Enabling secure endpoints on API Gateway
Securing API access is an essential criterion. You can limit and restrict the access for your customers who are going to consume the API. Amazon API Gateway does support several mechanisms to secure, limit, and restrict API uses. This will help to maintain the API usages as per your customer base. The following are three types of implementations that are supported by API Gateway:
- API key
- IAM policy
- API Gateway Lambda authorizer
Let's look at each implementation in more detail.
Â
Â
Enabling the API Key
As we described in Chapter 1, Amazon Web Services for Serverless, regarding Zappa's deployment workflow, where Zappa configures the API Gateway to invoke the AWS Lambda with a proxy pass mechanism, this creates an API on the API Gateway interface. Each API supports various stages. In our case, we have created a dev
stage while deploying the application. Therefore, the following screenshot shows the state of the API Gateway console:
API Gateway supports API keys...