Allow a request to an AWS Amplify created REST API only from the public accessibly hosted webpage without user management (unauthenticated request)

The Amplify-hosted website has two fields for the order number and last name. The website calls the Amplify-created REST API with these two values and processes the next steps. There is no user management or other authentification besides the "knowledge" of these two values.

How is the best way that the REST endpoint can only be accessed by the website and not e.g. via postman?

Is a Signature Version 4 call like described here https://medium.com/@jun711.g/how-to-secure-aws-api-gateway-requests-with-signature-version-4-using-aws-amplify-62d79f92966c the only way for an unauthenticated request (https://docs.amplify.aws/lib/restapi/authz/q/platform/js/#unauthenticated-requests)?

Argomenti

Front-end web e dispositivi mobili

Tag

AWS Amplify

Lingua

English

Johannes Konings

posta un anno fa64 visualizzazioni

Nessuna risposta

Più recenti
Maggior numero di voti
Maggior numero di commenti

Contenuto pertinente

Come faccio a risolvere l'errore "The new key policy will not allow you to update the key policy in the future" quando provo a creare una policy della chiave AWS KMS tramite AWS CloudFormation?
AWS UFFICIALEAggiornata 2 anni fa
Come posso risolvere l'errore 502: "The request could not be satisfied" (Impossibile soddisfare la richiesta) di CloudFront?
AWS UFFICIALEAggiornata un anno fa
Come posso risolvere l'errore "403 ERROR - The request could not be satisfied. Bad Request" in CloudFront?
AWS UFFICIALEAggiornata un anno fa
Come faccio a correggere l'errore "Unable to validate the following destination configurations" in AWS CloudFormation?
AWS UFFICIALEAggiornata 2 anni fa