1
00:00:02,160 --> 00:00:08,960
In the last lecture, we learned what API Gateway does in general and which features it offer on a very

2
00:00:08,960 --> 00:00:13,370
high level and we will use many of these features throughout the course, so no worries if they're not all

3
00:00:13,370 --> 00:00:14,770
set right now

4
00:00:15,170 --> 00:00:18,500
but now I want to focus on the meat of API Gateway.

5
00:00:18,770 --> 00:00:25,250
I selected a method here on the resources and this is an endpoint we can actually hit with a request

6
00:00:25,610 --> 00:00:29,400
because an endpoint is made up of two things, our resource,

7
00:00:29,420 --> 00:00:36,200
so the path to which the request should get sent and the method, the type of request because of course, there

8
00:00:36,200 --> 00:00:37,970
is no request.

9
00:00:37,970 --> 00:00:41,940
There are different types of requests, you can send a POST request, a GET request

10
00:00:42,200 --> 00:00:48,600
and here, we get an endpoint which will react to get requests being sent to this path

11
00:00:48,680 --> 00:00:53,300
and this path of course is always appended to our general URL of that API,

12
00:00:53,300 --> 00:00:57,080
so to this URL. Here at the end, we would attach this path

13
00:00:57,140 --> 00:01:01,880
and if we set a get request to the path, we would hit this endpoint.

14
00:01:01,940 --> 00:01:07,390
Now as soon as we do hit this endpoint, we go through this cycle here on the right,

15
00:01:07,400 --> 00:01:14,210
so what is this about? It basically depicts the flow of data in our API.

16
00:01:14,570 --> 00:01:20,420
We got a client and this of course is the app or whatever which sends the request and conveniently, we can even

17
00:01:20,630 --> 00:01:26,690
test that here, so if we click on test, we can send a test request from within API Gateway so that we

18
00:01:26,690 --> 00:01:30,990
don't have to set up a client to do the testing.

19
00:01:31,040 --> 00:01:35,930
We'll do that nonetheless later in the course but having this test method is great and that's all this

20
00:01:35,930 --> 00:01:36,230
does,

21
00:01:36,230 --> 00:01:39,660
we can just simply test a request being sent by a client.

22
00:01:39,860 --> 00:01:43,830
As a side note, you see these markers, these orange markers?

23
00:01:44,140 --> 00:01:48,170
You can always click them to get some information about the specific item they sit on

24
00:01:48,410 --> 00:01:50,200
and once you click that away, they're gone

25
00:01:50,210 --> 00:01:53,230
but you can always bring them back by clicking on show all hints.

26
00:01:53,270 --> 00:01:58,080
So that might be useful if you're not clear about something or if something is confusing.

27
00:01:58,200 --> 00:02:01,880
However we just talked about the client, client is sending a request,

28
00:02:01,880 --> 00:02:03,500
OK we got this.

29
00:02:03,500 --> 00:02:06,050
Now we hit the method request box,

30
00:02:06,110 --> 00:02:07,890
what does this actually mean?

31
00:02:08,120 --> 00:02:14,380
Well this cycle depicts how an incoming request is handled by API Gateway and method request, this

32
00:02:14,390 --> 00:02:21,980
first box defines how requests reaching this endpoint should actually look like.

33
00:02:22,070 --> 00:02:23,690
It's like a gatekeeper,

34
00:02:23,750 --> 00:02:30,050
we can reject requests if they don't fit a certain schema and I'm not just talking about the schema

35
00:02:30,050 --> 00:02:33,740
we might have set up in any of our request data models here,

36
00:02:33,900 --> 00:02:35,540
I'm talking about more.

37
00:02:35,540 --> 00:02:40,020
Let's have a look at the method request box by clicking on method request,

38
00:02:40,230 --> 00:02:43,670
here you can see there are a couple of things we can configure,

39
00:02:43,670 --> 00:02:46,580
for example we can set up authorization.

40
00:02:46,580 --> 00:02:52,190
Now it's set to none right now but we will later in this course learn how we can add authentication

41
00:02:52,190 --> 00:02:52,830
here.

42
00:02:53,000 --> 00:02:56,790
We can say if an incoming request is not authorized

43
00:02:56,900 --> 00:03:03,050
and again, we will learn how to authorize incoming requests, if it is not authorized, we simply block it, end

44
00:03:03,090 --> 00:03:03,760
of the road.

45
00:03:03,830 --> 00:03:05,140
Nothing else happens,

46
00:03:05,180 --> 00:03:12,200
it simply gets rejected with an error code and message and we're done. The same for validation, we can

47
00:03:12,200 --> 00:03:17,640
validate the incoming request, we can validate it for one of the three things we see down here.

48
00:03:17,930 --> 00:03:23,250
We can check if the query parameters attached to the request fit our scheme, query parameters are

49
00:03:23,250 --> 00:03:29,660
the thing after the question mark at the end, like here in the URL. We can also check if the headers

50
00:03:29,660 --> 00:03:35,880
attached request fit our scheme or our needs and we can finally check the request body

51
00:03:35,960 --> 00:03:39,430
and here, we can connect it to a model we might have created

52
00:03:39,470 --> 00:03:45,530
so that we say incoming data should let's say always have a name which is a string and age which is a number

53
00:03:45,710 --> 00:03:52,340
and if the incoming request body does not fit that schema, it also gets rejected with an error message

54
00:03:52,340 --> 00:03:58,580
and code and we stop right here. And we do this by setting up here if we want to validate the body, validate

55
00:03:58,610 --> 00:04:02,140
everything or just query string parameters and headers.

56
00:04:02,150 --> 00:04:04,250
So this is how we can set up validation

57
00:04:04,550 --> 00:04:12,290
and finally, here's this API key again. We can require an API key and therefore lock our API to anyone

58
00:04:12,470 --> 00:04:14,710
who doesn't have such a key.

59
00:04:14,810 --> 00:04:19,500
Now that is the method request box,

60
00:04:19,760 --> 00:04:22,680
what it does is it acts like a gatekeeper,

61
00:04:22,700 --> 00:04:31,100
it ensures that incoming requests have a certain shape, have certain data, fulfill certain requirements.

62
00:04:31,100 --> 00:04:35,820
As soon as this is met, we continue. So with what do we continue?