Use API key to protect your REST API in AWS API Gateway
This post is a follow up of another post which talks about how to how to use API Gateway to connect to DynamoDB.
It seems HTTP API has no this option using API key while it can be protected by IAM role authentication and other approaches.
1 Choose the method to protect and click on “Method Request”.
2 Select “true” to “API Key Required”
Remember to click the “Check” mark to actually “Modify” it. Then “Deploy” the API after this change.
You receive forbidden message if calling this API now from Postman.
3 Create API keys
Choose “API Keys” from left side navigation, and use “Create API Key” from “Actions” to create API key called “customer_api_key”.
After clicking “Save” you can now view the generated API key. Take note of the key.
4 Create “Usage Plan” to combine resource and API key with different throttling and quota settings
For example we can create “VIP Customer Plan” for specific resource/APIs with higher throttling and quota settings and then authorize requests with API keys.
4.1 Create usage plan setting throttling and quota
4.2 Specify resource/api for this usage plan
5 Test API Key protected endpoint
Specify “x-api-key” in request header so you can successfully add new customer to DynamoDB.
Without API Key the request will be rejected with 403 Forbidden error.
Happy Reading!