Rate limit api based on a bearer token instead of apikey

0

Hello I would like to rate limit access to my api based on a bearer token sent in the request header.

Basically i want to implement a usage plan based on the data from the decrypted bearer token instead of an apikey is this possible with api gateway?

Also if there is any way to implement a usage plan using anything but an apikey please let me know

2개 답변
1

You can achieve this by using a Lambda authorizer. When you do, you have the option to define the API key is retruned from the Lambda function. In there you can translate the token into an API Key. You will need to add the API keys to API Gateway and associate them with usage plans.

profile pictureAWS
전문가
Uri
답변함 일 년 전
0

Hello, you can use authorizer-sourced API keys [1] to achieve this use case. Unlike reading the API key from the client headers, the authorizer lambda function will perform your custom logic on the Bearer Token and decide if the API key is to be provided or not for the request that ultimately decides if usage plan is applied or not. You can follow below steps for the same:

  1. Create an API and its required methods, resources and deploy it.
  2. Create an API key.
  3. Create a Usage Plan and associate it with the API Stage and the API Key created in step2.
  4. Navigate to the API settings and change the API key source [2] to “AUTHORIZER”. Scroll down and save the changes.
  5. Create a Token Based Lambda authorizer whose logic with decide if the request is authenticated (hence, applying the usage plan) and accordingly add the “usageIdentifierKey” parameter in the authorizer returned response. The request is executed only if the usageIdentifierKey is present in the root level of the authorizer returned JSON object [3].
  6. For the required API methods, configure the method request for Lambda authorizer and API keys.
  7. Deploy the API again to the same stage as in step1.
  8. Call the API with the appropriate bearer token and observe the output (“forbidden”/“limit exceeded”/expected output of successful execution).

References: [1] https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-key-source.html#:~:text=To%20use%20authorizer%2Dsourced%20API%20keys%3A

[2] https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-api-key-source.html

[3] https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html#:~:text=If%20the%20API%20uses%20a%20usage%20plan

[+] https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html#api-gateway-lambda-authorizer-create:~:text=Lambda%20authorizer%20function-,To,-create%20a%20token

Ashwin
답변함 일 년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠