Allow a request to an AWS Amplify created REST API only from the public accessibly hosted webpage without user management (unauthenticated request)

The Amplify-hosted website has two fields for the order number and last name. The website calls the Amplify-created REST API with these two values and processes the next steps. There is no user management or other authentification besides the "knowledge" of these two values.

How is the best way that the REST endpoint can only be accessed by the website and not e.g. via postman?

Is a Signature Version 4 call like described here https://medium.com/@jun711.g/how-to-secure-aws-api-gateway-requests-with-signature-version-4-using-aws-amplify-62d79f92966c the only way for an unauthenticated request (https://docs.amplify.aws/lib/restapi/authz/q/platform/js/#unauthenticated-requests)?

Topics

Front-End Web & Mobile

Relevant content

How do I create a Cognito authorizer for the Amplify REST API?
Santhosh
asked 3 months ago
Restrict Access to Webpage with Amplify & Cognito
john_salzbrunn
asked 2 years ago
How do I protect my Amplify-hosted website from the Bytespider bot?
Sam_Grade
asked a month ago
How do I correctly authorize API Gateway with a Cognito user pool WITHOUT the hosted UI.
Accepted Answer
chanson
asked 2 months ago
How do I allow only specific IP addresses to access my API Gateway REST API?
AWS OFFICIALUpdated 2 years ago
How can I forward the host header with private integration for an API Gateway REST API?
AWS OFFICIALUpdated 9 months ago
How can I use Amazon S3 to host a static website that uses API Gateway as the proxy?
AWS OFFICIALUpdated 10 months ago
How do I allow API Gateway REST API users to run Lambda using the execution role from an Amazon Cognito user pool group?
AWS OFFICIALUpdated a year ago
Implementing request parameters validation in Amazon API Gateway REST API with Cloud Development Kit (CDK)
EXPERT
Vihang Shah
published 5 months ago
How to Create a Feature Request for AWS: A Step-by-Step Guide
EXPERT
Giovanni Lauria
published 22 days ago