The newly released Amazon API Gateway, although quite limited in its feature set, is important in its validation of layered security for APIs. For application development and delivery (AD&D) pros who are Amazon Web Services (AWS) customers, it provides a platform-native option for limited application connection security. In broader enterprise scenarios, it provides only a small part of what's needed for API security. This brief describes what Amazon API Gateway does, where it fits in the API security landscape, and how AD&D pros should leverage it as part of their solution architectures.