1
00:00:00,120 --> 00:00:03,210
‫So the API Gateway has a tight integration

2
00:00:03,210 --> 00:00:06,000
‫with the OpenAPI specification.

3
00:00:06,000 --> 00:00:08,340
‫So what is the OpenAPI specification?

4
00:00:08,340 --> 00:00:12,450
‫Well, it's a very common way to define REST APIs

5
00:00:12,450 --> 00:00:16,080
‫and the API definition itself is code.

6
00:00:16,080 --> 00:00:17,880
‫So what you can do is that you create

7
00:00:17,880 --> 00:00:22,080
‫this specification using the OpenAPI model 3.0

8
00:00:22,080 --> 00:00:25,440
‫and then you import that into the API gateway.

9
00:00:25,440 --> 00:00:28,260
‫So you define the methods, the method request,

10
00:00:28,260 --> 00:00:31,260
‫the integration request, the method response,

11
00:00:31,260 --> 00:00:33,900
‫as well as any AWS extension

12
00:00:33,900 --> 00:00:35,760
‫that you can set up for the API gateway.

13
00:00:35,760 --> 00:00:37,800
‫And you can set up every single option

14
00:00:37,800 --> 00:00:41,790
‫of these extensions directly from within the API spec.

15
00:00:41,790 --> 00:00:45,150
‫Similarly, instead of importing stuff into the API Gateway,

16
00:00:45,150 --> 00:00:48,600
‫you can take an existing API in the API Gateway

17
00:00:48,600 --> 00:00:52,020
‫and export it as an OpenAPI spec.

18
00:00:52,020 --> 00:00:52,853
‫Why?

19
00:00:52,853 --> 00:00:55,080
‫Well, because this specification can be used

20
00:00:55,080 --> 00:00:58,080
‫to, for example, generate client code.

21
00:00:58,080 --> 00:01:01,950
‫So these OpenAPI specifications can either be written

22
00:01:01,950 --> 00:01:05,610
‫in YAML or JSON, and then when you use them

23
00:01:05,610 --> 00:01:09,180
‫you can generate client SDKs as I've just mentioned.

24
00:01:09,180 --> 00:01:11,940
‫So on top of having a one-to-one mapping

25
00:01:11,940 --> 00:01:15,120
‫between the API Gateway and the OpenAPI spec

26
00:01:15,120 --> 00:01:19,800
‫you can use the OpenAPI spec to perform request validation

27
00:01:19,800 --> 00:01:21,810
‫within your API gateway.

28
00:01:21,810 --> 00:01:23,040
‫So the idea is that,

29
00:01:23,040 --> 00:01:27,930
‫instead of just sending a payload as is to your backend,

30
00:01:27,930 --> 00:01:32,040
‫API Gateway can verify if it corresponds to a proper schema.

31
00:01:32,040 --> 00:01:34,590
‫And so in case it doesn't correspond

32
00:01:34,590 --> 00:01:36,330
‫to the correct validation,

33
00:01:36,330 --> 00:01:39,330
‫the caller gets directly a 400 error

34
00:01:39,330 --> 00:01:43,140
‫and that reduces unnecessary call to the backend.

35
00:01:43,140 --> 00:01:46,020
‫So you can check whether or not the request parameters

36
00:01:46,020 --> 00:01:48,780
‫are in the URI, the query strings,

37
00:01:48,780 --> 00:01:52,260
‫you can test for headers that are present or not,

38
00:01:52,260 --> 00:01:54,060
‫and that they're non-blank.

39
00:01:54,060 --> 00:01:56,370
‫And then you can also have a look whether or not

40
00:01:56,370 --> 00:02:00,390
‫the payload adheres to a specified JSON Schema model

41
00:02:00,390 --> 00:02:01,980
‫for the method.

42
00:02:01,980 --> 00:02:03,660
‫So all now you can just verify

43
00:02:03,660 --> 00:02:06,390
‫that your backend will not have any issues

44
00:02:06,390 --> 00:02:09,990
‫with parsing and using that payload.

45
00:02:09,990 --> 00:02:11,280
‫So how do we do this?

46
00:02:11,280 --> 00:02:14,700
‫Well, we set up an OpenAPI definitions file,

47
00:02:14,700 --> 00:02:19,700
‫and in it we have an x-amazon-apigateway-request-validator.

48
00:02:20,460 --> 00:02:23,250
‫And here we can define what we want to validate,

49
00:02:23,250 --> 00:02:26,160
‫the body, the parameters on all methods, on some methods,

50
00:02:26,160 --> 00:02:27,090
‫and so on.

51
00:02:27,090 --> 00:02:29,340
‫So you can enable params-only validator

52
00:02:29,340 --> 00:02:31,980
‫on all API methods, or you can, for example,

53
00:02:31,980 --> 00:02:36,960
‫enable all validators on just a POST /validation method,

54
00:02:36,960 --> 00:02:38,280
‫or whatever method you want.

55
00:02:38,280 --> 00:02:41,310
‫So you're really free to verify whatever you want

56
00:02:41,310 --> 00:02:42,780
‫on your API.

57
00:02:42,780 --> 00:02:43,680
‫So hopefully that makes sense.

58
00:02:43,680 --> 00:02:44,513
‫Hopefully you see the power

59
00:02:44,513 --> 00:02:47,520
‫of using OpenAPI with the API Gateway.

60
00:02:47,520 --> 00:02:50,763
‫I hope you liked it, and I will see you in the next lecture.