Is there an OpenAPI 3.0 extension to configure a specific method to not require an APIkey?

Question

I'm importing an OpenAPI 3.0 spec into API Gateway and I need to set a couple methods to not require an api-key.
The two methods which I want to not require are;

1. The GET method that is the endpoint I'm pointing to for Route53 health checks.  
2. A POST which I do not have control over so I cannot have them include the x-api-key header.

I was hoping to find an extension in https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-swagger-extensions.html which allowed me to do something like  "apikey required=false" on these two methods but I cannot, or I'm just misunderstanding the doc.   I can do this from the AWS CLS via the following, but that greatly complicates our deployment process.

`aws apigateway update-method --rest-api-id abc --resource-id xyz --http-method GET --patch-operations op="replace",path=/apiKeyRequired,value="false"`

Does anyone know if there an extension that can change that setting?

Answer

I just found what I'm looking for.   In my openapi input file I updated the two paths to include a nullifying security block of

```
    "/route53-check": {
      "get": {
       .
       .
       .
      , "security": []
}
```

Is there an OpenAPI 3.0 extension to configure a specific method to not require an APIkey?

相关内容