API Gateway REST vs HTTP vs WebSocket: Which Should You Choose?

Key Takeaway

Choose HTTP API for simple, low-cost APIs; REST API for advanced features; WebSocket API for real-time bidirectional communication. HTTP API is up to 70% cheaper than REST API but lacks API keys, WAF, request validation, and other advanced features.

API Gateway Types at a Glance

Type	Launch Date	Features	Cost
REST API	2015	All features included	Higher
HTTP API	2019	Lightweight, high performance	Lower (70% cheaper)
WebSocket API	2018	Bidirectional real-time	Connection time + messages

REST API vs HTTP API Detailed Comparison

Feature Comparison

Feature	REST API	HTTP API
Lambda Integration	✅	✅
HTTP Proxy	✅	✅
VPC Link	✅	✅
API Keys	✅	❌
Usage Plans	✅	❌
Request Validation	✅	❌
Request/Response Transformation	✅	❌
AWS WAF	✅	❌
X-Ray Tracing	✅	❌
Caching	✅	❌
Private Endpoints	✅	❌
Per-user/tenant Throttling	✅	❌

Authentication Comparison

Auth Method	REST API	HTTP API
IAM	✅	✅
Lambda Authorizer	✅	✅
Cognito	✅	✅
JWT Authorizer	❌	✅ (Native)
API Keys	✅	❌

Performance and Cost Comparison

Aspect	REST API	HTTP API
Latency	29ms (avg)	10ms (avg)
Price (per million)	$3.50	$1.00
Free Tier	1 million/month	1 million/month

Cost Savings Calculation:
100 million API calls/month:
- REST API: $350
- HTTP API: $100
- Savings: $250/month (71% reduction)

When to Choose REST API

Required Scenarios

1. API Keys and Usage Plans

   • Providing API to external developers
   • Per-tenant request throttling

2. Request/Response Transformation

   • VTL (Velocity Template Language) data transformation
   • Legacy backend integration

3. AWS WAF Integration

   • SQL injection, XSS defense
   • IP-based access control

4. Caching

   • API response caching
   • Reduce backend load

5. Private API

   • VPC internal access only
   • Internal microservices

REST API Architecture Example:

[Client] → [API Gateway REST API]
                    │
                    ├── API Key validation
                    ├── WAF rules applied
                    ├── Request validation
                    ├── Cache check
                    │
                    ▼
               [Lambda / ALB / EC2]

When to Choose HTTP API

Suitable Scenarios

1. Simple CRUD APIs

   • Lambda + DynamoDB combination
   • Fast development, low cost

2. Internal Microservice Communication

   • Service-to-service API calls
   • Advanced features not needed

3. OAuth 2.0 / OIDC Authentication

   • JWT token-based auth
   • Cognito, Auth0 integration

4. Cost Optimization

   • High-traffic APIs
   • Simple proxy functionality

HTTP API Architecture Example:

[Mobile App] → [API Gateway HTTP API]
                    │
                    ├── JWT validation (native)
                    │
                    ▼
               [Lambda] → [DynamoDB]

When to Use WebSocket API

How It Works

WebSocket maintains persistent bidirectional connections.

HTTP (Request-Response):
[Client] ─── Request ──→ [Server]
[Client] ←── Response ── [Server]
(Connection closed)

WebSocket (Bidirectional):
[Client] ←──────────→ [Server]
         Persistent connection
    (Server can send messages first)

Suitable Use Cases

1. Real-time Chat

   • Instant message delivery
   • Group chat

2. Real-time Notifications

   • Stock price updates
   • Sports score updates

3. Collaboration Tools

   • Real-time document editing
   • Whiteboard sharing

4. Online Gaming

   • Real-time game state sync
   • Multiplayer games

5. IoT Dashboards

   • Real-time sensor data display
   • Device control

WebSocket API Routing

WebSocket API routes messages using route keys:

// Client message
{
  "action": "sendMessage",  // Route key
  "message": "Hello!"
}

Route	Description
$connect	Called on connection
$disconnect	Called on disconnect
$default	When no route matches
sendMessage	Custom route

WebSocket Pricing

Item	Cost
Connection time	$0.25/million minutes
Messages (32KB)	$1.00/million
Free Tier	1M messages + 750K connection minutes/month

Selection Guide Flowchart

API Type Selection Start
        │
        ▼
Need real-time bidirectional communication? ─── Yes ──→ [WebSocket API]
        │
        No
        │
        ▼
Need any of these features?
- API keys and usage plans
- AWS WAF integration
- Request validation/transformation
- Response caching
- Private endpoints
        │
       Yes ──────────────────────→ [REST API]
        │
        No
        │
        ▼
            [HTTP API] (Low cost, high performance)

SAA-C03 Exam Focus Points

1. ✅ Cost Optimization: "Simple API + cost savings = HTTP API"
2. ✅ API Keys/Throttling: "External API + usage limits = REST API"
3. ✅ Real-time Communication: "Chat, notifications, gaming = WebSocket API"
4. ✅ WAF Integration: "API protection + WAF = REST API"
5. ✅ JWT Authentication: "Native JWT = HTTP API"

Frequently Asked Questions (FAQ)

Q: Can HTTP API completely replace REST API?

No. HTTP API doesn't support many advanced features like API keys, WAF, caching, and request validation. Use REST API when these features are needed.

Q: Can I use REST API and HTTP API together?

Yes. A single application can use both types based on purpose. Example: HTTP API for internal APIs, REST API for external partner APIs.

Q: What happens when a WebSocket connection drops?

The $disconnect route is called. You need to implement reconnection logic on the client side. API Gateway maintains idle connections for up to 2 hours.

Q: Is API Gateway caching only available on REST API?

Yes. HTTP API doesn't support caching. If caching is needed, place CloudFront in front or use REST API.

Q: Which API is faster for Lambda integration?

HTTP API has lower latency than REST API (average 10ms vs 29ms). Fewer features mean less overhead.

Related Posts

• Lambda Function Optimization
• ECS vs EKS vs Fargate Comparison
• CloudFront Caching Optimization

References

• Choosing Between REST APIs and HTTP APIs
• WebSocket API Overview
• API Gateway Pricing