Using the same scenario as described previously, it's clear that we would have different levels of security that we would need to implement for our APIs.
To appeal to the maximum customer base, we would want anyone to freely access and browse our library of products on our website. Any APIs involved with presenting our content and search results would be considered unauthenticated APIs (public APIs), meaning that these could be used by anyone accessing our website landing page.
Now consider that someone has found a product that they would like to purchase, and they would like to add it to their own shopping cart within their own account and pay for the item. Here, we would see the need for authenticated user APIs, whereby the users would need to have undergone a level of authentication.
So, how is the access to these APIs controlled? Well, with AWS API Gateway, there are a number of different mechanisms that control who or what can call an API. ...