Security Custom Authorizer

API Gateway custom authorizer is a Lambda function that you provide to control access to your API methods. A custom authorizer uses bearer token authentication strategies, such as OAuth or SAML. It can also use information described by headers, paths, query strings, stage variables, or context variables request parameters.

When a client calls your API, API Gateway verifies whether a custom authorizer is configured for the API method. If so, API Gateway calls the Lambda function. In this call, API Gateway supplies the authorization token that is extracted from a specified request header for the token-based authorizer or passes in the incoming request parameters as the input (for example, the event parameter) to the request parameters-based authorizer function. The custom authorizer can provide access to resource/action level.

Swagger + API Gateway Extension

Lambda Authorizer Function

In below test there are two resources and both resource actions can be invoked using different token.

Postman test

For AWS site HTML, a valid token is aws.

For Oracle site HTML, a valid token is oracle.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Security Custom Authorizer

Clone this wiki locally