DevLog 20250519: AWS API Gateway Note - HTTP API vs Rest API for API Type

Overview

AWS API Gateway offers two RESTful API products: REST APIs (sometimes called “V1”) and HTTP APIs (or “V2”). REST APIs provide the richest feature set - API keys, usage plans, request validation, stage variables, AWS WAF integration, private VPC endpoints, etc. - whereas HTTP APIs are a leaner, lower-cost alternative with only the most common capabilities.

Key Feature Differences

1. REST API (V1)

   • API Keys & Usage Plans: per-client throttling and quota control
   • AWS WAF Integration: attach a Web ACL directly to API stages
   • Private Endpoints: expose API only within a VPC via an interface endpoint
   • Request/Response Transformation (VTL): fine-grained mapping with Velocity Template Language
   • API Caching: TTL-based response caching at the gateway edge

2. HTTP API (V2)

   • Built-in JWT Authorizers: native OpenID Connect & OAuth 2.0 support (no Lambda custom authorizer needed)
   • Automatic CORS Handling: simple toggle in the console
   • Native Deployments: instant deployments on save, no separate “Deploy Stage” step
   • Lightweight Routing Model: direct “route” → integration mapping, instead of resource trees

Performance & Pricing

• Cost
  • HTTP APIs are up to 71% cheaper (roughly \$1.00 vs. \$3.50 per million requests).
• Latency
  • HTTP APIs deliver ~14–16% lower round-trip latency compared to REST APIs in benchmark tests.

Limitations of HTTP APIs

Because HTTP APIs trade off features for simplicity and cost, they do not support:

• Canary deployments (stage-based traffic shifting)
• Request validation against JSON schemas
• Usage plans and fine-grained per-API-key throttling
• Schema-based models and mapping templates beyond rudimentary passthrough

When to Choose Which

• Pick HTTP APIs for building simple RESTful endpoints (e.g. Lambda or HTTP backends), need OIDC/OAuth2/JWT auth, CORS, and low cost/latency.
• Pick REST APIs if require advanced governance—API keys & usage plans, VTL transformations, AWS WAF, private VPC-only access, canaries or API caching—out of the box.

References

1. https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html?utm_source=chatgpt.com "Choose between REST APIs and HTTP APIs - Amazon API Gateway"
2. https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-rest-api.html?utm_source=chatgpt.com "API Gateway REST APIs - AWS Documentation"
3. https://tofusoup429.medium.com/aws-api-gateway-rest-vs-http-ee486e561397?utm_source=chatgpt.com "AWS API Gateway REST vs HTTP - Steve Kim - Medium"
4. https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api.html?utm_source=chatgpt.com "API Gateway HTTP APIs - AWS Documentation"
5. https://www.reddit.com/r/aws/comments/weqwec/api_gateway_rest_api_vs_http_api/?utm_source=chatgpt.com "API Gateway: Rest API vs. HTTP API : r/aws - Reddit"
6. https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-overview-developer-experience.html?utm_source=chatgpt.com "API Gateway use cases - AWS Documentation"
7. https://stackoverflow.com/questions/70985715/aws-api-gateway-rest-api-vs-http-api?utm_source=chatgpt.com "AWS API Gateway: REST API vs HTTP API - Stack Overflow"
8. https://dev.to/tinystacks/api-gateway-rest-vs-http-api-what-are-the-differences-2nj?utm_source=chatgpt.com "API Gateway REST vs. HTTP API: What Are The Differences?"