Skip to content
Route authorized requests for the FullStory /sessions REST API endpoint through AWS Lambda
JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
README.md
handler.js
package-lock.json
package.json
serverless.yml

README.md

Authorized access to FullStory /sessions API with AWS Lambda

Route authorized requests for the FullStory GET /sessions REST API endpoint through AWS Lambda. Details about GET /sessions can be found here.

With Amazon API Gateway and AWS Lambda, you can make authorized calls from the browser while securing your FullStory API token. This example is configured and deployed using the Serverless Development Framework.

Implementation Details

secrets.yml

The FullStory API key is stored in a file (not commited to this repo) called secrets.yml:

API_KEY: "your fullstory API key"

In serverless.yml this secret is created as an environment variable available to the Lambda function:

...
  environment:
    API_KEY: ${file(secrets.yml):API_KEY}
...

More details about serverless.yml can be found here.

You can provide even more secure storage of your API key by using AWS Systems Manager parameter store: https://aws.amazon.com/blogs/compute/sharing-secrets-with-aws-lambda-using-aws-systems-manager-parameter-store/.

handler.js

handler.js contains all of the example logic that authorizes calls to your service before making a request to the FullStory REST API. There are a couple of important TODOs in the sample code that you should address:

// TODO: restrict cors header to domains you expect to receive traffic from
const CORS_HEADER = { 'Access-Control-Allow-Origin': '*' };
...

and

// TODO: implement your authorization scheme as required
const demoAuthZ = (fn) => async (event) => {
...
You can’t perform that action at this time.