Overview
- HTTP API are lighter weight, faster and cheaper but lack the features of REST APIs.
- HTTP APIs are designed for low-latency, cost-effective integrations with AWS services, including AWS Lambda, and HTTP endpoints
- HTTP APIs support OIDC and OAuth 2.0 authorization, and come with built-in support for CORS and automatic deployments.
The following outlines the similarities and differences between these two API types used in Amazon API Gateway
Common Features
- API Types: Regional
- Security: MTLS Authentication
- Authorizers: IAM, AWS Cognito, AWS Lambda
- Integrations: HTTP, Lamdba, AWS Services, Private Integration
- API Management: Custom Domain Names
- Development: Request Transfromation, CORS configuration
- Monitoring: Access logs to Amazon CloudWatch Logs, Amazon CloudWatch metrics
HTTP API Only Features
- Authorizers – Native OpenID Connect and OAuth 2.0
- Development: Automatic deployments, default stage, default route
REST API Only Features
- API Types: Edge-optimized, Private
- Integrations: Mock
- Security: AWS WAF, certificates for back end access, resource policies
- API Management:Usage Plans, API Keys
- Development: API caching, Request/response validation, test invocation, custom gateway responses
- Integrations: Mock
- API Management:Usage Plans, API Keys
- Development: API caching, Request/response validation, test invocation, custom gateway responses
- Monitoring: Access logs to Amazon Kinesis Data Firehose, Execution logs, AWS X-Ray
