API Gateway Destinations

API Gateway destinations enable Proxylity UDP Gateway to call HTTP/HTTPS endpoints, bridging UDP protocols to REST APIs and web services. This integration unlocks "inside-out" connectivity, allowing UDP traffic to trigger external services outside AWS—from IoT platforms like Adafruit IO to potential integrations with cloud functions, automation platforms, custom webhooks, and enterprise systems.

For comprehensive integration patterns, use cases, and examples, see Integrating Outside AWS.

HTTP API vs REST API

AWS API Gateway offers two API types with different transformation capabilities:

• HTTP API: Lower cost, simpler configuration, minimal transformation. Best when external services can accept Proxylity's JSON packet format directly.
• REST API: Full VTL (Velocity Template Language) support for request/response mapping. Required when transforming to match external API schemas (most common scenario).

Most external integrations use REST API for schema transformation—see the integration guide for VTL examples and detailed comparisons.

Things to know about API Gateway destinations

• The ARN must reference an API Gateway resource with the POST method configured
• API Gateway must have appropriate backend integration configured (HTTP, Lambda, service integration, etc.)
• For external HTTP endpoints, use API Gateway's HTTP integration type pointing to your external URL
• IAM authentication provides fine-grained control over which API Gateway endpoints Proxylity can invoke
• REST API's VTL transformations run before the request reaches the backend, enabling schema adaptation
• API Gateway execution logs can be enabled for debugging request/response transformations
• Use composite destinations with CloudWatch Logs to capture UDP payloads for debugging alongside API Gateway logs
• The payload from Proxylity follows the standard JSON packet format with the Messages array containing request packets
• Responses from API Gateway must include a Replies array with response packet objects to send data back to UDP clients

IAM Security

API Gateway destinations use IAM authentication for fine-grained access control. IAM policies can restrict Proxylity's access to specific API Gateway endpoints, stages, and methods—providing audit trails through CloudTrail.

Example resource-level IAM policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "execute-api:Invoke",
      "Resource": "arn:aws:execute-api:us-east-1:123456789012:abc123xyz/prod/POST/webhook"
    }
  ]
}

For detailed security patterns and least-privilege examples, see the IAM security section of the integration guide.

Common Integration Scenarios

API Gateway destinations enable diverse integration patterns:

• Cross-cloud: GCP Cloud Functions, Azure Functions, Cloud Run services
• Automation: Zapier, Make, IFTTT, n8n workflows
• Custom services: Self-hosted APIs, microservices, partner integrations
• Enterprise: VPC endpoints, on-premises systems via Direct Connect/VPN

See Integrating Outside AWS for detailed use cases, implementation patterns, and real-world examples.

Debugging

Use composite destinations to add CloudWatch Logs alongside your API Gateway destination, capturing original UDP payloads for debugging:

Destinations:
  - Name: external-api
    DestinationArn: "arn:aws:execute-api:us-east-1:123456789012:xyz/prod/POST/webhook"
    Role:
      RoleArn: !GetAtt ApiGatewayRole.Arn
  - Name: debug-logging
    DestinationArn: "arn:aws:logs:us-east-1:123456789012:log-group:/proxylity/udp-payloads"
    Role:
      RoleArn: !GetAtt LoggingRole.Arn

Enable API Gateway execution logs in CloudWatch to see VTL transformations and backend responses. For comprehensive debugging strategies, see the debugging section of the integration guide.

A complete working example integrating UDP with Adafruit IO is available in the udp-to-http folder of our examples repository.