Difference between revisions of "API KEY"

Line 33: Line 33:
  
 
https://datanextsolutions.com/wp-content/uploads/2018/09/create-api-key.png
 
https://datanextsolutions.com/wp-content/uploads/2018/09/create-api-key.png
 +
 +
https://datanextsolutions.com/wp-content/uploads/2018/09/create-api-key-2.png
 +
 +
https://datanextsolutions.com/wp-content/uploads/2018/09/create-api-key-3.png
 +
 +
 +
===Enable API Key on Method===
 +
 +
Next is to enable your method to accept API Keys
 +
 +
Click on the API then Resources and click on the method you want to enable API keys, in our case it is hello/Get method
 +
 +
https://datanextsolutions.com/wp-content/uploads/2018/09/api-overview.png
 +
 +
Click Method Request and select true from the API Key Required drop-down list
 +
 +
https://datanextsolutions.com/wp-content/uploads/2018/09/api-key-required.png
 +
 +
 +
===Create Usage Plan===
 +
 +
 +
 +
 +
 +
  
  
https://datanextsolutions.com/wp-content/uploads/2018/09/create-api-key-2.png||width:500
 
  
  

Revision as of 02:57, 16 July 2019

Protect AWS API Gateway Endpoints using API Keys

Overview

AWS API Gateway offers various ways to protect API endpoints, most recently AWS announced Private Endpoints which are only accessible from VPC. In addition to that, you can protect APIs using the following methods

  • Custom Authorizers
  • API Keys
  • Client Certificates
  • Or a combination of these

api-endpoints.png

In this post, we will cover the API keys method only. Using API keys you can also create Usage Plans which allows you to enable Throttling and Quota on the APIs.

API Keys

Example

In this example, we have an AWS lambda function which is exposed using the AWS API Gateway endpoint, we will protect the endpoint using API keys and test it using Postman tool. The API is called My API with a resource called hello and a GET method calling Lambda function hello-lambda as shown on the slide.

overview-lambda.png

Before API key protection you can call the API using the browser or Postman

api-no-security.png

Create API Keys

The first step is to create API Keys, the steps are simple

  • Log in to AWS Console and AWS API Gateway
  • Click on API Keys then from the Actions drop-down list select Create API key
  • Enter required API key name and description

create-api-key.png

create-api-key-2.png

create-api-key-3.png


Enable API Key on Method

Next is to enable your method to accept API Keys

Click on the API then Resources and click on the method you want to enable API keys, in our case it is hello/Get method

api-overview.png

Click Method Request and select true from the API Key Required drop-down list

api-key-required.png


Create Usage Plan

original source : https://datanextsolutions.com/blog/protect-aws-api-gateway-endpoints-using-api-keys/