You want the lowest cost — about $1.00 vs $3.50 per million requests. Your needs are Lambda or HTTP proxy integrations with JWT, Lambda or IAM authorization. You do not need API keys, request validation, WAF, caching or private endpoints.

You need API keys with usage plans for per-client throttling and quotas. You need AWS WAF, a private (VPC-only) endpoint, or request validation. You need body transformation, response caching, or an edge-optimized endpoint.

REST API vs HTTP API? · Decisions

The verdict

HTTP API is the right default for new APIs — roughly a third of the price per million requests, and it covers the common cases: Lambda and HTTP proxy integrations, JWT / Lambda / IAM authorization, CORS, custom domains. Choose REST API when you specifically need API keys with usage plans, AWS WAF, a private (VPC-only) endpoint, request validation, response caching, an edge-optimized endpoint, or body transformation. The deciding factor: if you need API keys plus usage plans, WAF, or a private endpoint, you must use REST API — HTTP API does not offer them.

Head to head

Criterion	REST API	HTTP API
Price per million requests	$3.50 (first tier)	$1.00 (first tier)
API keys & usage plans	Yes — per-client throttling and quotas	No
AWS WAF integration	Yes	No
Private (VPC-only) endpoint	Yes	No
JWT authorizer	No — use a Lambda authorizer for JWTs	Yes — native
Request validation	Yes	No
Body transformation	Yes — VTL mapping templates	No — parameter mapping only
Response caching	Yes — per-stage	No
Edge-optimized endpoint	Yes	No

When to pick which

Pick HTTP API when

You want the lowest cost — about $1.00 vs $3.50 per million requests.
Your needs are Lambda or HTTP proxy integrations with JWT, Lambda or IAM authorization.
You do not need API keys, request validation, WAF, caching or private endpoints.

Pick REST API when

You need API keys with usage plans for per-client throttling and quotas.
You need AWS WAF, a private (VPC-only) endpoint, or request validation.
You need body transformation, response caching, or an edge-optimized endpoint.

Sources

Choosing between REST APIs and HTTP APIs — https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-vs-rest.html
Amazon API Gateway pricing — https://aws.amazon.com/api-gateway/pricing/
Private REST APIs in API Gateway — https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-private-apis.html
Use AWS WAF to protect REST APIs — https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-control-access-aws-waf.html
JWT authorizers for HTTP APIs — https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-jwt-authorizer.html
Usage plans and API keys for REST APIs — https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html
Cache settings for REST APIs — https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-caching.html

Related instruments