According to the documentation you are correct. Only the headers/parameters are passed into the Authorizer which would make sense as during a POST you wouldn’t be sending a body as such and would only be interested in variables.
You would usually pass through a bearer token as such which would check to see if you have valid credentials and allow or deny you. You still need another authentication process to obtain a token to supply to api gateway.
- Accepted Answerasked 7 months ago
- How do I troubleshoot HTTP 403 Forbidden errors when using a Lambda authorizer with an API Gateway REST API?AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- How do I pass custom headers through API Gateway to a Lambda function using Lambda custom (non-proxy) integration?AWS OFFICIALUpdated a year ago
- How do I troubleshoot permissions errors from API Gateway HTTP APIs with a Lambda integration or Lambda authorizer?AWS OFFICIALUpdated a year ago
- EXPERTpublished 9 months ago