Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

API Key per resource?

0

In API Gateway, is it possible to manage usage of different resources per API Key? Like a given API Key lets you use /resource1 but not /resource2?

Tópicos
Sem servidorWeb e dispositivos móveis front-endRede e entrega de conteúdo
Tags
Gateway do Amazon API
Idioma
English
Kevin
feita há 2 anos967 visualizações
1 Resposta
0

You can use a Lambda authorizer. The Lambda function will return a different policy to each API key that will specify which endpoints are allowed and which are denied.

Saying that, I am not sure this is the right approach. API keys should not be used for authorization. If you are using a Cognito authorizer, you could use scopes to protect the different endpoints.

profile pictureAWS
ESPECIALISTA
Uri
respondido há 2 anos
profile picture
ESPECIALISTA
Gary Mclean
avaliado há um mês
  • Kevin
    há 2 anos

    Oh, I always thought API keys were for authorization. What should they be used for instead?

  • Uri ESPECIALISTA
    há 2 anos

    API Keys should be used for usage plans, i.e., limit the usage by different clients and throttle them if they exceed their quota.

  • Christos S
    há 2 anos

    Hello coming late to the party but I have the same question. I want to limit resource per API key. As I understand from the docs (https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html) I need to provide the api key of the user in the output of the lambda and in usageIdentifierKey property. My question is how am gonna find out which API key belongs to the calling user?

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante