API Gateway's REST API authentication using App ID, App Secret

Question

I have gone through the [PetStore example in API Gateway](https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-from-example.html) multiple rounds, it's able to perform simple GET/POST to public API. But how can i onboard and achieve the API authentication in AWS where i could easily do it in Postman (as below)?
![Enter image description here](/media/postImages/original/IMiKdfRSvkTVCgXA26vMS7wg)

* How to maintain AppID, Secret which generated from 3rd party platform
* Based on the guides, the API is secured in method level using IAM, how to relate them in API Gateway where each external API calls is supported by active token 
![Enter image description here](/media/postImages/original/IMt-8lb82nRMakxpTgug0-2w)

Thanks  for the pointers

Regards,
newbie weilies :D

Answer

Since you are using a third party identity provider (Idp) as authenticator, you can use **Lambda Authorizer** for access control of your API.

https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html

```txt
A Lambda authorizer is useful if you want to implement a custom authorization scheme that uses a bearer token authentication strategy such as OAuth or SAML, or that uses request parameters to determine the caller's identity.
```

API Gateway's REST API authentication using App ID, App Secret

相關內容