You can only have a single authorizer on every endpoint. If you need more than one, you will need to use a Lambda authorizer to verify both.
In addition to the authorizer you can specify a resource policy, include WAF and use mutual TLS. All pf these apply to all endpoints and they are evaluated in addition to the authorizer.
Use multiple API Gateway authorizersasked 13 days ago
Are Lambda Authorizers' invocations billed ?Accepted Answerasked 4 months ago
AWS API Gateway with Amazon Cognito User Pools as authorizerAccepted Answerasked 2 years ago
Can I use API Gateway cache invalidation with a custom authorizer ?asked 6 months ago
API Gateway Private Integration with multiple NLB listenersAccepted Answerasked 3 years ago
API Gateway User Authentication Best Practicesasked 7 months ago
API Gateway - Gateway response - HTTP APIAccepted Answerasked 2 years ago
limits with API gateway custom authorizer for number of requestsAccepted Answerasked 2 years ago
Should I use Cognito Identity Pool OIDC JWT Connect Tokens in the AWS API Gateway?asked 3 months ago
API Gateway and Auth0 integration - best practicesAccepted Answerasked 2 years ago