{"id":"0bfb984d-b887-4331-9b9a-6444dfd77d9d","shortId":"EaNTQZ","kind":"skill","title":"api-gateway","tagline":"AWS API Gateway for REST and HTTP API management. Use when creating APIs, configuring integrations, setting up authorization, managing stages, implementing rate limiting, or troubleshooting API issues.","description":"# AWS API Gateway\n\nAmazon API Gateway is a fully managed service for creating, publishing, and securing APIs at any scale. Supports REST APIs, HTTP APIs, and WebSocket APIs.\n\n## Table of Contents\n\n- [Core Concepts](#core-concepts)\n- [Common Patterns](#common-patterns)\n- [CLI Reference](#cli-reference)\n- [Best Practices](#best-practices)\n- [Troubleshooting](#troubleshooting)\n- [References](#references)\n\n## Core Concepts\n\n### API Types\n\n| Type | Description | Use Case |\n|------|-------------|----------|\n| **HTTP API** | Low-latency, cost-effective | Simple APIs, Lambda proxy |\n| **REST API** | Full-featured, more control | Complex APIs, transformation |\n| **WebSocket API** | Bidirectional communication | Real-time apps, chat |\n\n### Key Components\n\n- **Resources**: URL paths (/users, /orders/{id})\n- **Methods**: HTTP verbs (GET, POST, PUT, DELETE)\n- **Integrations**: Backend connections (Lambda, HTTP, AWS services)\n- **Stages**: Deployment environments (dev, prod)\n\n### Integration Types\n\n| Type | Description |\n|------|-------------|\n| **Lambda Proxy** | Pass-through to Lambda (recommended) |\n| **Lambda Custom** | Transform request/response |\n| **HTTP Proxy** | Pass-through to HTTP endpoint |\n| **AWS Service** | Direct integration with AWS services |\n| **Mock** | Return static response |\n\n## Common Patterns\n\n### Create HTTP API with Lambda\n\n**AWS CLI:**\n\n```bash\n# Create HTTP API\naws apigatewayv2 create-api \\\n  --name my-api \\\n  --protocol-type HTTP \\\n  --target arn:aws:lambda:us-east-1:123456789012:function:MyFunction\n\n# Get API endpoint\naws apigatewayv2 get-api --api-id abc123 --query 'ApiEndpoint'\n```\n\n**SAM Template:**\n\n```yaml\nAWSTemplateFormatVersion: '2010-09-09'\nTransform: AWS::Serverless-2016-10-31\n\nResources:\n  MyApi:\n    Type: AWS::Serverless::HttpApi\n    Properties:\n      StageName: prod\n\n  MyFunction:\n    Type: AWS::Serverless::Function\n    Properties:\n      Handler: app.handler\n      Runtime: python3.12\n      Events:\n        ApiEvent:\n          Type: HttpApi\n          Properties:\n            ApiId: !Ref MyApi\n            Path: /items\n            Method: GET\n```\n\n### Create REST API with Lambda Proxy\n\n```bash\n# Create REST API\naws apigateway create-rest-api \\\n  --name my-rest-api \\\n  --endpoint-configuration types=REGIONAL\n\nAPI_ID=abc123\n\n# Get root resource ID\nROOT_ID=$(aws apigateway get-resources --rest-api-id $API_ID --query 'items[0].id' --output text)\n\n# Create resource\naws apigateway create-resource \\\n  --rest-api-id $API_ID \\\n  --parent-id $ROOT_ID \\\n  --path-part items\n\nRESOURCE_ID=xyz789\n\n# Create method\naws apigateway put-method \\\n  --rest-api-id $API_ID \\\n  --resource-id $RESOURCE_ID \\\n  --http-method GET \\\n  --authorization-type NONE\n\n# Create Lambda integration\naws apigateway put-integration \\\n  --rest-api-id $API_ID \\\n  --resource-id $RESOURCE_ID \\\n  --http-method GET \\\n  --type AWS_PROXY \\\n  --integration-http-method POST \\\n  --uri arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:123456789012:function:MyFunction/invocations\n\n# Deploy to stage\naws apigateway create-deployment \\\n  --rest-api-id $API_ID \\\n  --stage-name prod\n```\n\n### Lambda Handler for API Gateway\n\n```python\nimport json\n\ndef handler(event, context):\n    # HTTP API event\n    http_method = event.get('requestContext', {}).get('http', {}).get('method')\n    path = event.get('rawPath', '')\n    query_params = event.get('queryStringParameters', {})\n    body = event.get('body', '')\n\n    if body and event.get('isBase64Encoded'):\n        import base64\n        body = base64.b64decode(body).decode('utf-8')\n\n    # Process request\n    response_body = {'message': 'Success', 'path': path}\n\n    return {\n        'statusCode': 200,\n        'headers': {\n            'Content-Type': 'application/json'\n        },\n        'body': json.dumps(response_body)\n    }\n```\n\n### Configure CORS\n\n**HTTP API:**\n\n```bash\naws apigatewayv2 update-api \\\n  --api-id abc123 \\\n  --cors-configuration '{\n    \"AllowOrigins\": [\"https://example.com\"],\n    \"AllowMethods\": [\"GET\", \"POST\", \"PUT\", \"DELETE\"],\n    \"AllowHeaders\": [\"Content-Type\", \"Authorization\"],\n    \"MaxAge\": 86400\n  }'\n```\n\n**REST API:**\n\n```bash\n# Enable CORS on resource\naws apigateway put-method \\\n  --rest-api-id $API_ID \\\n  --resource-id $RESOURCE_ID \\\n  --http-method OPTIONS \\\n  --authorization-type NONE\n\naws apigateway put-integration \\\n  --rest-api-id $API_ID \\\n  --resource-id $RESOURCE_ID \\\n  --http-method OPTIONS \\\n  --type MOCK \\\n  --request-templates '{\"application/json\": \"{\\\"statusCode\\\": 200}\"}'\n\naws apigateway put-method-response \\\n  --rest-api-id $API_ID \\\n  --resource-id $RESOURCE_ID \\\n  --http-method OPTIONS \\\n  --status-code 200 \\\n  --response-parameters '{\n    \"method.response.header.Access-Control-Allow-Headers\": true,\n    \"method.response.header.Access-Control-Allow-Methods\": true,\n    \"method.response.header.Access-Control-Allow-Origin\": true\n  }'\n\naws apigateway put-integration-response \\\n  --rest-api-id $API_ID \\\n  --resource-id $RESOURCE_ID \\\n  --http-method OPTIONS \\\n  --status-code 200 \\\n  --response-parameters '{\n    \"method.response.header.Access-Control-Allow-Headers\": \"'\\''Content-Type,Authorization'\\''\",\n    \"method.response.header.Access-Control-Allow-Methods\": \"'\\''GET,POST,PUT,DELETE,OPTIONS'\\''\",\n    \"method.response.header.Access-Control-Allow-Origin\": \"'\\''*'\\''\"\n  }'\n```\n\n### JWT Authorization (HTTP API)\n\n```bash\naws apigatewayv2 create-authorizer \\\n  --api-id abc123 \\\n  --name jwt-authorizer \\\n  --authorizer-type JWT \\\n  --identity-source '$request.header.Authorization' \\\n  --jwt-configuration '{\n    \"Issuer\": \"https://cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123\",\n    \"Audience\": [\"client-id\"]\n  }'\n```\n\n## CLI Reference\n\n### HTTP API (apigatewayv2)\n\n| Command | Description |\n|---------|-------------|\n| `aws apigatewayv2 create-api` | Create API |\n| `aws apigatewayv2 get-apis` | List APIs |\n| `aws apigatewayv2 create-route` | Create route |\n| `aws apigatewayv2 create-integration` | Create integration |\n| `aws apigatewayv2 create-stage` | Create stage |\n| `aws apigatewayv2 create-authorizer` | Create authorizer |\n\n### REST API (apigateway)\n\n| Command | Description |\n|---------|-------------|\n| `aws apigateway create-rest-api` | Create API |\n| `aws apigateway get-rest-apis` | List APIs |\n| `aws apigateway create-resource` | Create resource |\n| `aws apigateway put-method` | Create method |\n| `aws apigateway put-integration` | Create integration |\n| `aws apigateway create-deployment` | Deploy API |\n\n## Best Practices\n\n### Performance\n\n- **Use HTTP APIs** for simple use cases (70% cheaper, lower latency)\n- **Enable caching** for REST APIs\n- **Use regional endpoints** unless global distribution needed\n- **Implement pagination** for list endpoints\n\n### Security\n\n- **Use authorization** on all endpoints\n- **Enable WAF** for REST APIs\n- **Use API keys** for rate limiting (not authentication)\n- **Enable access logging**\n- **Use HTTPS only**\n\n### Reliability\n\n- **Set up throttling** to protect backends\n- **Configure timeout** appropriately\n- **Use canary deployments** for updates\n- **Monitor with CloudWatch**\n\n## Troubleshooting\n\n### 403 Forbidden\n\n**Causes:**\n- Missing authorization\n- Invalid API key\n- WAF blocking\n- Resource policy denying\n\n**Debug:**\n\n```bash\n# Check API key\naws apigateway get-api-key --api-key abc123 --include-value\n\n# Check authorizer\naws apigatewayv2 get-authorizer --api-id abc123 --authorizer-id xyz789\n```\n\n### 502 Bad Gateway\n\n**Causes:**\n- Lambda error\n- Integration timeout\n- Invalid response format\n\n**Lambda response format:**\n\n```python\n# Correct format\nreturn {\n    'statusCode': 200,\n    'headers': {'Content-Type': 'application/json'},\n    'body': json.dumps({'message': 'success'})\n}\n\n# Wrong - missing statusCode\nreturn {'message': 'success'}\n```\n\n### 504 Gateway Timeout\n\n**Causes:**\n- Backend timeout (Lambda max 29 seconds for REST API)\n- Integration timeout too short\n\n**Solutions:**\n- Increase Lambda timeout\n- Use async processing for long operations\n- Increase integration timeout (max 29s for REST, 30s for HTTP)\n\n### CORS Errors\n\n**Debug:**\n- Check OPTIONS method exists\n- Verify headers in response\n- Check origin matches allowed origins\n\n## References\n\n- [API Gateway Developer Guide](https://docs.aws.amazon.com/apigateway/latest/developerguide/)\n- [API Gateway REST API Reference](https://docs.aws.amazon.com/apigateway/latest/api/)\n- [API Gateway CLI Reference](https://docs.aws.amazon.com/cli/latest/reference/apigateway/)\n- [boto3 API Gateway](https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/apigateway.html)","tags":["api","gateway","aws","agent","skills","itsmostafa","agent-skills","agentic-ai","claude-code","claude-skills","codex","coding-agents"],"capabilities":["skill","source-itsmostafa","skill-api-gateway","topic-agent-skills","topic-agentic-ai","topic-aws","topic-claude-code","topic-claude-skills","topic-codex","topic-coding-agents"],"categories":["aws-agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/itsmostafa/aws-agent-skills/api-gateway","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add itsmostafa/aws-agent-skills","source_repo":"https://github.com/itsmostafa/aws-agent-skills","install_from":"skills.sh"}},"qualityScore":"0.700","qualityRationale":"deterministic score 0.70 from registry signals: · indexed on github topic:agent-skills · 1085 github stars · SKILL.md body (8,603 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-03T00:52:58.043Z","embedding":null,"createdAt":"2026-04-18T21:55:35.578Z","updatedAt":"2026-05-03T00:52:58.043Z","lastSeenAt":"2026-05-03T00:52:58.043Z","tsv":"'-09':243,244 '-10':249 '-2016':248 '-31':250 '-8':498 '/apigateway/latest/api/)':1066 '/apigateway/latest/developerguide/)':1058 '/cli/latest/reference/apigateway/)':1073 '/items':279 '/orders':131 '/us-east-1_abc123':739 '/users':130 '/v1/documentation/api/latest/reference/services/apigateway.html)':1079 '0':330 '1':220,423,431 '123456789012':221,432 '200':509,608,633,679,982 '2010':242 '29':1006 '29s':1029 '30s':1032 '403':917 '502':963 '504':998 '70':852 '86400':549 'abc123':235,310,532,720,944,958 'access':893 'allow':640,646,652,686,695,705,1049 'allowhead':543 'allowmethod':538 'alloworigin':536 'amazon':34 'api':2,5,11,16,29,32,35,47,53,55,58,88,95,103,107,114,117,191,199,204,208,225,231,233,284,291,297,302,308,324,326,343,345,368,370,395,397,445,447,456,466,522,528,530,551,564,566,588,590,617,619,663,665,710,718,747,755,757,762,764,794,803,805,811,813,841,847,860,883,885,923,933,939,942,956,1010,1052,1059,1062,1067,1075 'api-gateway':1 'api-id':232,529,717,955 'api-key':941 'apiendpoint':237 'apiev':271 'apigateway':293,318,337,362,389,419,439,558,582,610,656,795,799,807,815,822,829,836,936 'apigatewayv2':201,228,525,713,748,752,759,766,773,780,787,951 'apiid':275 'app':123 'app.handler':267 'application/json':514,606,987 'appropri':907 'arn':214,417 'async':1020 'audienc':740 'authent':891 'author':21,382,547,578,691,708,716,724,726,790,792,875,921,949,954,960 'authorization-typ':381,577 'authorizer-id':959 'authorizer-typ':725 'aw':4,31,145,176,181,194,200,215,227,246,254,262,292,317,336,361,388,409,418,426,438,524,557,581,609,655,712,751,758,765,772,779,786,798,806,814,821,828,835,935,950 'awstemplateformatvers':241 'backend':141,904,1002 'bad':964 'base64':492 'base64.b64decode':494 'bash':196,288,523,552,711,931 'best':77,80,842 'best-practic':79 'bidirect':118 'block':926 'bodi':483,485,487,493,495,502,515,518,988 'boto3':1074 'boto3.amazonaws.com':1078 'boto3.amazonaws.com/v1/documentation/api/latest/reference/services/apigateway.html)':1077 'cach':857 'canari':909 'case':93,851 'caus':919,966,1001 'chat':124 'cheaper':853 'check':932,948,1038,1046 'cli':72,75,195,744,1069 'cli-refer':74 'client':742 'client-id':741 'cloudwatch':915 'code':632,678 'cognito-idp.us-east-1.amazonaws.com':738 'cognito-idp.us-east-1.amazonaws.com/us-east-1_abc123':737 'command':749,796 'common':67,70,187 'common-pattern':69 'communic':119 'complex':113 'compon':126 'concept':63,66,87 'configur':17,305,519,535,735,905 'connect':142 'content':61,512,545,689,985 'content-typ':511,544,688,984 'context':464 'control':112,639,645,651,685,694,704 'control-allow-head':638,684 'control-allow-method':644,693 'control-allow-origin':650,703 'cor':520,534,554,1035 'core':62,65,86 'core-concept':64 'correct':978 'cors-configur':533 'cost':100 'cost-effect':99 'creat':15,43,189,197,203,282,289,295,334,339,359,385,441,715,754,756,768,770,775,777,782,784,789,791,801,804,817,819,826,833,838 'create-api':202,753 'create-author':714,788 'create-deploy':440,837 'create-integr':774 'create-resourc':338,816 'create-rest-api':294,800 'create-rout':767 'create-stag':781 'custom':165 'debug':930,1037 'decod':496 'def':461 'delet':139,542,700 'deni':929 'deploy':148,435,442,839,840,910 'descript':91,155,750,797 'dev':150 'develop':1054 'direct':178 'distribut':866 'docs.aws.amazon.com':1057,1065,1072 'docs.aws.amazon.com/apigateway/latest/api/)':1064 'docs.aws.amazon.com/apigateway/latest/developerguide/)':1056 'docs.aws.amazon.com/cli/latest/reference/apigateway/)':1071 'east':219,422,430 'effect':101 'enabl':553,856,879,892 'endpoint':175,226,304,863,872,878 'endpoint-configur':303 'environ':149 'error':968,1036 'event':270,463,467 'event.get':470,477,481,484,489 'example.com':537 'exist':1041 'featur':110 'forbidden':918 'format':973,976,979 'full':109 'full-featur':108 'fulli':39 'function':222,264,433 'gateway':3,6,33,36,457,965,999,1053,1060,1068,1076 'get':136,224,230,281,311,320,380,407,472,474,539,697,761,809,938,953 'get-api':229,760 'get-api-key':937 'get-author':952 'get-resourc':319 'get-rest-api':808 'global':865 'guid':1055 'handler':266,454,462 'header':510,641,687,983,1043 'http':10,54,94,134,144,168,174,190,198,212,378,405,413,465,468,473,521,574,598,627,673,709,746,846,1034 'http-method':377,404,573,597,626,672 'httpapi':256,273 'https':896 'id':132,234,309,314,316,325,327,331,344,346,349,351,357,369,371,374,376,396,398,401,403,446,448,531,565,567,570,572,589,591,594,596,618,620,623,625,664,666,669,671,719,743,957,961 'ident':730 'identity-sourc':729 'implement':24,868 'import':459,491 'includ':946 'include-valu':945 'increas':1016,1025 'integr':18,140,152,179,387,392,412,585,659,776,778,832,834,969,1011,1026 'integration-http-method':411 'invalid':922,971 'isbase64encoded':490 'issu':30 'issuer':736 'item':329,355 'json':460 'json.dumps':516,989 'jwt':707,723,728,734 'jwt-author':722 'jwt-configur':733 'key':125,886,924,934,940,943 'lambda':104,143,156,162,164,193,216,286,386,424,427,453,967,974,1004,1017 'latenc':98,855 'limit':26,889 'list':763,812,871 'log':894 'long':1023 'low':97 'low-lat':96 'lower':854 'manag':12,22,40 'match':1048 'max':1005,1028 'maxag':548 'messag':503,990,996 'method':133,280,360,365,379,406,414,469,475,561,575,599,613,628,647,674,696,825,827,1040 'method.response.header.access':637,643,649,683,692,702 'miss':920,993 'mock':183,602 'monitor':913 'my-api':206 'my-rest-api':299 'myapi':252,277 'myfunct':223,260 'myfunction/invocations':434 'name':205,298,451,721 'need':867 'none':384,580 'oper':1024 'option':576,600,629,675,701,1039 'origin':653,706,1047,1050 'output':332 'pagin':869 'param':480 'paramet':636,682 'parent':348 'parent-id':347 'part':354 'pass':159,171 'pass-through':158,170 'path':129,278,353,476,505,506 'path-part':352 'path/2015-03-31/functions/arn':425 'pattern':68,71,188 'perform':844 'polici':928 'post':137,415,540,698 'practic':78,81,843 'process':499,1021 'prod':151,259,452 'properti':257,265,274 'protect':903 'protocol':210 'protocol-typ':209 'proxi':105,157,169,287,410 'publish':44 'put':138,364,391,541,560,584,612,658,699,824,831 'put-integr':390,583,830 'put-integration-respons':657 'put-method':363,559,823 'put-method-respons':611 'python':458,977 'python3.12':269 'queri':236,328,479 'querystringparamet':482 'rate':25,888 'rawpath':478 'real':121 'real-tim':120 'recommend':163 'ref':276 'refer':73,76,84,85,745,1051,1063,1070 'region':307,862 'reliabl':898 'request':500,604 'request-templ':603 'request.header.authorization':732 'request/response':167 'requestcontext':471 'resourc':127,251,313,321,335,340,356,373,375,400,402,556,569,571,593,595,622,624,668,670,818,820,927 'resource-id':372,399,568,592,621,667 'respons':186,501,517,614,635,660,681,972,975,1045 'response-paramet':634,680 'rest':8,52,106,283,290,296,301,323,342,367,394,444,550,563,587,616,662,793,802,810,859,882,1009,1031,1061 'rest-api-id':322,341,366,393,443,562,586,615,661 'return':184,507,980,995 'root':312,315,350 'rout':769,771 'runtim':268 'sam':238 'scale':50 'second':1007 'secur':46,873 'serverless':247,255,263 'servic':41,146,177,182 'set':19,899 'short':1014 'simpl':102,849 'skill' 'skill-api-gateway' 'solut':1015 'sourc':731 'source-itsmostafa' 'stage':23,147,437,450,783,785 'stage-nam':449 'stagenam':258 'static':185 'status':631,677 'status-cod':630,676 'statuscod':508,607,981,994 'success':504,991,997 'support':51 'tabl':59 'target':213 'templat':239,605 'text':333 'throttl':901 'time':122 'timeout':906,970,1000,1003,1012,1018,1027 'topic-agent-skills' 'topic-agentic-ai' 'topic-aws' 'topic-claude-code' 'topic-claude-skills' 'topic-codex' 'topic-coding-agents' 'transform':115,166,245 'troubleshoot':28,82,83,916 'true':642,648,654 'type':89,90,153,154,211,253,261,272,306,383,408,513,546,579,601,690,727,986 'unless':864 'updat':527,912 'update-api':526 'uri':416 'url':128 'us':218,421,429 'us-east':217,420,428 'use':13,92,845,850,861,874,884,895,908,1019 'utf':497 'valu':947 'verb':135 'verifi':1042 'waf':880,925 'websocket':57,116 'wrong':992 'xyz789':358,962 'yaml':240","prices":[{"id":"7f32c91e-f6c0-46b1-b068-1c6ba36c8819","listingId":"0bfb984d-b887-4331-9b9a-6444dfd77d9d","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"itsmostafa","category":"aws-agent-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T21:55:35.578Z"}],"sources":[{"listingId":"0bfb984d-b887-4331-9b9a-6444dfd77d9d","source":"github","sourceId":"itsmostafa/aws-agent-skills/api-gateway","sourceUrl":"https://github.com/itsmostafa/aws-agent-skills/tree/main/skills/api-gateway","isPrimary":false,"firstSeenAt":"2026-04-18T21:55:35.578Z","lastSeenAt":"2026-05-03T00:52:58.043Z"}],"details":{"listingId":"0bfb984d-b887-4331-9b9a-6444dfd77d9d","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"itsmostafa","slug":"api-gateway","github":{"repo":"itsmostafa/aws-agent-skills","stars":1085,"topics":["agent-skills","agentic-ai","aws","claude-code","claude-skills","codex","coding-agents"],"license":"mit","html_url":"https://github.com/itsmostafa/aws-agent-skills","pushed_at":"2026-04-27T09:45:24Z","description":"AWS Skills for Agents","skill_md_sha":"dacae2c8d54fc54c597f98c15f7701439f2fbcdc","skill_md_path":"skills/api-gateway/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/itsmostafa/aws-agent-skills/tree/main/skills/api-gateway"},"layout":"multi","source":"github","category":"aws-agent-skills","frontmatter":{"name":"api-gateway","description":"AWS API Gateway for REST and HTTP API management. Use when creating APIs, configuring integrations, setting up authorization, managing stages, implementing rate limiting, or troubleshooting API issues."},"skills_sh_url":"https://skills.sh/itsmostafa/aws-agent-skills/api-gateway"},"updatedAt":"2026-05-03T00:52:58.043Z"}}