Choose between REST APIs and HTTP APIs - Amazon API Gateway
Endpoint typeSecurityAuthorizationAPI managementDevelopmentMonitoringIntegrations
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Choose between REST APIs and HTTP APIs

REST APIs and HTTP APIs are both RESTful API products. REST APIs support more features than HTTP APIs, while HTTP APIs are designed with minimal features so that they can be offered at a lower price. Choose REST APIs if you need features such as API keys, per-client throttling, request validation, Amazon WAF integration, or private API endpoints. Choose HTTP APIs if you don't need the features included with REST APIs.

The following sections summarize core features that are available in REST APIs and HTTP APIs.

Endpoint type

The endpoint type refers to the endpoint that API Gateway creates for your API. For more information, see API endpoint types for REST APIs in API Gateway.

Endpoint types REST API HTTP API

Edge-optimized

Regional

Private

Security

API Gateway provides a number of ways to protect your API from certain threats, like malicious actors or spikes in traffic. To learn more, see Protect your REST APIs in API Gateway and Protect your HTTP APIs in API Gateway.

Security features REST API HTTP API

Mutual TLS authentication

Certificates for backend authentication

Amazon WAF

Authorization

API Gateway supports multiple mechanisms for controlling and managing access to your API. For more information, see Control and manage access to REST APIs in API Gateway and Control and manage access to HTTP APIs in API Gateway.

Authorization options REST API HTTP API

IAM

Resource policies

Amazon Cognito

1

Custom authorization with an Amazon Lambda function

JSON Web Token (JWT) 2

1 You can use Amazon Cognito with a JWT authorizer.

2 You can use a Lambda authorizer to validate JWTs for REST APIs.

API management

Choose REST APIs if you need API management capabilities such as API keys and per-client rate limiting. For more information, see Distribute your REST APIs to clients in API Gateway, Custom domain name for REST APIs in API Gateway, and Custom domain names for HTTP APIs in API Gateway.

Features REST API HTTP API

Custom domains

API keys

Per-client rate limiting

Per-client usage throttling

Development

As you're developing your API Gateway API, you decide on a number of characteristics of your API. These characteristics depend on the use case of your API. For more information see Develop REST APIs in API Gateway and Develop HTTP APIs in API Gateway.

Features REST API HTTP API

CORS configuration

Test invocations

Caching

User-controlled deployments

Automatic deployments

Custom gateway responses

Canary release deployments

Request validation

Request parameter transformation

Request body transformation

Monitoring

API Gateway supports several options to log API requests and monitor your APIs. For more information, see Monitor REST APIs in API Gateway and Monitor HTTP APIs in API Gateway.

Feature REST API HTTP API

Amazon CloudWatch metrics

Access logs to CloudWatch Logs

Access logs to Amazon Data Firehose

Execution logs

Amazon X-Ray tracing

Integrations

Integrations connect your API Gateway API to backend resources. For more information, see Integrations for REST APIs in API Gateway and Create integrations for HTTP APIs in API Gateway.

Feature REST API HTTP API

Public HTTP endpoints

Amazon services

Amazon Lambda functions

Private integrations with Network Load Balancers

Private integrations with Application Load Balancers

Private integrations with Amazon Cloud Map

Mock integrations