# AWS API Gateway - Usage plans and API keys ## What are usage plans? A ***usage plan*** specifies who can access one or more deployed API stages and methods—and also how much and how fast they can access them. The plan uses API keys to identify API clients and meters access to the associated API stages for each key. It also lets you configure throttling limits and quota limits that are enforced on individual client API keys. ## What are API keys? ***API keys*** are alphanumeric string values that you distribute to application developer customers to grant access to your API. You can use API keys together with [usage plans](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-usage-plans.html) or [Lambda authorizers](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html) to control access to your APIs. API Gateway can generate API keys on your behalf, or you can import them from a [CSV file](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-key-file-format.html). You can generate an API key in API Gateway, or import it into API Gateway from an external source. {% hint style="info" %} Important API key values must be unique. If you try to create two API keys with different names and the same value, API Gateway considers them to be the same API key. An API key can be associated with more than one usage plan. A usage plan can be associated with more than one stage. However, a given API key can only be associated with one usage plan for each stage of your API. {% endhint %} ## What are throttling limit and quota limit? A ***throttling limit*** is a request rate limit that is applied to each API key that you add to the usage plan. You can also set a default method-level throttling limit for an API or set throttling limits for individual API methods. A ***quota limit*** is the maximum number of requests with a given API key that can be submitted within a specified time interval. You can configure individual API methods to require API key authorization based on usage plan configuration. ## A Sample Architecture Diagram From business perspective, you can offer different usage plans to your customers such as “Basic”, “Premium” and define different throttling rates and quotas for these plans. From technical perspective, usage plans provide us to know the maximum rate our infrastructure should handle and plan accordingly. ![](/files/-M_z-qyaLUBU22tkK-6-) ## Best practices for API keys and usage plans Don't rely on API keys as your only means of authentication and authorization for your APIs. For one thing, if you have multiple APIs in a usage plan, a user with a valid API key for one API in that usage plan can access *all* APIs in that usage plan. Instead, use an IAM role, [a Lambda authorizer](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html), or an [Amazon Cognito user pool](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html). If you're using a [developer portal](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-developer-portal.html) to publish your APIs, note that all APIs in a given usage plan are subscribable, even if you haven't made them visible to your customers. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://hahoangv.gitbook.io/aws-services-architectures/aws-api-gateway-usage-plans-and-api-keys.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.