By using AWS re:Post, you agree to the Terms of Use
/API Key per resource?/

API Key per resource?


In API Gateway, is it possible to manage usage of different resources per API Key? Like a given API Key lets you use /resource1 but not /resource2?

1 Answers

You can use a Lambda authorizer. The Lambda function will return a different policy to each API key that will specify which endpoints are allowed and which are denied.

Saying that, I am not sure this is the right approach. API keys should not be used for authorization. If you are using a Cognito authorizer, you could use scopes to protect the different endpoints.

answered 6 days ago
  • Oh, I always thought API keys were for authorization. What should they be used for instead?

  • API Keys should be used for usage plans, i.e., limit the usage by different clients and throttle them if they exceed their quota.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions