# Amazon API Gateway quotas
The following quotas apply for all Amazon API Gateway API types.
## API Gateway account-level quotas, per Region
The following quotas apply per account, per Region in Amazon API Gateway.
| Resource or operation | Default quota | Can be increased |
| --- | --- | --- |
| Throttle quota per account, per Region across HTTP APIs, REST APIs, WebSocket APIs, and WebSocket callback APIs | 10,000 requests per second (RPS) with an additional burst capacity provided by the [token bucket algorithm](https://en.wikipedia.org/wiki/Token_bucket), using a maximum bucket capacity of 5,000 requests. \$1 The burst quota is determined by the API Gateway service team based on the overall RPS quota for the account in the Region. It is not a quota that a customer can control or request changes to. | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-8A5B8E43) |
| Throttle quota without access control per account per Region for a portal | 250,000 requests per second | No |
| Throttle quota with access control per account per Region for a portal | 10,000 requests per second | No |
\$1 For the following Regions, the default throttle quota is 2500 RPS and the default burst quota is 1250 RPS: Africa (Cape Town), Europe (Milan), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich), Israel (Tel Aviv), Canada West (Calgary), Asia Pacific (Malaysia), Asia Pacific (Thailand), and Mexico (Central).
## API Gateway quotas for creating, deploying and managing an API
The following fixed quotas apply to creating, deploying, and managing an API in API Gateway, using the AWS CLI, the API Gateway console, or the API Gateway REST API and its SDKs. These quotas can't be increased.
| Action | Default quota | Can be increased |
| --- | --- | --- |
| [CreateApiKey](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateApiKey.html) | 5 requests per second per account | No |
| [CreateDeployment](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateDeployment.html) | 1 request every 5 seconds per account | No |
| [CreateDocumentationVersion](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateDocumentationVersion.html) | 1 request every 20 seconds per account | No |
| [CreateDomainName](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateDomainName.html) | 1 request every 30 seconds per account | No |
| [CreateResource](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateResource.html) | 5 requests per second per account | No |
| [CreateRestApi](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateRestApi.html) for Regional or private API | 1 request every 3 seconds per account | No |
| [CreateRestApi](https://docs.aws.amazon.com/apigateway/latest/api/API_CreateRestApi.html) for edge-optimized API | 1 request every 30 seconds per account | No |
| [CreateVpcLink](https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/vpclinks.html#CreateVpcLink) (V2) | 1 request every 15 seconds per account | No |
| [DeleteApiKey](https://docs.aws.amazon.com/apigateway/latest/api/API_DeleteApiKey.html) | 5 requests per second per account | No |
| [DeleteDomainName](https://docs.aws.amazon.com/apigateway/latest/api/API_DeleteDomainName.html) | 1 request every 30 seconds per account | No |
| [DeleteResource](https://docs.aws.amazon.com/apigateway/latest/api/API_DeleteResource.html) | 5 requests per second per account | No |
| [DeleteRestApi](https://docs.aws.amazon.com/apigateway/latest/api/API_DeleteRestApi.html) | 1 request every 30 seconds per account | No |
| [GetResources](https://docs.aws.amazon.com/apigateway/latest/api/API_GetResources.html) | 5 requests every 2 seconds per account | No |
| [DeleteVpcLink](https://docs.aws.amazon.com/apigatewayv2/latest/api-reference/vpclinks.html#DeleteVpcLink) (V2) | 1 request every 30 seconds per account | No |
| [ImportDocumentationParts](https://docs.aws.amazon.com/apigateway/latest/api/API_ImportDocumentationParts.html) | 1 request every 30 seconds per account | No |
| [ImportRestApi](https://docs.aws.amazon.com/apigateway/latest/api/API_ImportRestApi.html) for Regional or private API | 1 request every 3 seconds per account | No |
| [ImportRestApi](https://docs.aws.amazon.com/apigateway/latest/api/API_ImportRestApi.html) for edge-optimized API | 1 request every 30 seconds per account | No |
| [PutRestApi](https://docs.aws.amazon.com/apigateway/latest/api/API_PutRestApi.html) | 1 request per second per account | No |
| [UpdateAccount](https://docs.aws.amazon.com/apigateway/latest/api/API_UpdateAccount.html) | 1 request every 20 seconds per account | No |
| [UpdateDomainName](https://docs.aws.amazon.com/apigateway/latest/api/API_UpdateDomainName.html) | 1 request every 30 seconds per account | No |
| [UpdateUsagePlan](https://docs.aws.amazon.com/apigateway/latest/api/API_UpdateUsagePlan.html) | 1 request every 20 seconds per account | No |
| Create Portal | 1 request every 3 seconds | No |
| Update Portal | 2 requests per minute | No |
| Get Portal | 10 requests per second | No |
| List Portals | 10 requests per second | No |
| Publish Portal | 2 requests per minute | No |
| DeletePortal | 2 requests per minute | No |
| PreviewPortal | 1 request every 3 seconds | No |
| DisablePortal | 2 requests per minute | No |
| GetPortalProduct | 10 requests per second | No |
| ListPortalProduct | 5 requests per second | No |
| CreatePortalProduct | 2 requests per second | No |
| UpdatePortalProduct | 0.5 requests per second | No |
| DeletePortalProduct | 1 request per second | No |
| PutPortalProductSharingPolicy | 1 request every 3 seconds | No |
| GetPortalProductSharingPolicy | 10 requests per second | No |
| DeletePortalProductSharingPolicy | 1 request every 3 seconds | No |
| CreateProductRestEndpointPage | 1 request every 3 seconds | No |
| GetProductRestEndpointPage | 10 requests per second | No |
| UpdateProductRestEndpointPage | 1 request every 3 seconds | No |
| DeleteProductRestEndpointPage | 1 request every 3 seconds | No |
| ListProductRestEndpointPages | 10 requests per second | No |
| CreateProductPage | 1 request every 3 seconds | No |
| GetProductPage | 10 requests per second | No |
| UpdateProductPage | 1 request every 3 seconds | No |
| DeleteProductPage | 1 request every 3 seconds | No |
| ListProductPages | 10 requests per second | No |
| Other operations | No quota up to the total account quota. | No |
| Total operations | 10 requests per second with a burst quota of 40 requests per second. | No |
# Quotas for configuring and running a REST API in API Gateway
The following quotas apply to configuring and running a REST API in Amazon API Gateway. If the quota is per-API, it can only be increased on specific APIs, not for all the APIs in an account.
For information about account-level quotas see [Amazon API Gateway quotas](limits.md).
| Resource or operation | Default quota | Can be increased |
| --- | --- | --- |
| Public custom domain names per account per Region | 120 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-A93447B8) |
| Private custom domain names per account per Region | 50 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-24E7E662) |
| Regional APIs per Region | 600 | No |
| Edge-optimized APIs per Region | 120 | No |
| Private APIs per account per Region | 600 | No |
| Domain name access associations per account | 100 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-4D98A8A5) |
| Multi-level API mappings per domain | 200 | No |
| Routing rules per domain | 50 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-68B79FF0) |
| Length, in characters, of the URL for an edge-optimized API | 8192 | No |
| Length, in characters, of the URL for a Regional API | 10240 | No |
| Length, in characters, of the URL for a private API | 8192 | No |
| Length, in characters, of API Gateway resource policy | 8192 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-8B81B02C) |
| API keys per account per Region | 10000 | No |
| Client certificates per account per Region | 60 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-824C9E42) |
| Authorizers per API (AWS Lambda and Amazon Cognito) | 10 | Yes To increase this quota, contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) |
| Documentation parts per API | 2000 | Yes To increase this quota, contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) |
| Resources per API | 300 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-01C8A9E0) |
| Stages per API | 10 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-379E48B0) |
| Stage variables per stage | 100 | No |
| Length, in characters, of the key in a stage variable | 64 | No |
| Length, in characters, of the value in a stage variable | 512 | No |
| Usage plans per account per Region | 300 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-E8693075) |
| Usage plans per API key | 10 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-985EB478) |
| VPC links per account per Region | 20 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-A4C7274F) |
| API caching TTL | 300 seconds by default and configurable between 0 and 3600 by an API owner. | Not for the upper bound (3600) |
| Cached response size | 1048576 Bytes. Cache data encryption may increase the size of the item that is being cached. | No |
| Integration timeout for Regional APIs | 50 milliseconds - 29 seconds for all integration types, including Lambda, Lambda proxy, HTTP, HTTP proxy, and AWS integrations. | [Yes \$1](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-E5AE38E3) |
| Integration timeout for edge-optimized APIs | 50 milliseconds - 29 seconds for all integration types, including Lambda, Lambda proxy, HTTP, HTTP proxy, and AWS integrations. | No |
| Integration timeout for private APIs | 50 milliseconds - 29 seconds for all integration types, including Lambda, Lambda proxy, HTTP, HTTP proxy, and AWS integrations. | [Yes \$1](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-E5AE38E3) |
| Total combined size of all header values, including header names, values, any line terminators, and whitespaces | 10240 Bytes | No |
| Total combined size of all header values for a private API | 8000 Bytes | No |
| Payload size | 10 MB | No |
| Tags per stage | 50 | No |
| Number of iterations in a \$1foreach ... \$1end loop in mapping templates | 1000 | No |
| Maximum mapping template size | 300 KB | No |
| Access log template size | 3 KB | No |
| Method ARN length | 1600 bytes. If your method contains a path parameter and a client uses a value that exceeds the ARN length, your API will return a 414 Request URI too long response. | No |
| Method-level throttling settings for a stage in a usage plan | 20 | Yes To increase this quota, contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) |
| Model size per API | 400 KB | No |
| Number of certificates in a truststore | 1,000 certificates up to 1 MB total object size. | No |
| Idle connection timeout | 310 seconds | No |
| Maximum API definition file size when using [restapi:import](https://docs.aws.amazon.com/apigateway/latest/api/API_ImportRestApi.html) or [restapi:put](https://docs.aws.amazon.com/apigateway/latest/api/API_PutRestApi.html) | 6 MB | No |
\$1 You can't set the integration timeout to less than 50 milliseconds. You can raise the integration timeout to greater than 29 seconds, but this might require a reduction in your Region-level throttle quota for your account.
## Best practices to reduce your quotas
The following best practices might help reduce your current number of resources to avoid increasing your quota. Make sure that these suggestions work for your API's architecture.
**APIs per Region**
To reduce the number of APIs per Region, export any unused APIs and then delete them from API Gateway. For more information, see [Export a REST API from API Gateway](api-gateway-export-api.md).
**Stages per API**
To reduce the number of stages per API, split up your API into multiple APIs.
**Resources per API**
Use `{proxy+}` paths to reduce the number of resources. For more information, see [Set up a proxy integration with a proxy resource](api-gateway-set-up-simple-proxy.md).
**API mappings**
To reduce the number of API mappings for a custom domain name, use API mappings with single levels, such as `/prod`. API mappings with a single level doesn't count towards the API mappings quota.
**Authorizers per API**
To reduce the number of authorizers per API, reuse authorizers across API methods.
**Documentation parts per API**
To reduce the number of documentation parts per API, use `ignore=documentation` when you import your API. For more information, see [Import API documentation](api-gateway-documenting-api-quick-start-import-export.md).
You can also use content inheritance to allow some documentation parts to inherit content from an API entity of a more general specification. For more information, see [Representation of API documentation in API Gateway](api-gateway-documenting-api-content-representation.md).
**Length, in characters, of API Gateway resource policy**
To reduce the length of a resource policy, use AWS WAFV2 to protect your API. For more information, see [Use AWS WAF to protect your REST APIs in API Gateway](apigateway-control-access-aws-waf.md).
If your policy contains IP addresses, you can also use ranges instead of specific values to define IP addresses.
**Usage plans per API key**
To reduce the number of usage plans per API key, use one API key per usage plan, and associate your usage plan with multiple APIs. We don't recommend sharing one API key across multiple usage plans.
# Quotas for configuring and running an HTTP API in API Gateway
The following quotas apply to configuring and running an HTTP API in Amazon API Gateway. If the quota is per-API, it can only be increased on specific APIs, not for all the APIs in an account. For information about account-level quotas see [Amazon API Gateway quotas](limits.md)
| Resource or operation | Default quota | Can be increased |
| --- | --- | --- |
| Routes per API | 300 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-65B5C802) |
| Integrations per API | 300 | No |
| Maximum integration timeout | 30 seconds | No |
| Stages per API | 10 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-379E48B0) |
| Multi-level API mappings per domain | 200 API mappings. This limit doesn't include API mapping with single levels, such as /prod. | No |
| Tags per stage | 50 | No |
| Total combined size of request line and header values | 10240 bytes | No |
| Payload size | 10 MB | No |
| Custom domains per account per Region | 120 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-A93447B8) |
| Access log template size | 3 KB | No |
| Amazon CloudWatch Logs log entry | 1 MB | No |
| Authorizers per API | 10 | Yes To increase this quota, contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) |
| Audiences per authorizer | 50 | No |
| Scopes per route | 10 | No |
| Timeout for JSON Web Key Set endpoint | 1500 ms | No |
| Response size from JSON Web Key Set endpoint | 150000 bytes | No |
| Timeout for OpenID Connect discovery endpoint | 1500 ms | No |
| Timeout for Lambda authorizer response | 10000 ms | No |
| VPC links per account per Region | 10 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-608BDCD4) |
| Subnets per VPC link | 10 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-668C9B28) |
| Stage variables per stage | 100 | No |
| Length, in characters, of the key in a stage variable | 64 | No |
| Length, in characters, of the value in a stage variable | 512 | No |
## Best practices to reduce your quotas
The following best practices might help reduce your current number of resources to avoid increasing your quota. Make sure that these suggestions work for your API's architecture.
**APIs per Region**
To reduce the number of APIs per Region, export any unused APIs and then delete them from API Gateway. For more information, see [Export HTTP APIs from API Gateway](http-api-export.md).
**Stages per API**
To reduce the number of stages per API, split up your API into multiple APIs.
**Authorizers per API**
To reduce the number of authorizers per API, reuse authorizers across API methods.
# Quotas for configuring portals in API Gateway
The following quotas apply to creating portals in API Gateway. For more information, see [API Gateway portals](apigateway-portals.md).
| Resource or operation | Default quota | Can be increased |
| --- | --- | --- |
| Portals per account | 15 | Yes |
| Portal products per portal | 200 | Yes |
| Portal products per account | 2000 | Yes |
| Product REST endpoint pages per portal product | 40 | Yes |
| Product pages per portal product | 40 | Yes |
| Logo size | 200 KB | No |
| Documentation page size per product REST endpoint page | 32,000 characters | No |
| Custom page size for product pages | 32,000 characters | No |
| Custom domain names per portal | 1 | No |
| Authorizers per portal | 1 | No |
# Quotas for configuring and running a WebSocket in API Gateway
The following quotas apply to configuring and running a WebSocket API in Amazon API Gateway. If the quota is per-API, it can only be increased on specific APIs, not for all the APIs in an account. For information about account-level quotas see [Amazon API Gateway quotas](limits.md)
| Resource or operation | Default quota | Can be increased |
| --- | --- | --- |
| New connections per second per account (across all WebSocket APIs) per Region | 500 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-9ED1E49A) |
| Concurrent connections | Not applicable \$1 | Not applicable |
| AWS Lambda authorizers per API | 10 | Yes To increase this quota, contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) |
| AWS Lambda authorizer result size | 8 KB | No |
| Routes per API | 300 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-01C8A9E0) |
| Integrations per API | 300 | Yes To increase this quota, contact the [AWS Support Center](https://console.aws.amazon.com/support/home#/) |
| Integration timeout | 50 milliseconds - 29 seconds for all integration types, including Lambda, Lambda proxy, HTTP, HTTP proxy, and AWS integrations. | No |
| Stages per API | 10 | [Yes](https://console.aws.amazon.com/servicequotas/home/services/apigateway/quotas/L-379E48B0) |
| WebSocket frame size | 32 KB | No |
| Message payload size | 128 KB \$1\$1 | No |
| Maximum mapping template size | 300 KB | No |
| Connection duration for WebSocket API | 2 hours | No |
| Idle Connection Timeout | 10 minutes | No |
| Length, in characters, of the URL for a WebSocket API | 4096 | No |
| Access log template size | 3 KB | No |
\$1 API Gateway doesn't enforce a quota on concurrent connections. The maximum number of concurrent connections is determined by the rate of new connections per second and maximum connection duration of two hours. For example, with the default quota of 500 new connections per second, if clients connect at the maximum rate over two hours, API Gateway can serve up to 3,600,000 concurrent connections.
\$1\$1 Because of the WebSocket frame-size quota of 32 KB, a message larger than 32 KB must be split into multiple frames, each 32 KB or smaller. This applies to `@connections` commands. If a larger message (or larger frame size) is received, the connection is closed with code 1009.
# Amazon API Gateway important notes
The following section details notes that might impact your use of API Gateway.
**Topics**
+ [
## Amazon API Gateway important notes for HTTP APIs
](#api-gateway-known-issues-http-apis)
+ [
## Amazon API Gateway important notes for HTTP and WebSocket APIs
](#api-gateway-known-issues-http-and-websocket-apis)
+ [
## Amazon API Gateway important notes for REST and WebSocket APIs
](#api-gateway-known-issues-rest-and-websocket-apis)
+ [
## Amazon API Gateway important notes for WebSocket APIs
](#api-gateway-known-issues-websocket-apis)
+ [
## Amazon API Gateway important notes for REST APIs
](#api-gateway-known-issues-rest-apis)
## Amazon API Gateway important notes for HTTP APIs
+ HTTP APIs translate incoming `X-Forwarded-*` headers into a standard `Forwarded` header and will append the egress IP, Host, and protocol.
+ API Gateway adds the Content-type header to your request if there is no payload and the Content-Length is 0.
## Amazon API Gateway important notes for HTTP and WebSocket APIs
+ Signature Version 4A is not officially supported by Amazon API Gateway for HTTP and WebSocket APIs.
## Amazon API Gateway important notes for REST and WebSocket APIs
+ API Gateway does not support sharing a custom domain name across REST and WebSocket APIs.
+ Stage names can only contain alphanumeric characters, hyphens, and underscores. Maximum length is 128 characters.
+ The `/ping` and `/sping` paths are reserved for the service health check. Use of these for API root-level resources with custom domains will fail to produce the expected result.
+ API Gateway currently limits log events to 1024 bytes. Log events larger than 1024 bytes, such as request and response bodies, will be truncated by API Gateway before submission to CloudWatch Logs.
+ CloudWatch Metrics currently limits dimension names and values to 255 valid XML characters. (For more information, see the [CloudWatch User Guide](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch_concepts.html#Dimension).) Dimension values are a function of user-defined names, including API name, label (stage) name, and resource name. When choosing these names, be careful not to exceed CloudWatch Metrics limits.
+ The maximum size of a mapping template is 300 KB.
## Amazon API Gateway important notes for WebSocket APIs
+ API Gateway supports message payloads up to 128 KB with a maximum frame size of 32 KB. If a message exceeds 32 KB, you must split it into multiple frames, each 32 KB or smaller. If a larger message is received, the connection is closed with code 1009.
## Amazon API Gateway important notes for REST APIs
+ The plain text pipe character (`|`) and the curly brace character (`{` or `}`) are not supported for any request URL query string and must be URL-encoded.
+ The semicolon character (`;`) is not supported for any request URL query string and results in the data being split.
+ REST APIs decode URL-encoded request parameters before passing them to backend integrations. For UTF-8 request parameters, REST APIs decode the parameters and then pass them as unicode to backend integrations. REST APIs URL-encode the percent character (`%`) before passing it to backend integrations.
+ When using the API Gateway console to test an API, you may get an "unknown endpoint errors" response if a self-signed certificate is presented to the backend, the intermediate certificate is missing from the certificate chain, or any other unrecognizable certificate-related exceptions thrown by the backend.
+ For an API [https://docs.aws.amazon.com/apigateway/latest/api/API_Resource.html](https://docs.aws.amazon.com/apigateway/latest/api/API_Resource.html) or [https://docs.aws.amazon.com/apigateway/latest/api/API_Method.html](https://docs.aws.amazon.com/apigateway/latest/api/API_Method.html) entity with a private integration, you should delete it after removing any hard-coded reference of a [https://docs.aws.amazon.com/apigateway/latest/api/API_VpcLink.html](https://docs.aws.amazon.com/apigateway/latest/api/API_VpcLink.html). Otherwise, you have a dangling integration and receive an error stating that the VPC link is still in use even when the `Resource` or `Method` entity is deleted. This behavior does not apply when the private integration references `VpcLink` through a stage variable.
+ The following backends may not support SSL client authentication in a way that's compatible with API Gateway:
+ [NGINX](https://nginx.org/en/)
+ [Heroku](https://www.heroku.com/)
+ API Gateway supports most of the [OpenAPI 2.0 specification](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md) and the [OpenAPI 3.0 specification](https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.1.md), with the following exceptions:
+ Path segments can only contain alphanumeric characters, underscores, hyphens, periods, commas, colons, and curly braces. Path parameters must be separate path segments. For example, "resource/\$1path\$1parameter\$1name\$1" is valid; "resource\$1path\$1parameter\$1name\$1" is not.
+ Model names can only contain alphanumeric characters.
+ For input parameters, only the following attributes are supported: `name`, `in`, `required`, `type`, `description`. Other attributes are ignored.
+ The `securitySchemes` type, if used, must be `apiKey`. However, OAuth 2 and HTTP Basic authentication are supported via [Lambda authorizers](apigateway-use-lambda-authorizer.md); the OpenAPI configuration is achieved via [vendor extensions](api-gateway-swagger-extensions-authorizer.md).
+ The `deprecated` field is not supported and is dropped in exported APIs.
+ API Gateway models are defined using [JSON schema draft 4](https://datatracker.ietf.org/doc/html/draft-zyp-json-schema-04), instead of the JSON schema used by OpenAPI.
+ The `discriminator` parameter is not supported in any schema object.
+ The `example` tag is not supported.
+ The `nullable` field is not supported.
+ `exclusiveMinimum` is not supported by API Gateway.
+ The `maxItems` and `minItems` tags are not included in [simple request validation](api-gateway-method-request-validation.md). To work around this, update the model after import before doing validation.
+ For OpenAPI 3.0, you can't have a `oneOf`, `anyOf`, or `allOf` that uses `$ref` to a definition within the same schema. You can either directly input your schema or define a separate API Gateway model resource. For more information, see [Creating more complex models](models-mappings-models.md#api-gateway-request-validation-model-more-complex).
+ `oneOf` is not supported for OpenAPI 2.0 or SDK generation.
+ The `readOnly` field is not supported.
+ `$ref` cannot be used to reference other files.
+ Response definitions of the `"500": {"$ref": "#/responses/UnexpectedError"}` form is not supported in the OpenAPI document root. To work around this, replace the reference by the inline schema.
+ Numbers of the `Int32` or `Int64` type are not supported. An example is shown as follows:
```
"elementId": {
"description": "Working Element Id",
"format": "int32",
"type": "number"
}
```
+ Decimal number format type (`"format": "decimal"`) is not supported in a schema definition.
+ In method responses, schema definition must be of an object type and cannot be of primitive types. For example, `"schema": { "type": "string"}` is not supported. However, you can work around this using the following object type:
```
"schema": {
"$ref": "#/definitions/StringResponse"
}
"definitions": {
"StringResponse": {
"type": "string"
}
}
```
+ API Gateway doesn't use root level security defined in the OpenAPI specification. Hence security needs to be defined at an operation level to be appropriately applied.
+ The `default` keyword is not supported.
+ API Gateway enacts the following restrictions and limitations when handling methods with either Lambda integration or HTTP integration.
+ Header names and query parameters are processed in a case-sensitive way.
+ The following table lists the headers that may be dropped, remapped, or otherwise modified when sent to your integration endpoint or sent back by your integration endpoint. In this table:
+ `Remapped` means that the header name is changed from `` to `X-Amzn-Remapped-`.
`Remapped Overwritten` means that the header name is changed from `` to `X-Amzn-Remapped-` and the value is overwritten.
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-known-issues.html)
\$1 The `Authorization` header is dropped if it contains a [Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-signing.html) signature or if `AWS_IAM` authorization is used.
+ The Android SDK of an API generated by API Gateway uses the `java.net.HttpURLConnection` class. This class will throw an unhandled exception, on devices running Android 4.4 and earlier, for a 401 response resulted from remapping of the `WWW-Authenticate` header to `X-Amzn-Remapped-WWW-Authenticate`.
+ Unlike API Gateway-generated Java, Android and iOS SDKs of an API, the JavaScript SDK of an API generated by API Gateway does not support retries for 500-level errors.
+ The test invocation of a method uses the default content type of `application/json` and ignores specifications of any other content types.
+ When sending requests to an API by passing the `X-HTTP-Method-Override` header, API Gateway overrides the method. So in order to pass the header to the backend, the header needs to be added to the integration request.
+ When a request contains multiple media types in its `Accept` header, API Gateway only honors the first `Accept` media type. In the situation where you cannot control the order of the `Accept` media types and the media type of your binary content is not the first in the list, you can add the first `Accept` media type in the `binaryMediaTypes` list of your API, API Gateway will return your content as binary. For example, to send a JPEG file using an `![]()
` element in a browser, the browser might send `Accept:image/webp,image/*,*/*;q=0.8` in a request. By adding `image/webp` to the `binaryMediaTypes` list, the endpoint will receive the JPEG file as binary.
+ Customizing the default gateway response for `413 REQUEST_TOO_LARGE` isn't currently supported.
+ API Gateway includes a `Content-Type` header for all integration responses. By default, the content type is `application/json`.