Client API throttling in API Gateway


Hi all,

Customer is looking to implement API throttling to their APIs exposed via API Gateway. It is supported by API Gateway using API Keys but the customer has not implemented API keys for each of their customers and is looking for other options leveraging information in the API request/header. Each of the requests currently includes a customer ID that they would like to use.

1 Answer
Accepted Answer

What you are describing is a perfect use case for API keys + usage plans. But it seems your customer does not want their end users to make any changes. Have you looked into this blog post? It has an example of how CloudFront can inject the API key for the end users. Not sure how your customer is currently doing auth but another option might be to inject the API key in the Lambda custom authorizer.

A Lambda authorizer function's output is a dictionary-like object, which must include the principal identifier (principalId) and a policy document (policyDocument) containing a list of policy statements. The output can also include a context map containing key-value pairs. If the API uses a usage plan (the apiKeySource is set to AUTHORIZER), the Lambda authorizer function must return one of the usage plan's API keys as the usageIdentifierKey property value.

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions