By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

API Gateway - GET method works, PUT method is Forbidden

0

I have an API Gateway configured with a single stage, one resource, and two methods: GET and PUT.

Both GET and PUT reference a single Lambda Function, with logic to control how the function behaves. All of this is working for both methods, and confirmed through the Test Method tab under the resource stage.

**I have an API Key in place, and using CuRL I am successfully able to perform the GET. However, when I try to use the PUT, I get a forbidden response. ** Because this seems to be a login related issue I don't have anything in the CloudWatch logs.

I've checked everything I can think of and can't find any differences in the configuration between the GET and PUT, and I can't understand why I would have a difference that would cause this.

On the Lambda side, Triggers for both methods, and Allow permissions appear to be in place for both methods.

The most important thing is simply to get the PUT call working, but ideally it would be nice to have separate API Keys for each request, if that were possible.

Topics
ServerlessComputeFront-End Web & MobileNetworking & Content DeliveryDeveloper Tools
Tags
ServerlessAWS LambdaAmazon API GatewayDeveloper Tools
Language
English
builder
asked 14 days ago325 views
1 Answer
1
Accepted Answer

The plot thickens... I exited my terminal and when I came back I was getting 403's for both GETs and PUTs.

I read a random stackoverflow thread that suggested 'X-Api-Key' in the header had to be capitalized. This didn't make sense because the GET method was working with it being lowercase, but they both started working after I changed it.

However, another comment suggested I needed to have a usage plan associated with the keys. I didn't have one setup, so it doesn't make sense that it worked initially, but now I'm thinking AWS maybe allows for some light activity without a usage plan. I think this might have been the problem but it took a short amount of time before the change took effect, because when I initially made the change it didn't seem to work.

TL;DR I think a usage plan is necessary for API Keys

builder
answered 14 days ago
profile picture
EXPERT
Oleksii Bebych
reviewed 13 days ago
profile picture
EXPERT
Adeleke Adebowale J
reviewed 14 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content