I am not sure what exactly you are trying to do. If you select Token, how can you authorize both the API Key and the JWT? If you place the API Key in the Authorization header, where is the JWT token?
If you need to verify 2 headers you should use the Request payload type. The IdentitySource is used for caching in this case. You do not need to specify both of them if they will not always be provided in the request.
What do you mean by: "map the API Key to its ID"? The value returned from the Lambda Authorizer should be the API Key as known to API Gateway so that it can use it for throttling, etc. The API Key ID, is just an internal identifier that should not mean anything to the backend.
- AWS OFFICIALUpdated a year ago
- How do I troubleshoot HTTP 403 Forbidden errors when using a Lambda authorizer with an API Gateway REST API?AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 3 years ago
- How do I troubleshoot permissions errors from API Gateway HTTP APIs with a Lambda integration or Lambda authorizer?AWS OFFICIALUpdated a year ago
- EXPERTpublished 9 months ago