API Gateway REST vs HTTP: What It Is and When to Use It

Definition

Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. Within API Gateway, developers can create two distinct types of RESTful APIs: HTTP APIs and REST APIs, which provide different balances of features, performance, and cost to solve different business problems.

How It Works

Both HTTP and REST APIs act as a "front door" for applications to access backend services, such as AWS Lambda functions, HTTP endpoints on Amazon EC2, or other AWS services. When a client sends a request to an API Gateway endpoint, the service handles traffic management, authorization, and monitoring before routing the request to the configured backend integration.

• REST APIs (v1): This is the original, more feature-rich offering. They use a detailed configuration model involving resources (like /users), methods (like GET, POST), integration requests, and integration responses. This model allows for fine-grained control, including the ability to transform request and response payloads using Velocity Template Language (VTL).

• HTTP APIs (v2): This is a newer, more streamlined offering designed for lower latency and lower cost. They simplify the configuration by combining the method and resource into a single "route" (e.g., GET /users) that maps directly to a backend integration. This design is optimized for common use cases like proxying requests to Lambda functions or other HTTP endpoints.

Key Features and Limits

Choosing between a REST API and an HTTP API involves a trade-off between features and cost.

| Feature | REST APIs (v1) | HTTP APIs (v2) | Notes | | :--- | :--- | :--- | :--- | | Pricing | Higher cost per million requests. | Lower cost, up to 71% cheaper. | HTTP APIs are designed to be more cost-effective for high-volume workloads. | | Performance | Higher latency. | Lower latency. | The streamlined architecture of HTTP APIs results in better performance. | | Authorizers | IAM, Cognito User Pools, Lambda Authorizers. | IAM, JWT Authorizers (OIDC/OAuth2), Lambda Authorizers. | HTTP APIs have built-in support for JWTs, which can simplify securing modern applications. | | API Management | Usage Plans, API Keys, Client-side Throttling/Quotas. | Not supported. | This is a critical differentiator; REST APIs are superior for public or monetized APIs. | | Request/Response Transformation | Supported via VTL Mapping Templates. | Not supported (limited to parameter mapping). | REST APIs offer powerful control to modify data between the client and backend. | | Request Validation | Supported (JSON Schema validation for body, headers, etc.). | Not supported. | REST APIs can offload input validation from the backend service. | | Caching | Built-in API caching available. | Not supported. | Caching in REST APIs can significantly reduce backend load and improve latency. | | AWS WAF Integration | Supported. | Supported. | Native WAF support for HTTP APIs was added in 2025, closing a previous feature gap. | | Private APIs | Supported via Private VPC Endpoints. | Supported via Private Integrations with VPC Links. | Both can be used for internal, VPC-only APIs, though the implementation differs. | | Custom Domains | Supported (Edge-optimized and Regional). | Supported (Regional only). | Both API types can be associated with a user-friendly domain name. | | CORS Support | Manual configuration required. | Built-in, simplified CORS configuration. | HTTP APIs make it easier to handle Cross-Origin Resource Sharing. |

Service Quotas:

• Requests per second (RPS): The default account-level quota is 10,000 RPS with a burst capacity, shared across all APIs in a region. This can be increased upon request.
• Other Quotas: There are various other limits on resources like the number of APIs per account, integrations, and authorizers. These can be viewed and managed via the AWS Service Quotas console.

Common Use Cases

Choose an HTTP API for:

1. Serverless Web Applications: When you need a simple, low-latency, and cost-effective front door for AWS Lambda functions or other HTTP backends.
2. High-Volume, Simple Proxy APIs: For workloads that primarily pass requests through to a backend service without needing advanced features like transformation or per-client throttling.
3. Modern, JWT-Secured Microservices: The native support for OIDC and OAuth 2.0 JWTs makes HTTP APIs ideal for services that use modern token-based authentication.

Choose a REST API for:

1. Public or Partner APIs: When you need to manage third-party developer access using API keys, usage plans, and per-client throttling and quotas.
2. Complex Enterprise APIs: For applications requiring fine-grained control over the request/response flow, including payload validation and transformation to support legacy backends.
3. APIs Requiring Caching: For read-heavy workloads where caching API responses at the edge can dramatically reduce costs and improve performance.
4. APIs Requiring AWS WAF Protection: For public-facing APIs that need protection against common web exploits.

Pricing Model

Amazon API Gateway uses a pay-as-you-go pricing model with no minimum fees or upfront commitments.

• API Requests: You are billed primarily for the number of API calls received. HTTP APIs have a significantly lower price per million requests compared to REST APIs.
• Data Transfer: Standard AWS data transfer charges apply for data transferred out of the service.
• Caching (REST APIs only): If you enable caching for a REST API stage, you pay an hourly rate based on the cache size selected.
• Free Tier: AWS provides a free tier for the first 12 months, which includes 1 million calls per month for both HTTP and REST APIs.

For detailed pricing, always consult the official AWS Pricing Calculator.

Pros and Cons

HTTP APIs

• Pros:
  • Significantly lower cost and latency.
  • Simpler to configure and manage.
  • Built-in support for OIDC/OAuth2 and CORS.
• Cons:
  • Lacks key API management features like usage plans and API keys.
  • No support for request validation, transformation, or caching.

REST APIs

• Pros:
  • Comprehensive feature set for full API lifecycle management.
  • Enables monetization and developer ecosystem management with usage plans and API keys.
  • Powerful control with request/response validation and transformation.
  • Supports response caching to improve performance.
• Cons:
  • Higher cost per request.
  • Higher latency compared to HTTP APIs.
  • More complex configuration.

Comparison with Alternatives

• API Gateway vs. Application Load Balancer (ALB): An ALB is a Layer 7 load balancer designed for routing HTTP/HTTPS traffic to targets like EC2 instances, containers, and Lambda functions. While it can route traffic, it lacks the rich API management features of API Gateway, such as authentication, throttling, API keys, and caching. Use an ALB for internal load balancing and simple external-facing web applications; use API Gateway when you need full API management capabilities.

• API Gateway vs. AWS AppSync: AWS AppSync is a managed service for developing GraphQL APIs. While API Gateway is used for RESTful and WebSocket APIs, AppSync is the preferred choice for applications that benefit from the GraphQL query language, which allows clients to request exactly the data they need. Choose API Gateway for REST endpoints and AppSync for GraphQL endpoints.

Exam Relevance

Amazon API Gateway is a core topic on several AWS certification exams, particularly those focused on development and architecture.

• AWS Certified Developer - Associate (DVA-C02): Expect deep questions on Lambda integration, authorizers (IAM, Lambda, Cognito), stage variables, deployment strategies, and troubleshooting. Knowing the feature differences between HTTP and REST APIs is crucial.
• AWS Certified Solutions Architect - Associate (SAA-C03): Questions focus on architectural patterns. You'll need to know when to use API Gateway (and which type) versus an ALB, how to secure APIs (WAF, private endpoints, authorizers), and how to design scalable and resilient serverless applications.
• AWS Certified Solutions Architect - Professional (SAP-C02): Expect complex scenarios involving multi-region deployments, advanced security patterns, cost optimization, and integration with a wide range of AWS services.

Examinees should understand the trade-offs between HTTP and REST APIs and be able to choose the correct type based on a given scenario's requirements for cost, performance, and features like API keys or request validation.

Frequently Asked Questions

Q: Can I migrate from a REST API to an HTTP API?

A: Yes, migration is possible. The recommended process involves exporting your REST API's OpenAPI definition, checking for any features used that are not available in HTTP APIs, and then importing the definition to create a new HTTP API. After thorough testing, you can update your clients to use the new endpoint URL.

Q: Which API type offers better performance?

A: HTTP APIs are designed for lower latency and deliver better performance compared to REST APIs. Their streamlined architecture reduces the overhead for each request, making them a better choice for latency-sensitive workloads.

Q: Do both REST and HTTP APIs support custom domains?

A: Yes, both API types allow you to set up a custom domain name, so you can provide a branded, user-friendly URL for your API. However, REST APIs support both edge-optimized and regional custom domains, while HTTP APIs only support regional custom domains.

---

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official AWS documentation before making production decisions.