API Gateway

Before we discuss API Gateway, let’s take a moment to discuss REST APIs and HTTP requests. REST is an interface specification which can be applied to the architecture of application-layer systems. In a REST API, the client sends HTTP requests, and the server replies with HTTP responses.

HTTP requests have three components: a method, headers, and an optional message body. Examples of request methods include GET, and POST. Headers and the message body contain the information which is transmitted as part of the request or response.


API Gateway presents you with four configuration options:

  • WebSocket API
  • REST API (Private)

It’s interesting that API Gateway makes a distinction between HTTP APIs and REST APIs, because REST is an interface specification and HTTP is a data transmission protocol. That is to say, all REST APIs will incorporate HTTP requests. However, all HTTP requests are not necessarily part of a RESTful interface.

Semantics aside, it seems that the HTTP option requires less setup. It also seems that the HTTP option is a more recent feature with less documentation.

Creating a Method

Once you have created the API, you will need to create a method. Methods are associated with resoures (paths) in API Gateway. Your API might have several resources, for example, cats, dogs and mice. Each resource will have a different path - for example, the cats resource might have the path /cats, dogs would have the path /dogs and so on. In the console, you can create methods for each of your resources. In the GIF below, I create a POST method for the root resource, at the root path, /.

SES Verify Email

Lambda Function Integration

Before you save your method, you’ll need to associate the method with some code. One common configuration is associating a method with a Lambda function, so that the API call triggers the Lambda function.

API Gateway offers the option of transforming the data in our request before invoking the Lambda function. In our case, we don’t need to perform any transformation, and we can simply forward the request to the Lambda function. For this reason, we want to make this integration a Lambda proxy integration. Proxy integrations do not transform requests or responses between the client and the Lambda function.

API Gateway Lambda Proxy Integration


CORS is a protocol that governs how endpoints respond to requests from other websites. In particular, CORS is going to verify the presence of three headers in the API’s response: Access-Control-Allow-Headers, Access-Control-Allow-Origin, and Access-Control-Allow-Methods.

Many browsers will make a preflight request before issuing a CORS request, to ensure that the server is aware of CORS. The preflight request is an OPTIONS request, and the browser will verify the response before issuing the POST request. If the server issues an incomplete or missing response to the OPTIONS request, the browser will skip the POST request.

Use the AWS Console to enable CORS. Select the Resources pane. Within the Actions menu, select the option Enable CORS. You’ll need to add the header authtoken to the list of Access-Control-Allow-Headers. You will also be able to see that there are two Access-Control-Allow-Methods: POST, and OPTIONS. The CORS wizard is going to add the OPTIONS resource for us, so that our API can fulfill the preflight request.

API Gateway CORS