or are building a GraphQL API (look at AWS AppSync instead). For simple Lambda HTTP endpoints without the full feature set, Lambda Function URLs are a free, simpler option.
Common questions about Amazon API Gateway.
Deploy an API Gateway + Lambda endpoint in minutes with the Serverless Framework.