Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

API Key per resource?

0

In API Gateway, is it possible to manage usage of different resources per API Key? Like a given API Key lets you use /resource1 but not /resource2?

Themen
ServerlosFrontend-Web & MobileVernetzung & Bereitstellung von Inhalten
Tags
Amazon API-Gateway
Sprache
English
Kevin
gefragt vor 2 Jahren967 Aufrufe
1 Antwort
0

You can use a Lambda authorizer. The Lambda function will return a different policy to each API key that will specify which endpoints are allowed and which are denied.

Saying that, I am not sure this is the right approach. API keys should not be used for authorization. If you are using a Cognito authorizer, you could use scopes to protect the different endpoints.

profile pictureAWS
EXPERTE
Uri
beantwortet vor 2 Jahren
profile picture
EXPERTE
Gary Mclean
überprüft vor einem Monat
  • Kevin
    vor 2 Jahren

    Oh, I always thought API keys were for authorization. What should they be used for instead?

  • Uri EXPERTE
    vor 2 Jahren

    API Keys should be used for usage plans, i.e., limit the usage by different clients and throttle them if they exceed their quota.

  • Christos S
    vor 2 Jahren

    Hello coming late to the party but I have the same question. I want to limit resource per API key. As I understand from the docs (https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html) I need to provide the api key of the user in the output of the lambda and in usageIdentifierKey property. My question is how am gonna find out which API key belongs to the calling user?

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt