Choose between REST APIs and HTTP APIs - Amazon API Gateway
Endpoint typeSecurityAuthorizationAPI managementDevelopmentMonitoringIntegrations

Choose between REST APIs and HTTP APIs

REST APIs and HTTP APIs are both RESTful API products. REST APIs support more features than HTTP APIs, while HTTP APIs are designed with minimal features so that they can be offered at a lower price. Choose REST APIs if you need features such as API keys, per-client throttling, request validation, AWS WAF integration, or private API endpoints. Choose HTTP APIs if you don't need the features included with REST APIs.

The following sections summarize core features that are available in REST APIs and HTTP APIs. When necessary, additional links are provided to navigate between the REST API and HTTP API sections of the API Gateway Developer Guide.

Endpoint type

The endpoint type refers to the endpoint that API Gateway creates for your API. For more information, see API endpoint types for REST APIs in API Gateway.

Endpoint types REST API HTTP API

Edge-optimized

Yes

No

Regional

Yes

Yes

Private

Yes

No

Security

API Gateway provides a number of ways to protect your API from certain threats, like malicious actors or spikes in traffic. To learn more, see Protect your REST APIs in API Gateway and Protect your HTTP APIs in API Gateway.

Security features REST API HTTP API

Mutual TLS authentication

Yes

Yes

Certificates for backend authentication

Yes

No

AWS WAF

Yes

No

Authorization

API Gateway supports multiple mechanisms for controlling and managing access to your API. For more information, see Control and manage access to REST APIs in API Gateway and Control and manage access to HTTP APIs in API Gateway.

Authorization options REST API HTTP API

IAM

Yes

Yes

Resource policies

Yes

No

Amazon Cognito

Yes

Yes 1

Custom authorization with an AWS Lambda function

Yes

Yes

JSON Web Token (JWT) 2

No

Yes

1 You can use Amazon Cognito with a JWT authorizer.

2 You can use a Lambda authorizer to validate JWTs for REST APIs.

API management

Choose REST APIs if you need API management capabilities such as API keys and per-client rate limiting. For more information, see Distribute your REST APIs to clients in API Gateway, Custom domain name for REST APIs in API Gateway, and Custom domain names for HTTP APIs in API Gateway.

Features REST API HTTP API

Custom domains

Yes

Yes

API keys

Yes

No

Per-client rate limiting

Yes

No

Per-client usage throttling

Yes

No

Development

As you're developing your API Gateway API, you decide on a number of characteristics of your API. These characteristics depend on the use case of your API. For more information see Develop REST APIs in API Gateway and Develop HTTP APIs in API Gateway.

Features REST API HTTP API

CORS configuration

Yes

Yes

Test invocations

Yes

No

Caching

Yes

No

User-controlled deployments

Yes

Yes

Automatic deployments

No

Yes

Custom gateway responses

Yes

No

Canary release deployments

Yes

No

Request validation

Yes

No

Request parameter transformation

Yes

Yes

Request body transformation

Yes

No

Monitoring

API Gateway supports several options to log API requests and monitor your APIs. For more information, see Monitor REST APIs in API Gateway and Monitor HTTP APIs in API Gateway.

Feature REST API HTTP API

Amazon CloudWatch metrics

Yes

Yes

Access logs to CloudWatch Logs

Yes

Yes

Access logs to Amazon Data Firehose

Yes

No

Execution logs

Yes

No

AWS X-Ray tracing

Yes

No

Integrations

Integrations connect your API Gateway API to backend resources. For more information, see Integrations for REST APIs in API Gateway and Create integrations for HTTP APIs in API Gateway.

Feature REST API HTTP API

Public HTTP endpoints

Yes

Yes

AWS services

Yes

Yes

AWS Lambda functions

Yes

Yes

Private integrations with Network Load Balancers

Yes

Yes

Private integrations with Application Load Balancers

No

Yes

Private integrations with AWS Cloud Map

No

Yes

Mock integrations

Yes

No