AWS API GW - HTTP API - Authorization Header


We are using AWS API Gateway for hosting our HTTP APIs which are supported by ECS Farget backend .

  1. In API GW we receive externa token in "Authorization" header from caller
  2. Validate that token in "Authorization" header using Lambda Authorizer and determine user context
  3. We intend to create a new internal "Authorization" token and send it to ECS backend
  4. However , we are not able to set "Authorization" header as part parameter mapping with new token as it appears to be reserved header Has anyone faced similar issue and what is suggested workaround ?

Thanks and Kind Regards, VJ

1 Answer
Accepted Answer

You can try to validate the external token in the "Authorization" header using a Lambda Authorizer.

Then a batch of operations you can run are the following:

  • Generate the internal authorization token within the Lambda function.
  • Return the internal token as part of the authorization context or in a custom header from the Lambda Authorizer.
  • Use a custom header (e.g., "X-Internal-Authorization") to map and pass the internal token to the ECS backend in API Gateway's Integration Request settings.
profile picture
answered 12 days ago
profile picture
reviewed 4 days ago
profile picture
reviewed 7 days ago
  • Thanks ,Giovanni . I am not sure why HTTP APIs behave differently to REST APIs in this regard. I wanted to avoid creating a custom header rather wanted to use standard Authorization header. Nevertheless it seems there isn't any other option available.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions