Any way to enable secure API gateway? #179
Comments
|
Can you clarify this one a bit more? To me, this seems like it should be an application-specific feature, not something that Zappa does, unless there is a specific Amazon service or API Gateway feature that you're talking about here. What kind of API key? Just a password, or an OAuth scheme? |
|
Its an API Gateway feature. If you go into each of the API resources that get created there is an "Method Request" in Method Request, you can select to use an API Key, and Keys are generated in the API Gateway console. This gives you an x-api-key header you pass over to enable access control to the gateway. |
|
Ahhhhhhhh. Okay, then yes, this is probably something that Zappa should handle. Do you have any links to docs/guides/tuts about this? |
|
Nothing crazy specific. If i remember correctly zappa is boto3, http://boto3.readthedocs.io/en/latest/reference/services/apigateway.html has methods for create_api_key/delete_api_key/get_api_key and most of the create_* method object returns have a key for 'apiKeyRequired', which just needs a boolean true. |
|
#215 PR made. |
|
Merged! Thank you!! |
If not, big feature request. Its not a deal breaker but having the ability in the zappa_settings.json to have the API Gateway create and produce an API key and require it on all the routes to secure things would be great.
The text was updated successfully, but these errors were encountered: