You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This should be technically possible, I am wondering if there is any support for this? or if serverless enforces the use of the HEADER value which then requires the key to be provided int the x-api-key header.
The use case
I have the need to expose an API gateway endpoint, to a third party. I want the endpoint to remain private, but I do not want to give them the AWS API Gateway Key. Instead, I want to be able to use a custom authoriser, which will be the source of the key.
This will allow me to keep the benefits of a usage plan, without exposing the details of the key.
If there is additional config how would it look
In terms of config, what I specified above, could be an option. Alternatively, it could be done the same way as the endpointType directly under the provider.
I have not been able to find a reference to this in the serverless docs, forums or the codebase. I would also be happy to work on this if this is something you would like to include.
Additional Data
Serverless Framework Version: 1.27.3
Operating System: macOS 10.13.4
The text was updated successfully, but these errors were encountered:
This is a Feature Proposal
Description
I would like to be able to provide the ability to have my customer authorizer be the source of the api key, as per the aws docs.
https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-lambda-authorizer-output.html
https://docs.aws.amazon.com/apigateway/api-reference/resource/rest-api/#apiKeySource
Event though there is no reference to this setting in the serverless docs, I have tried setting the value in the global provider settings
However the cloud formation template does not produce any result with this, which was kind of expected.
This should be technically possible, I am wondering if there is any support for this? or if serverless enforces the use of the HEADER value which then requires the key to be provided int the x-api-key header.
I have the need to expose an API gateway endpoint, to a third party. I want the endpoint to remain private, but I do not want to give them the AWS API Gateway Key. Instead, I want to be able to use a custom authoriser, which will be the source of the key.
This will allow me to keep the benefits of a usage plan, without exposing the details of the key.
In terms of config, what I specified above, could be an option. Alternatively, it could be done the same way as the
endpointType
directly under theprovider
.The resulting cloud formation may be trivial https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-apigateway-restapi.html#cfn-apigateway-restapi-apikeysourcetype
I have not been able to find a reference to this in the serverless docs, forums or the codebase. I would also be happy to work on this if this is something you would like to include.
Additional Data
The text was updated successfully, but these errors were encountered: