Amazon API Gateway

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

Creates a new domain name.

See also: AWS API Documentation

Request Syntax

client.create_domain_name(
    domainName='string',
    certificateName='string',
    certificateBody='string',
    certificatePrivateKey='string',
    certificateChain='string',
    certificateArn='string',
    regionalCertificateName='string',
    regionalCertificateArn='string',
    endpointConfiguration={
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    tags={
        'string': 'string'
    },
    securityPolicy='TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    endpointAccessMode='BASIC'|'STRICT',
    mutualTlsAuthentication={
        'truststoreUri': 'string',
        'truststoreVersion': 'string'
    },
    ownershipVerificationCertificateArn='string',
    policy='string',
    routingMode='BASE_PATH_MAPPING_ONLY'|'ROUTING_RULE_ONLY'|'ROUTING_RULE_THEN_BASE_PATH_MAPPING'
)

type domainName:

string

param domainName:

[REQUIRED]

The name of the DomainName resource.

type certificateName:

string

param certificateName:

The user-friendly name of the certificate that will be used by edge-optimized endpoint or private endpoint for this domain name.

type certificateBody:

string

param certificateBody:

[Deprecated] The body of the server certificate that will be used by edge-optimized endpoint or private endpoint for this domain name provided by your certificate authority.

type certificatePrivateKey:

string

param certificatePrivateKey:

[Deprecated] Your edge-optimized endpoint's domain name certificate's private key.

type certificateChain:

string

param certificateChain:

[Deprecated] The intermediate certificates and optionally the root certificate, one after the other without any blank lines, used by an edge-optimized endpoint for this domain name. If you include the root certificate, your certificate chain must start with intermediate certificates and end with the root certificate. Use the intermediate certificates that were provided by your certificate authority. Do not include any intermediaries that are not in the chain of trust path.

type certificateArn:

string

param certificateArn:

The reference to an Amazon Web Services-managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.

type regionalCertificateName:

string

param regionalCertificateName:

The user-friendly name of the certificate that will be used by regional endpoint for this domain name.

type regionalCertificateArn:

string

param regionalCertificateArn:

The reference to an Amazon Web Services-managed certificate that will be used by regional endpoint for this domain name. Certificate Manager is the only supported source.

type endpointConfiguration:

dict

param endpointConfiguration:

The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.

• types (list) --

  A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

  • (string) --

    The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

• ipAddressType (string) --

  The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

• vpcEndpointIds (list) --

  A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

  • (string) --

type tags:

dict

param tags:

The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with aws:. The tag value can be up to 256 characters.

• (string) --

  • (string) --

type securityPolicy:

string

param securityPolicy:

The Transport Layer Security (TLS) version + cipher suite for this DomainName.

type endpointAccessMode:

string

param endpointAccessMode:

The endpoint access mode of the DomainName. Only available for DomainNames that use security policies that start with SecurityPolicy_.

type mutualTlsAuthentication:

dict

param mutualTlsAuthentication:

The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API.

• truststoreUri (string) --

  An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

• truststoreVersion (string) --

  The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket

type ownershipVerificationCertificateArn:

string

param ownershipVerificationCertificateArn:

The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the regionalCertificateArn.

type policy:

string

param policy:

A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. Supported only for private custom domain names.

type routingMode:

string

param routingMode:

The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.

rtype:

dict

returns:

Response Syntax

{
    'domainName': 'string',
    'domainNameId': 'string',
    'domainNameArn': 'string',
    'certificateName': 'string',
    'certificateArn': 'string',
    'certificateUploadDate': datetime(2015, 1, 1),
    'regionalDomainName': 'string',
    'regionalHostedZoneId': 'string',
    'regionalCertificateName': 'string',
    'regionalCertificateArn': 'string',
    'distributionDomainName': 'string',
    'distributionHostedZoneId': 'string',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'domainNameStatus': 'AVAILABLE'|'UPDATING'|'PENDING'|'PENDING_CERTIFICATE_REIMPORT'|'PENDING_OWNERSHIP_VERIFICATION'|'FAILED',
    'domainNameStatusMessage': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'tags': {
        'string': 'string'
    },
    'mutualTlsAuthentication': {
        'truststoreUri': 'string',
        'truststoreVersion': 'string',
        'truststoreWarnings': [
            'string',
        ]
    },
    'ownershipVerificationCertificateArn': 'string',
    'managementPolicy': 'string',
    'policy': 'string',
    'routingMode': 'BASE_PATH_MAPPING_ONLY'|'ROUTING_RULE_ONLY'|'ROUTING_RULE_THEN_BASE_PATH_MAPPING'
}

Response Structure

• (dict) --

  Represents a custom domain name as a user-friendly host name of an API (RestApi).

  • domainName (string) --

    The custom domain name as an API host name, for example, my-api.example.com.

  • domainNameId (string) --

    The identifier for the domain name resource. Supported only for private custom domain names.

  • domainNameArn (string) --

    The ARN of the domain name.

  • certificateName (string) --

    The name of the certificate that will be used by edge-optimized endpoint or private endpoint for this domain name.

  • certificateArn (string) --

    The reference to an Amazon Web Services-managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.

  • certificateUploadDate (datetime) --

    The timestamp when the certificate that was used by edge-optimized endpoint or private endpoint for this domain name was uploaded.

  • regionalDomainName (string) --

    The domain name associated with the regional endpoint for this custom domain name. You set up this association by adding a DNS record that points the custom domain name to this regional domain name. The regional domain name is returned by API Gateway when you create a regional endpoint.

  • regionalHostedZoneId (string) --

    The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

  • regionalCertificateName (string) --

    The name of the certificate that will be used for validating the regional domain name.

  • regionalCertificateArn (string) --

    The reference to an Amazon Web Services-managed certificate that will be used for validating the regional domain name. Certificate Manager is the only supported source.

  • distributionDomainName (string) --

    The domain name of the Amazon CloudFront distribution associated with this custom domain name for an edge-optimized endpoint. You set up this association when adding a DNS record pointing the custom domain name to this distribution name. For more information about CloudFront distributions, see the Amazon CloudFront documentation.

  • distributionHostedZoneId (string) --

    The region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The valid value is Z2FDTNDATAQYW2 for all the regions. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

  • endpointConfiguration (dict) --

    The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • domainNameStatus (string) --

    The status of the DomainName migration. The valid values are AVAILABLE and UPDATING. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

  • domainNameStatusMessage (string) --

    An optional text message containing detailed information about status of the DomainName migration.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this DomainName.

  • endpointAccessMode (string) --

    The endpoint access mode of the DomainName.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • mutualTlsAuthentication (dict) --

    The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API.

    • truststoreUri (string) --

      An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

    • truststoreVersion (string) --

      The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

    • truststoreWarnings (list) --

      A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. Mutual TLS is still enabled, but some clients might not be able to access your API. To resolve warnings, upload a new truststore to S3, and then update you domain name to use the new version.

      • (string) --

  • ownershipVerificationCertificateArn (string) --

    The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the regionalCertificateArn.

  • managementPolicy (string) --

    A stringified JSON policy document that applies to the API Gateway Management service for this DomainName. This policy document controls access for access association sources to create domain name access associations with this DomainName. Supported only for private custom domain names.

  • policy (string) --

    A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. Supported only for private custom domain names.

  • routingMode (string) --

    The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

Creates a new RestApi resource.

See also: AWS API Documentation

Request Syntax

client.create_rest_api(
    name='string',
    description='string',
    version='string',
    cloneFrom='string',
    binaryMediaTypes=[
        'string',
    ],
    minimumCompressionSize=123,
    apiKeySource='HEADER'|'AUTHORIZER',
    endpointConfiguration={
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    policy='string',
    tags={
        'string': 'string'
    },
    disableExecuteApiEndpoint=True|False,
    securityPolicy='TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    endpointAccessMode='BASIC'|'STRICT'
)

type name:

string

param name:

[REQUIRED]

The name of the RestApi.

type description:

string

param description:

The description of the RestApi.

type version:

string

param version:

A version identifier for the API.

type cloneFrom:

string

param cloneFrom:

The ID of the RestApi that you want to clone from.

type binaryMediaTypes:

list

param binaryMediaTypes:

The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.

• (string) --

type minimumCompressionSize:

integer

param minimumCompressionSize:

A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.

type apiKeySource:

string

param apiKeySource:

The source of the API key for metering requests according to a usage plan. Valid values are: HEADER to read the API key from the X-API-Key header of a request. AUTHORIZER to read the API key from the UsageIdentifierKey from a custom authorizer.

type endpointConfiguration:

dict

param endpointConfiguration:

The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

• types (list) --

  A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

  • (string) --

    The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

• ipAddressType (string) --

  The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

• vpcEndpointIds (list) --

  A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

  • (string) --

type policy:

string

param policy:

A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.

type tags:

dict

param tags:

The key-value map of strings. The valid character set is [a-zA-Z+-=._:/]. The tag key can be up to 128 characters and must not start with aws:. The tag value can be up to 256 characters.

• (string) --

  • (string) --

type disableExecuteApiEndpoint:

boolean

param disableExecuteApiEndpoint:

Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint

type securityPolicy:

string

param securityPolicy:

The Transport Layer Security (TLS) version + cipher suite for this RestApi.

type endpointAccessMode:

string

param endpointAccessMode:

The endpoint access mode of the RestApi. Only available for RestApis that use security policies that start with SecurityPolicy_.

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'description': 'string',
    'createdDate': datetime(2015, 1, 1),
    'version': 'string',
    'warnings': [
        'string',
    ],
    'binaryMediaTypes': [
        'string',
    ],
    'minimumCompressionSize': 123,
    'apiKeySource': 'HEADER'|'AUTHORIZER',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'policy': 'string',
    'tags': {
        'string': 'string'
    },
    'disableExecuteApiEndpoint': True|False,
    'rootResourceId': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'apiStatus': 'UPDATING'|'AVAILABLE'|'PENDING'|'FAILED',
    'apiStatusMessage': 'string'
}

Response Structure

• (dict) --

  Represents a REST API.

  • id (string) --

    The API's identifier. This identifier is unique across all of your APIs in API Gateway.

  • name (string) --

    The API's name.

  • description (string) --

    The API's description.

  • createdDate (datetime) --

    The timestamp when the API was created.

  • version (string) --

    A version identifier for the API.

  • warnings (list) --

    The warning messages reported when failonwarnings is turned on during API import.

    • (string) --

  • binaryMediaTypes (list) --

    The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.

    • (string) --

  • minimumCompressionSize (integer) --

    A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.

  • apiKeySource (string) --

    The source of the API key for metering requests according to a usage plan. Valid values are: > HEADER to read the API key from the X-API-Key header of a request. AUTHORIZER to read the API key from the UsageIdentifierKey from a custom authorizer.

  • endpointConfiguration (dict) --

    The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • policy (string) --

    A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • disableExecuteApiEndpoint (boolean) --

    Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

  • rootResourceId (string) --

    The API's root resource ID.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this RestApi.

  • endpointAccessMode (string) --

    The endpoint access mode of the RestApi.

  • apiStatus (string) --

    The ApiStatus of the RestApi.

  • apiStatusMessage (string) --

    The status message of the RestApi. When the status message is UPDATING you can still invoke it.

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

Represents a domain name that is contained in a simpler, more intuitive URL that can be called.

See also: AWS API Documentation

Request Syntax

client.get_domain_name(
    domainName='string',
    domainNameId='string'
)

type domainName:

string

param domainName:

[REQUIRED]

The name of the DomainName resource.

type domainNameId:

string

param domainNameId:

The identifier for the domain name resource. Required for private custom domain names.

rtype:

dict

returns:

Response Syntax

{
    'domainName': 'string',
    'domainNameId': 'string',
    'domainNameArn': 'string',
    'certificateName': 'string',
    'certificateArn': 'string',
    'certificateUploadDate': datetime(2015, 1, 1),
    'regionalDomainName': 'string',
    'regionalHostedZoneId': 'string',
    'regionalCertificateName': 'string',
    'regionalCertificateArn': 'string',
    'distributionDomainName': 'string',
    'distributionHostedZoneId': 'string',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'domainNameStatus': 'AVAILABLE'|'UPDATING'|'PENDING'|'PENDING_CERTIFICATE_REIMPORT'|'PENDING_OWNERSHIP_VERIFICATION'|'FAILED',
    'domainNameStatusMessage': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'tags': {
        'string': 'string'
    },
    'mutualTlsAuthentication': {
        'truststoreUri': 'string',
        'truststoreVersion': 'string',
        'truststoreWarnings': [
            'string',
        ]
    },
    'ownershipVerificationCertificateArn': 'string',
    'managementPolicy': 'string',
    'policy': 'string',
    'routingMode': 'BASE_PATH_MAPPING_ONLY'|'ROUTING_RULE_ONLY'|'ROUTING_RULE_THEN_BASE_PATH_MAPPING'
}

Response Structure

• (dict) --

  Represents a custom domain name as a user-friendly host name of an API (RestApi).

  • domainName (string) --

    The custom domain name as an API host name, for example, my-api.example.com.

  • domainNameId (string) --

    The identifier for the domain name resource. Supported only for private custom domain names.

  • domainNameArn (string) --

    The ARN of the domain name.

  • certificateName (string) --

    The name of the certificate that will be used by edge-optimized endpoint or private endpoint for this domain name.

  • certificateArn (string) --

    The reference to an Amazon Web Services-managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.

  • certificateUploadDate (datetime) --

    The timestamp when the certificate that was used by edge-optimized endpoint or private endpoint for this domain name was uploaded.

  • regionalDomainName (string) --

    The domain name associated with the regional endpoint for this custom domain name. You set up this association by adding a DNS record that points the custom domain name to this regional domain name. The regional domain name is returned by API Gateway when you create a regional endpoint.

  • regionalHostedZoneId (string) --

    The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

  • regionalCertificateName (string) --

    The name of the certificate that will be used for validating the regional domain name.

  • regionalCertificateArn (string) --

    The reference to an Amazon Web Services-managed certificate that will be used for validating the regional domain name. Certificate Manager is the only supported source.

  • distributionDomainName (string) --

    The domain name of the Amazon CloudFront distribution associated with this custom domain name for an edge-optimized endpoint. You set up this association when adding a DNS record pointing the custom domain name to this distribution name. For more information about CloudFront distributions, see the Amazon CloudFront documentation.

  • distributionHostedZoneId (string) --

    The region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The valid value is Z2FDTNDATAQYW2 for all the regions. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

  • endpointConfiguration (dict) --

    The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • domainNameStatus (string) --

    The status of the DomainName migration. The valid values are AVAILABLE and UPDATING. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

  • domainNameStatusMessage (string) --

    An optional text message containing detailed information about status of the DomainName migration.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this DomainName.

  • endpointAccessMode (string) --

    The endpoint access mode of the DomainName.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • mutualTlsAuthentication (dict) --

    The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API.

    • truststoreUri (string) --

      An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

    • truststoreVersion (string) --

      The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

    • truststoreWarnings (list) --

      A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. Mutual TLS is still enabled, but some clients might not be able to access your API. To resolve warnings, upload a new truststore to S3, and then update you domain name to use the new version.

      • (string) --

  • ownershipVerificationCertificateArn (string) --

    The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the regionalCertificateArn.

  • managementPolicy (string) --

    A stringified JSON policy document that applies to the API Gateway Management service for this DomainName. This policy document controls access for access association sources to create domain name access associations with this DomainName. Supported only for private custom domain names.

  • policy (string) --

    A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. Supported only for private custom domain names.

  • routingMode (string) --

    The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.

{'items': {'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}}

Represents a collection of DomainName resources.

See also: AWS API Documentation

Request Syntax

client.get_domain_names(
    position='string',
    limit=123,
    resourceOwner='SELF'|'OTHER_ACCOUNTS'
)

type position:

string

param position:

The current pagination position in the paged result set.

type limit:

integer

param limit:

The maximum number of returned results per page. The default value is 25 and the maximum value is 500.

type resourceOwner:

string

param resourceOwner:

The owner of the domain name access association.

rtype:

dict

returns:

Response Syntax

{
    'position': 'string',
    'items': [
        {
            'domainName': 'string',
            'domainNameId': 'string',
            'domainNameArn': 'string',
            'certificateName': 'string',
            'certificateArn': 'string',
            'certificateUploadDate': datetime(2015, 1, 1),
            'regionalDomainName': 'string',
            'regionalHostedZoneId': 'string',
            'regionalCertificateName': 'string',
            'regionalCertificateArn': 'string',
            'distributionDomainName': 'string',
            'distributionHostedZoneId': 'string',
            'endpointConfiguration': {
                'types': [
                    'REGIONAL'|'EDGE'|'PRIVATE',
                ],
                'ipAddressType': 'ipv4'|'dualstack',
                'vpcEndpointIds': [
                    'string',
                ]
            },
            'domainNameStatus': 'AVAILABLE'|'UPDATING'|'PENDING'|'PENDING_CERTIFICATE_REIMPORT'|'PENDING_OWNERSHIP_VERIFICATION'|'FAILED',
            'domainNameStatusMessage': 'string',
            'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
            'endpointAccessMode': 'BASIC'|'STRICT',
            'tags': {
                'string': 'string'
            },
            'mutualTlsAuthentication': {
                'truststoreUri': 'string',
                'truststoreVersion': 'string',
                'truststoreWarnings': [
                    'string',
                ]
            },
            'ownershipVerificationCertificateArn': 'string',
            'managementPolicy': 'string',
            'policy': 'string',
            'routingMode': 'BASE_PATH_MAPPING_ONLY'|'ROUTING_RULE_ONLY'|'ROUTING_RULE_THEN_BASE_PATH_MAPPING'
        },
    ]
}

Response Structure

• (dict) --

  Represents a collection of DomainName resources.

  • position (string) --

  • items (list) --

    The current page of elements from this collection.

    • (dict) --

      Represents a custom domain name as a user-friendly host name of an API (RestApi).

      • domainName (string) --

        The custom domain name as an API host name, for example, my-api.example.com.

      • domainNameId (string) --

        The identifier for the domain name resource. Supported only for private custom domain names.

      • domainNameArn (string) --

        The ARN of the domain name.

      • certificateName (string) --

        The name of the certificate that will be used by edge-optimized endpoint or private endpoint for this domain name.

      • certificateArn (string) --

        The reference to an Amazon Web Services-managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.

      • certificateUploadDate (datetime) --

        The timestamp when the certificate that was used by edge-optimized endpoint or private endpoint for this domain name was uploaded.

      • regionalDomainName (string) --

        The domain name associated with the regional endpoint for this custom domain name. You set up this association by adding a DNS record that points the custom domain name to this regional domain name. The regional domain name is returned by API Gateway when you create a regional endpoint.

      • regionalHostedZoneId (string) --

        The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

      • regionalCertificateName (string) --

        The name of the certificate that will be used for validating the regional domain name.

      • regionalCertificateArn (string) --

        The reference to an Amazon Web Services-managed certificate that will be used for validating the regional domain name. Certificate Manager is the only supported source.

      • distributionDomainName (string) --

        The domain name of the Amazon CloudFront distribution associated with this custom domain name for an edge-optimized endpoint. You set up this association when adding a DNS record pointing the custom domain name to this distribution name. For more information about CloudFront distributions, see the Amazon CloudFront documentation.

      • distributionHostedZoneId (string) --

        The region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The valid value is Z2FDTNDATAQYW2 for all the regions. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

      • endpointConfiguration (dict) --

        The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.

        • types (list) --

          A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

          • (string) --

            The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

        • ipAddressType (string) --

          The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

        • vpcEndpointIds (list) --

          A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

          • (string) --

      • domainNameStatus (string) --

        The status of the DomainName migration. The valid values are AVAILABLE and UPDATING. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

      • domainNameStatusMessage (string) --

        An optional text message containing detailed information about status of the DomainName migration.

      • securityPolicy (string) --

        The Transport Layer Security (TLS) version + cipher suite for this DomainName.

      • endpointAccessMode (string) --

        The endpoint access mode of the DomainName.

      • tags (dict) --

        The collection of tags. Each tag element is associated with a given resource.

        • (string) --

          • (string) --

      • mutualTlsAuthentication (dict) --

        The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API.

        • truststoreUri (string) --

          An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

        • truststoreVersion (string) --

          The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

        • truststoreWarnings (list) --

          A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. Mutual TLS is still enabled, but some clients might not be able to access your API. To resolve warnings, upload a new truststore to S3, and then update you domain name to use the new version.

          • (string) --

      • ownershipVerificationCertificateArn (string) --

        The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the regionalCertificateArn.

      • managementPolicy (string) --

        A stringified JSON policy document that applies to the API Gateway Management service for this DomainName. This policy document controls access for access association sources to create domain name access associations with this DomainName. Supported only for private custom domain names.

      • policy (string) --

        A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. Supported only for private custom domain names.

      • routingMode (string) --

        The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

Lists the RestApi resource in the collection.

See also: AWS API Documentation

Request Syntax

client.get_rest_api(
    restApiId='string'
)

type restApiId:

string

param restApiId:

[REQUIRED]

The string identifier of the associated RestApi.

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'description': 'string',
    'createdDate': datetime(2015, 1, 1),
    'version': 'string',
    'warnings': [
        'string',
    ],
    'binaryMediaTypes': [
        'string',
    ],
    'minimumCompressionSize': 123,
    'apiKeySource': 'HEADER'|'AUTHORIZER',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'policy': 'string',
    'tags': {
        'string': 'string'
    },
    'disableExecuteApiEndpoint': True|False,
    'rootResourceId': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'apiStatus': 'UPDATING'|'AVAILABLE'|'PENDING'|'FAILED',
    'apiStatusMessage': 'string'
}

Response Structure

• (dict) --

  Represents a REST API.

  • id (string) --

    The API's identifier. This identifier is unique across all of your APIs in API Gateway.

  • name (string) --

    The API's name.

  • description (string) --

    The API's description.

  • createdDate (datetime) --

    The timestamp when the API was created.

  • version (string) --

    A version identifier for the API.

  • warnings (list) --

    The warning messages reported when failonwarnings is turned on during API import.

    • (string) --

  • binaryMediaTypes (list) --

    The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.

    • (string) --

  • minimumCompressionSize (integer) --

    A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.

  • apiKeySource (string) --

    The source of the API key for metering requests according to a usage plan. Valid values are: > HEADER to read the API key from the X-API-Key header of a request. AUTHORIZER to read the API key from the UsageIdentifierKey from a custom authorizer.

  • endpointConfiguration (dict) --

    The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • policy (string) --

    A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • disableExecuteApiEndpoint (boolean) --

    Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

  • rootResourceId (string) --

    The API's root resource ID.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this RestApi.

  • endpointAccessMode (string) --

    The endpoint access mode of the RestApi.

  • apiStatus (string) --

    The ApiStatus of the RestApi.

  • apiStatusMessage (string) --

    The status message of the RestApi. When the status message is UPDATING you can still invoke it.

{'items': {'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}}

Lists the RestApis resources for your collection.

See also: AWS API Documentation

Request Syntax

client.get_rest_apis(
    position='string',
    limit=123
)

type position:

string

param position:

The current pagination position in the paged result set.

type limit:

integer

param limit:

The maximum number of returned results per page. The default value is 25 and the maximum value is 500.

rtype:

dict

returns:

Response Syntax

{
    'position': 'string',
    'items': [
        {
            'id': 'string',
            'name': 'string',
            'description': 'string',
            'createdDate': datetime(2015, 1, 1),
            'version': 'string',
            'warnings': [
                'string',
            ],
            'binaryMediaTypes': [
                'string',
            ],
            'minimumCompressionSize': 123,
            'apiKeySource': 'HEADER'|'AUTHORIZER',
            'endpointConfiguration': {
                'types': [
                    'REGIONAL'|'EDGE'|'PRIVATE',
                ],
                'ipAddressType': 'ipv4'|'dualstack',
                'vpcEndpointIds': [
                    'string',
                ]
            },
            'policy': 'string',
            'tags': {
                'string': 'string'
            },
            'disableExecuteApiEndpoint': True|False,
            'rootResourceId': 'string',
            'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
            'endpointAccessMode': 'BASIC'|'STRICT',
            'apiStatus': 'UPDATING'|'AVAILABLE'|'PENDING'|'FAILED',
            'apiStatusMessage': 'string'
        },
    ]
}

Response Structure

• (dict) --

  Contains references to your APIs and links that guide you in how to interact with your collection. A collection offers a paginated view of your APIs.

  • position (string) --

  • items (list) --

    The current page of elements from this collection.

    • (dict) --

      Represents a REST API.

      • id (string) --

        The API's identifier. This identifier is unique across all of your APIs in API Gateway.

      • name (string) --

        The API's name.

      • description (string) --

        The API's description.

      • createdDate (datetime) --

        The timestamp when the API was created.

      • version (string) --

        A version identifier for the API.

      • warnings (list) --

        The warning messages reported when failonwarnings is turned on during API import.

        • (string) --

      • binaryMediaTypes (list) --

        The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.

        • (string) --

      • minimumCompressionSize (integer) --

        A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.

      • apiKeySource (string) --

        The source of the API key for metering requests according to a usage plan. Valid values are: > HEADER to read the API key from the X-API-Key header of a request. AUTHORIZER to read the API key from the UsageIdentifierKey from a custom authorizer.

      • endpointConfiguration (dict) --

        The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

        • types (list) --

          A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

          • (string) --

            The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

        • ipAddressType (string) --

          The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

        • vpcEndpointIds (list) --

          A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

          • (string) --

      • policy (string) --

        A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.

      • tags (dict) --

        The collection of tags. Each tag element is associated with a given resource.

        • (string) --

          • (string) --

      • disableExecuteApiEndpoint (boolean) --

        Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

      • rootResourceId (string) --

        The API's root resource ID.

      • securityPolicy (string) --

        The Transport Layer Security (TLS) version + cipher suite for this RestApi.

      • endpointAccessMode (string) --

        The endpoint access mode of the RestApi.

      • apiStatus (string) --

        The ApiStatus of the RestApi.

      • apiStatusMessage (string) --

        The status message of the RestApi. When the status message is UPDATING you can still invoke it.

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

A feature of the API Gateway control service for creating a new API from an external API definition file.

See also: AWS API Documentation

Request Syntax

client.import_rest_api(
    failOnWarnings=True|False,
    parameters={
        'string': 'string'
    },
    body=b'bytes'|file
)

type failOnWarnings:

boolean

param failOnWarnings:

A query parameter to indicate whether to rollback the API creation ( true) or not ( false) when a warning is encountered. The default value is false.

type parameters:

dict

param parameters:

A key-value map of context-specific query string parameters specifying the behavior of different API importing operations. The following shows operation-specific parameters and their supported values.

To exclude DocumentationParts from the import, set parameters as ignore=documentation.

To configure the endpoint type, set parameters as endpointConfigurationTypes=EDGE, endpointConfigurationTypes=REGIONAL, or endpointConfigurationTypes=PRIVATE. The default endpoint type is EDGE.

To handle imported basepath, set parameters as basepath=ignore, basepath=prepend or basepath=split.

• (string) --

  • (string) --

type body:

bytes or seekable file-like object

param body:

[REQUIRED]

The POST request body containing external API definitions. Currently, only OpenAPI definition JSON/YAML files are supported. The maximum size of the API definition file is 6MB.

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'description': 'string',
    'createdDate': datetime(2015, 1, 1),
    'version': 'string',
    'warnings': [
        'string',
    ],
    'binaryMediaTypes': [
        'string',
    ],
    'minimumCompressionSize': 123,
    'apiKeySource': 'HEADER'|'AUTHORIZER',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'policy': 'string',
    'tags': {
        'string': 'string'
    },
    'disableExecuteApiEndpoint': True|False,
    'rootResourceId': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'apiStatus': 'UPDATING'|'AVAILABLE'|'PENDING'|'FAILED',
    'apiStatusMessage': 'string'
}

Response Structure

• (dict) --

  Represents a REST API.

  • id (string) --

    The API's identifier. This identifier is unique across all of your APIs in API Gateway.

  • name (string) --

    The API's name.

  • description (string) --

    The API's description.

  • createdDate (datetime) --

    The timestamp when the API was created.

  • version (string) --

    A version identifier for the API.

  • warnings (list) --

    The warning messages reported when failonwarnings is turned on during API import.

    • (string) --

  • binaryMediaTypes (list) --

    The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.

    • (string) --

  • minimumCompressionSize (integer) --

    A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.

  • apiKeySource (string) --

    The source of the API key for metering requests according to a usage plan. Valid values are: > HEADER to read the API key from the X-API-Key header of a request. AUTHORIZER to read the API key from the UsageIdentifierKey from a custom authorizer.

  • endpointConfiguration (dict) --

    The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • policy (string) --

    A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • disableExecuteApiEndpoint (boolean) --

    Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

  • rootResourceId (string) --

    The API's root resource ID.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this RestApi.

  • endpointAccessMode (string) --

    The endpoint access mode of the RestApi.

  • apiStatus (string) --

    The ApiStatus of the RestApi.

  • apiStatusMessage (string) --

    The status message of the RestApi. When the status message is UPDATING you can still invoke it.

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

A feature of the API Gateway control service for updating an existing API with an input of external API definitions. The update can take the form of merging the supplied definition into the existing API or overwriting the existing API.

See also: AWS API Documentation

Request Syntax

client.put_rest_api(
    restApiId='string',
    mode='merge'|'overwrite',
    failOnWarnings=True|False,
    parameters={
        'string': 'string'
    },
    body=b'bytes'|file
)

type restApiId:

string

param restApiId:

[REQUIRED]

The string identifier of the associated RestApi.

type mode:

string

param mode:

The mode query parameter to specify the update mode. Valid values are "merge" and "overwrite". By default, the update mode is "merge".

type failOnWarnings:

boolean

param failOnWarnings:

A query parameter to indicate whether to rollback the API update ( true) or not ( false) when a warning is encountered. The default value is false.

type parameters:

dict

param parameters:

Custom header parameters as part of the request. For example, to exclude DocumentationParts from an imported API, set ignore=documentation as a parameters value, as in the AWS CLI command of aws apigateway import-rest-api --parameters ignore=documentation --body 'file:///path/to/imported-api-body.json'.

• (string) --

  • (string) --

type body:

bytes or seekable file-like object

param body:

[REQUIRED]

The PUT request body containing external API definitions. Currently, only OpenAPI definition JSON/YAML files are supported. The maximum size of the API definition file is 6MB.

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'description': 'string',
    'createdDate': datetime(2015, 1, 1),
    'version': 'string',
    'warnings': [
        'string',
    ],
    'binaryMediaTypes': [
        'string',
    ],
    'minimumCompressionSize': 123,
    'apiKeySource': 'HEADER'|'AUTHORIZER',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'policy': 'string',
    'tags': {
        'string': 'string'
    },
    'disableExecuteApiEndpoint': True|False,
    'rootResourceId': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'apiStatus': 'UPDATING'|'AVAILABLE'|'PENDING'|'FAILED',
    'apiStatusMessage': 'string'
}

Response Structure

• (dict) --

  Represents a REST API.

  • id (string) --

    The API's identifier. This identifier is unique across all of your APIs in API Gateway.

  • name (string) --

    The API's name.

  • description (string) --

    The API's description.

  • createdDate (datetime) --

    The timestamp when the API was created.

  • version (string) --

    A version identifier for the API.

  • warnings (list) --

    The warning messages reported when failonwarnings is turned on during API import.

    • (string) --

  • binaryMediaTypes (list) --

    The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.

    • (string) --

  • minimumCompressionSize (integer) --

    A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.

  • apiKeySource (string) --

    The source of the API key for metering requests according to a usage plan. Valid values are: > HEADER to read the API key from the X-API-Key header of a request. AUTHORIZER to read the API key from the UsageIdentifierKey from a custom authorizer.

  • endpointConfiguration (dict) --

    The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • policy (string) --

    A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • disableExecuteApiEndpoint (boolean) --

    Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

  • rootResourceId (string) --

    The API's root resource ID.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this RestApi.

  • endpointAccessMode (string) --

    The endpoint access mode of the RestApi.

  • apiStatus (string) --

    The ApiStatus of the RestApi.

  • apiStatusMessage (string) --

    The status message of the RestApi. When the status message is UPDATING you can still invoke it.

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

Changes information about the DomainName resource.

See also: AWS API Documentation

Request Syntax

client.update_domain_name(
    domainName='string',
    domainNameId='string',
    patchOperations=[
        {
            'op': 'add'|'remove'|'replace'|'move'|'copy'|'test',
            'path': 'string',
            'value': 'string',
            'from': 'string'
        },
    ]
)

type domainName:

string

param domainName:

[REQUIRED]

The name of the DomainName resource to be changed.

type domainNameId:

string

param domainNameId:

The identifier for the domain name resource. Supported only for private custom domain names.

type patchOperations:

list

param patchOperations:

For more information about supported patch operations, see Patch Operations.

• (dict) --

  For more information about supported patch operations, see Patch Operations.

  • op (string) --

    An update operation to be performed with this PATCH request. The valid value can be add, remove, replace or copy. Not all valid operations are supported for a given resource. Support of the operations depends on specific operational contexts. Attempts to apply an unsupported operation on a resource will return an error message..

  • path (string) --

    The op operation's target, as identified by a JSON Pointer value that references a location within the targeted resource. For example, if the target resource has an updateable property of {"name":"value"}, the path for this property is /name. If the name property value is a JSON object (e.g., {"name": {"child/name": "child-value"}}), the path for the child/name property will be /name/child~1name. Any slash ("/") character appearing in path names must be escaped with "~1", as shown in the example above. Each op operation can have only one path associated with it.

  • value (string) --

    The new target value of the update operation. It is applicable for the add or replace operation. When using AWS CLI to update a property of a JSON value, enclose the JSON object with a pair of single quotes in a Linux shell, e.g., '{"a": ...}'.

  • from (string) --

    The copy update operation's source as identified by a JSON-Pointer value referencing the location within the targeted resource to copy the value from. For example, to promote a canary deployment, you copy the canary deployment ID to the affiliated deployment ID by calling a PATCH request on a Stage resource with "op":"copy", "from":"/canarySettings/deploymentId" and "path":"/deploymentId".

rtype:

dict

returns:

Response Syntax

{
    'domainName': 'string',
    'domainNameId': 'string',
    'domainNameArn': 'string',
    'certificateName': 'string',
    'certificateArn': 'string',
    'certificateUploadDate': datetime(2015, 1, 1),
    'regionalDomainName': 'string',
    'regionalHostedZoneId': 'string',
    'regionalCertificateName': 'string',
    'regionalCertificateArn': 'string',
    'distributionDomainName': 'string',
    'distributionHostedZoneId': 'string',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'domainNameStatus': 'AVAILABLE'|'UPDATING'|'PENDING'|'PENDING_CERTIFICATE_REIMPORT'|'PENDING_OWNERSHIP_VERIFICATION'|'FAILED',
    'domainNameStatusMessage': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'tags': {
        'string': 'string'
    },
    'mutualTlsAuthentication': {
        'truststoreUri': 'string',
        'truststoreVersion': 'string',
        'truststoreWarnings': [
            'string',
        ]
    },
    'ownershipVerificationCertificateArn': 'string',
    'managementPolicy': 'string',
    'policy': 'string',
    'routingMode': 'BASE_PATH_MAPPING_ONLY'|'ROUTING_RULE_ONLY'|'ROUTING_RULE_THEN_BASE_PATH_MAPPING'
}

Response Structure

• (dict) --

  Represents a custom domain name as a user-friendly host name of an API (RestApi).

  • domainName (string) --

    The custom domain name as an API host name, for example, my-api.example.com.

  • domainNameId (string) --

    The identifier for the domain name resource. Supported only for private custom domain names.

  • domainNameArn (string) --

    The ARN of the domain name.

  • certificateName (string) --

    The name of the certificate that will be used by edge-optimized endpoint or private endpoint for this domain name.

  • certificateArn (string) --

    The reference to an Amazon Web Services-managed certificate that will be used by edge-optimized endpoint or private endpoint for this domain name. Certificate Manager is the only supported source.

  • certificateUploadDate (datetime) --

    The timestamp when the certificate that was used by edge-optimized endpoint or private endpoint for this domain name was uploaded.

  • regionalDomainName (string) --

    The domain name associated with the regional endpoint for this custom domain name. You set up this association by adding a DNS record that points the custom domain name to this regional domain name. The regional domain name is returned by API Gateway when you create a regional endpoint.

  • regionalHostedZoneId (string) --

    The region-specific Amazon Route 53 Hosted Zone ID of the regional endpoint. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

  • regionalCertificateName (string) --

    The name of the certificate that will be used for validating the regional domain name.

  • regionalCertificateArn (string) --

    The reference to an Amazon Web Services-managed certificate that will be used for validating the regional domain name. Certificate Manager is the only supported source.

  • distributionDomainName (string) --

    The domain name of the Amazon CloudFront distribution associated with this custom domain name for an edge-optimized endpoint. You set up this association when adding a DNS record pointing the custom domain name to this distribution name. For more information about CloudFront distributions, see the Amazon CloudFront documentation.

  • distributionHostedZoneId (string) --

    The region-agnostic Amazon Route 53 Hosted Zone ID of the edge-optimized endpoint. The valid value is Z2FDTNDATAQYW2 for all the regions. For more information, see Set up a Regional Custom Domain Name and AWS Regions and Endpoints for API Gateway.

  • endpointConfiguration (dict) --

    The endpoint configuration of this DomainName showing the endpoint types and IP address types of the domain name.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • domainNameStatus (string) --

    The status of the DomainName migration. The valid values are AVAILABLE and UPDATING. If the status is UPDATING, the domain cannot be modified further until the existing operation is complete. If it is AVAILABLE, the domain can be updated.

  • domainNameStatusMessage (string) --

    An optional text message containing detailed information about status of the DomainName migration.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this DomainName.

  • endpointAccessMode (string) --

    The endpoint access mode of the DomainName.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • mutualTlsAuthentication (dict) --

    The mutual TLS authentication configuration for a custom domain name. If specified, API Gateway performs two-way authentication between the client and the server. Clients must present a trusted certificate to access your API.

    • truststoreUri (string) --

      An Amazon S3 URL that specifies the truststore for mutual TLS authentication, for example s3://bucket-name/key-name. The truststore can contain certificates from public or private certificate authorities. To update the truststore, upload a new version to S3, and then update your custom domain name to use the new version. To update the truststore, you must have permissions to access the S3 object.

    • truststoreVersion (string) --

      The version of the S3 object that contains your truststore. To specify a version, you must have versioning enabled for the S3 bucket.

    • truststoreWarnings (list) --

      A list of warnings that API Gateway returns while processing your truststore. Invalid certificates produce warnings. Mutual TLS is still enabled, but some clients might not be able to access your API. To resolve warnings, upload a new truststore to S3, and then update you domain name to use the new version.

      • (string) --

  • ownershipVerificationCertificateArn (string) --

    The ARN of the public certificate issued by ACM to validate ownership of your custom domain. Only required when configuring mutual TLS and using an ACM imported or private CA certificate ARN as the regionalCertificateArn.

  • managementPolicy (string) --

    A stringified JSON policy document that applies to the API Gateway Management service for this DomainName. This policy document controls access for access association sources to create domain name access associations with this DomainName. Supported only for private custom domain names.

  • policy (string) --

    A stringified JSON policy document that applies to the execute-api service for this DomainName regardless of the caller and Method configuration. Supported only for private custom domain names.

  • routingMode (string) --

    The routing mode for this domain name. The routing mode determines how API Gateway sends traffic from your custom domain name to your private APIs.

{'securityPolicy': {'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'}}

Changes information about the specified API.

See also: AWS API Documentation

Request Syntax

client.update_rest_api(
    restApiId='string',
    patchOperations=[
        {
            'op': 'add'|'remove'|'replace'|'move'|'copy'|'test',
            'path': 'string',
            'value': 'string',
            'from': 'string'
        },
    ]
)

type restApiId:

string

param restApiId:

[REQUIRED]

The string identifier of the associated RestApi.

type patchOperations:

list

param patchOperations:

For more information about supported patch operations, see Patch Operations.

• (dict) --

  For more information about supported patch operations, see Patch Operations.

  • op (string) --

    An update operation to be performed with this PATCH request. The valid value can be add, remove, replace or copy. Not all valid operations are supported for a given resource. Support of the operations depends on specific operational contexts. Attempts to apply an unsupported operation on a resource will return an error message..

  • path (string) --

    The op operation's target, as identified by a JSON Pointer value that references a location within the targeted resource. For example, if the target resource has an updateable property of {"name":"value"}, the path for this property is /name. If the name property value is a JSON object (e.g., {"name": {"child/name": "child-value"}}), the path for the child/name property will be /name/child~1name. Any slash ("/") character appearing in path names must be escaped with "~1", as shown in the example above. Each op operation can have only one path associated with it.

  • value (string) --

    The new target value of the update operation. It is applicable for the add or replace operation. When using AWS CLI to update a property of a JSON value, enclose the JSON object with a pair of single quotes in a Linux shell, e.g., '{"a": ...}'.

  • from (string) --

    The copy update operation's source as identified by a JSON-Pointer value referencing the location within the targeted resource to copy the value from. For example, to promote a canary deployment, you copy the canary deployment ID to the affiliated deployment ID by calling a PATCH request on a Stage resource with "op":"copy", "from":"/canarySettings/deploymentId" and "path":"/deploymentId".

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'description': 'string',
    'createdDate': datetime(2015, 1, 1),
    'version': 'string',
    'warnings': [
        'string',
    ],
    'binaryMediaTypes': [
        'string',
    ],
    'minimumCompressionSize': 123,
    'apiKeySource': 'HEADER'|'AUTHORIZER',
    'endpointConfiguration': {
        'types': [
            'REGIONAL'|'EDGE'|'PRIVATE',
        ],
        'ipAddressType': 'ipv4'|'dualstack',
        'vpcEndpointIds': [
            'string',
        ]
    },
    'policy': 'string',
    'tags': {
        'string': 'string'
    },
    'disableExecuteApiEndpoint': True|False,
    'rootResourceId': 'string',
    'securityPolicy': 'TLS_1_0'|'TLS_1_2'|'SecurityPolicy_TLS13_1_3_2025_09'|'SecurityPolicy_TLS13_1_3_FIPS_2025_09'|'SecurityPolicy_TLS13_1_2_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_FIPS_PFS_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_PQ_2025_09'|'SecurityPolicy_TLS13_1_2_2021_06'|'SecurityPolicy_TLS13_2025_EDGE'|'SecurityPolicy_TLS12_PFS_2025_EDGE'|'SecurityPolicy_TLS12_2018_EDGE',
    'endpointAccessMode': 'BASIC'|'STRICT',
    'apiStatus': 'UPDATING'|'AVAILABLE'|'PENDING'|'FAILED',
    'apiStatusMessage': 'string'
}

Response Structure

• (dict) --

  Represents a REST API.

  • id (string) --

    The API's identifier. This identifier is unique across all of your APIs in API Gateway.

  • name (string) --

    The API's name.

  • description (string) --

    The API's description.

  • createdDate (datetime) --

    The timestamp when the API was created.

  • version (string) --

    A version identifier for the API.

  • warnings (list) --

    The warning messages reported when failonwarnings is turned on during API import.

    • (string) --

  • binaryMediaTypes (list) --

    The list of binary media types supported by the RestApi. By default, the RestApi supports only UTF-8-encoded text payloads.

    • (string) --

  • minimumCompressionSize (integer) --

    A nullable integer that is used to enable compression (with non-negative between 0 and 10485760 (10M) bytes, inclusive) or disable compression (with a null value) on an API. When compression is enabled, compression or decompression is not applied on the payload if the payload size is smaller than this value. Setting it to zero allows compression for any payload size.

  • apiKeySource (string) --

    The source of the API key for metering requests according to a usage plan. Valid values are: > HEADER to read the API key from the X-API-Key header of a request. AUTHORIZER to read the API key from the UsageIdentifierKey from a custom authorizer.

  • endpointConfiguration (dict) --

    The endpoint configuration of this RestApi showing the endpoint types and IP address types of the API.

    • types (list) --

      A list of endpoint types of an API (RestApi) or its custom domain name (DomainName). For an edge-optimized API and its custom domain name, the endpoint type is "EDGE". For a regional API and its custom domain name, the endpoint type is REGIONAL. For a private API, the endpoint type is PRIVATE.

      • (string) --

        The endpoint type. The valid values are EDGE for edge-optimized API setup, most suitable for mobile applications; REGIONAL for regional API endpoint setup, most suitable for calling from AWS Region; and PRIVATE for private APIs.

    • ipAddressType (string) --

      The IP address types that can invoke an API (RestApi) or a DomainName. Use ipv4 to allow only IPv4 addresses to invoke an API or DomainName, or use dualstack to allow both IPv4 and IPv6 addresses to invoke an API or a DomainName. For the PRIVATE endpoint type, only dualstack is supported.

    • vpcEndpointIds (list) --

      A list of VpcEndpointIds of an API (RestApi) against which to create Route53 ALIASes. It is only supported for PRIVATE endpoint type.

      • (string) --

  • policy (string) --

    A stringified JSON policy document that applies to this RestApi regardless of the caller and Method configuration.

  • tags (dict) --

    The collection of tags. Each tag element is associated with a given resource.

    • (string) --

      • (string) --

  • disableExecuteApiEndpoint (boolean) --

    Specifies whether clients can invoke your API by using the default execute-api endpoint. By default, clients can invoke your API with the default https://{api_id}.execute-api.{region}.amazonaws.com endpoint. To require that clients use a custom domain name to invoke your API, disable the default endpoint.

  • rootResourceId (string) --

    The API's root resource ID.

  • securityPolicy (string) --

    The Transport Layer Security (TLS) version + cipher suite for this RestApi.

  • endpointAccessMode (string) --

    The endpoint access mode of the RestApi.

  • apiStatus (string) --

    The ApiStatus of the RestApi.

  • apiStatusMessage (string) --

    The status message of the RestApi. When the status message is UPDATING you can still invoke it.