1 Answer
- Newest
- Most votes
- Most comments
0
API Gateway supports only a single authorization method per route. If need something which is more complex than what API Gateway supports (Cognito or IAM), you will need to use a Lambda authorizer. In the authorizer you can check the source (based on maybe some secret header that you pass from the client) and if it is not your client, you check for the other token.
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
You can use both Cognito and API keys, however, if you specify that API keys are required, they will be required for everyone.
Not really, but it is not very different than passing an API key.