How can I deny authorization using a custom authorizer lambda when the API key is disabled?
hello guys,
I'm trying to disable an API key to deny all access relative to my APIs, but when I flag it as disabled the API key still works. I expected that the API gateway could refuse access, but it's not happening.
As the API gateway didn't refuse the access and I'm using a custom lambda authorizer, I thought I should deny the access by myself right? I'm trying to deny it through the lambda authorizer, but I haven't seen any information on the context of the key that shows me if it is enabled or disabled.
As you can see in the image above, there isn't any information about if the key is enabled or disabled. Has someone any solution for this case?
thank you.
**Update
Steps that I have tried:
- I flagged my API key as disabled.
- at API gateway > Resources > Actions -> Deploy API -> Add stage -> Deploy
- I hit my API, and the key still works
- Then I checked if some information came on context of my custom lambda authorizer
- Newest
- Most votes
- Most comments
No redeployment of the Amazon API Gateway Rest API is necessary when enabling or disabling an API key. The change takes effect within approximately 10 seconds. If you encounter any issues, they are likely related to your API configuration. It is important to acknowledge that API keys are not suitable for authentication or authorization purposes, but rather serve as a means to implement rate limits, burst limits, and quotas (known as "Usage Plans").
Relevant content
- asked 2 years ago
- Accepted Answerasked a year ago
- Accepted Answer
asked 6 years ago 
AWS OFFICIALUpdated a year ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Have you tried to make the change and deploy the api stage?
Yeah, at least I think yes.
I did it:
do you have any other tips?