AWS API Gateway REST APIs
Understand how to create REST APIs in API Gateway with resources, methods, mappings, usage plans, and CORS settings.
AWS API Gateway REST APIs provide the feature-rich API Gateway mode for teams that need fine-grained control over methods, transformations, and client management. For DevOps teams, it matters because they are useful when backend contracts, API keys, or request and response shaping need more than a minimal HTTP proxy. Instead of relying on one fragile manual configuration, you can design a repeatable service boundary that stays stable while the workload behind it changes.
Core ideas
The main ideas to understand are resources model URL paths and methods attach verbs such as GET, POST, PUT, and DELETE to those paths; mapping templates can transform incoming requests or outgoing responses when the backend shape differs from the public API contract; API keys and usage plans help meter and limit consumer access, especially for partner or internal platform APIs; and CORS configuration is required when browser clients need to call the API from a different origin safely. These details shape architecture decisions, but they also shape day-to-day operations. When a team chooses defaults without understanding how the service behaves under failure, scale, or security review, the platform often becomes harder to debug than the application itself.
| REST API feature | Why it matters | Typical case |
|---|---|---|
| Resources and methods | Model endpoint surface | POST /orders |
| Mapping template | Transforms payloads | Legacy backend compatibility |
| Usage plan | Rate and quota control | Partner API onboarding |
From an operations perspective, the goal is to treat mapping and usage controls as API product features rather than last-minute patches after clients are already integrated. The comparison below highlights the choices that usually matter first. It is often better to start with a simpler design and add sophistication only after metrics, incidents, or delivery requirements prove the change is necessary.
Practical commands
aws apigateway get-resources --rest-api-id a1b2c3d4
aws apigateway create-deployment --rest-api-id a1b2c3d4 --stage-name prod
aws apigateway get-usage-plans --output table
Practical CLI checks make the service easier to support in real environments. Use the commands below to inspect the current state and confirm that automation matches intent. Before you promote a change, verify OPTIONS responses, mapping template outputs, and API key enforcement so browser clients and consumers behave as expected. A safe default is keeping public contracts stable while using mappings to isolate backend refactors from clients. That discipline makes later troubleshooting, scaling, and security reviews far less painful.
Resources and methods
In an API Gateway REST API, what do resources and methods represent?
CORS
Why is CORS configuration important for browser clients?