API Key per resource?
0
In API Gateway, is it possible to manage usage of different resources per API Key? Like a given API Key lets you use /resource1 but not /resource2?
asked 6 days ago3 views
1 Answers
0
You can use a Lambda authorizer. The Lambda function will return a different policy to each API key that will specify which endpoints are allowed and which are denied.
Saying that, I am not sure this is the right approach. API keys should not be used for authorization. If you are using a Cognito authorizer, you could use scopes to protect the different endpoints.
API Keys should be used for usage plans, i.e., limit the usage by different clients and throttle them if they exceed their quota.
Relevant questions
Client API throttling in API Gateway
Accepted Answerasked a year agoHow can API Gateway WebSockets be throttled per-user?
Accepted Answerasked 2 years agoAPI Gateway Count Metrics per API Key
asked 8 days agoAPI Key per resource?
asked 6 days agoAPI Gateway Boto3 get_usage() - Running Total or just daily?
asked 4 months agox-api-key for Usage Plans
asked 3 years agoHow to associate an api key to an API Gateway websockets API
asked 3 years agoMultiple API keys and the flow rate limit in the usage plan
Accepted Answerasked 2 years agoLambda Authorizer with API Key enabled on API Gateway
asked 2 months agoAbout the flow restriction of multiple APIs associated with an usage plan
Accepted Answerasked 2 years ago
Oh, I always thought API keys were for authorization. What should they be used for instead?