Mastering API Development with Amazon API Gateway

This guide covers the core skills required to create, extend, and maintain robust APIs on AWS, specifically focusing on Amazon API Gateway and the transformation of request/response data.

Learning Objectives

After studying this guide, you should be able to:

Configure Request/Response transformations using Mapping Templates.
Implement Validation Rules at the API Gateway level to reduce backend load.
Override Status Codes to handle business logic errors or mock responses.
Distinguish between Proxy and Non-Proxy (Custom) integration types.
Manage API lifecycles using Stages and Stage Variables.

Key Terms & Glossary

VTL (Velocity Template Language): The engine used by API Gateway to transform JSON payloads between the client and the backend.
Mapping Template: A script that defines how to map data from a method request to an integration request (and vice versa).
Integration Type: The method by which API Gateway communicates with the backend (e.g., Lambda, HTTP, AWS Service).
Throttling: Limiting the number of requests per second (RPS) to prevent backend exhaustion.
Payload Validation: A feature that allows API Gateway to check if a request body matches a predefined JSON Schema before hitting the backend.

The "Big Idea"

Amazon API Gateway acts as the "front door" for your applications. Its power lies in its ability to decouple the Client Interface from the Backend Logic. By using transformations and validation rules, you can maintain a consistent API for your users even if your backend services change or return non-standard data. It transforms API Gateway from a simple proxy into a sophisticated mediation layer.

Formula / Concept Box

Concept	Rule / Behavior
Lambda Proxy Integration	No mapping templates; the entire request is passed to Lambda. Lambda must return a specific JSON format.
Custom Integration	Requires mapping templates; gives full control over transformations and status codes.
Standard Throttling	10,000 requests per second (RPS) with a 5,000 burst limit (Account-wide, Regional).
Default Status Code	Typically `200 OK` unless an error is caught or explicitly overridden in the Integration Response.

Hierarchical Outline

API Integration Types
- Proxy (AWS_PROXY / HTTP_PROXY): "Pass-through" mode. Low configuration, high flexibility for the backend.
- Custom (AWS / HTTP): Use for Request/Response Transformation. High configuration.
Request Transformation & Validation
- Mapping Templates: Using VTL to rename fields or change data types.
- Request Validators: Enforcing body schemas and required header/query parameters.
Response Management
- Integration Response: Mapping backend output to Method Responses.
- Status Code Overriding: Using Regex to match backend errors to 4xx or 5xx codes.
Lifecycle & Deployment
- Stages: Logical environments (e.g., dev, prod).
- Stage Variables: Environment-specific keys (e.g., ${stageVariables.lambdaAlias}).

Visual Anchors

API Gateway Request Flow

Loading Diagram...

Mapping Logic (TikZ)

\begin{tikzpicture}[node distance=2cm] \node (client) [rectangle, draw, fill=blue!10] {Client JSON}; \node (map) [diamond, draw, fill=yellow!20, right of=client, xshift=1.5cm] {VTL Mapping}; \node (backend) [rectangle, draw, fill=green!10, right of=map, xshift=1.5cm] {Backend XML};

\draw[->, thick] (client) -- (map) node[midway, above] {Request}; \draw[->, thick] (map) -- (backend) node[midway, above] {Transform}; \draw[->, dashed] (backend.south) -- ++(0,-1) -- ++(-7,0) -- (client.south) node[midway, above] {Response Cycle}; \end{tikzpicture}

Definition-Example Pairs

Request Transformation: The process of modifying an incoming payload to fit the backend requirements.
- Example: A mobile app sends { "uid": 123 } but your legacy backend requires { "user_id": 123 }. You use a VTL template to rename the key.
Status Code Overriding: Changing the HTTP status code returned by the backend before it reaches the client.
- Example: Your Lambda function returns a string "Not Found". You configure the Integration Response to catch this string and return a 404 status code instead of a 200.
Payload Validation: Rejecting invalid data at the edge.
- Example: You define a JSON schema requiring an "email" field. If a client sends a request without it, API Gateway returns a 400 Bad Request without ever invoking the Lambda function, saving cost.

Worked Examples

Example 1: Basic VTL Mapping

Scenario: A backend expects a username field, but the client provides login.

Solution (VTL Template):

json

{
    "username": "$input.path('$.login')",
    "environment": "$stageVariables.envName"
}

Note: $input.path('$.login') extracts the value from the incoming JSON.

Example 2: Handling Errors (Regex Mapping)

Scenario: A Java backend throws an IllegalArgumentException and you want the client to see a 400 code.

Lambda Output: Error: IllegalArgumentException: Invalid ID
Integration Response Configuration:
- Lambda Error Regex: .*IllegalArgumentException.*
- Method Response Status: 400

Checkpoint Questions

Which integration type requires you to configure Mapping Templates for both requests and responses?
- Answer: Non-Proxy (Custom) integrations (AWS or HTTP).
How can you dynamically route traffic to different Lambda versions without redeploying the API?
- Answer: Use Stage Variables in the Integration Request (e.g., my-function:${stageVariables.version}).
What error code is returned when a client exceeds the configured throttling limits?
- Answer: 429 Too Many Requests.
True or False: API Gateway can validate a request body against a JSON Schema.
- Answer: True.

DVA-C02 Study Guide: Creating and Maintaining APIs