7

I use Serverless Offline to develop a Web project.

I need of API Keys to access to resource on Serverless AWS Lamda.

I have a serverless.yml with my service and my provider.

In Postman, I access to my route (http://127.0.0.1:3333/segments/UUID/test), and I haven't any error (as Forbidden message), the Lambda is executed...

test:
  handler: src/Api/segment.test
  events:
    - http:
        path: segments/{segmentUuid}/test
        method: post
        request:
          parameters:
            paths:
              segmentUuid: true
        private: true

The route in question is not protected by private.

pirmax
  • 2,054
  • 8
  • 36
  • 69

3 Answers3

15

https://www.npmjs.com/package/serverless-offline#token-authorizers

Serverless-offline will emulate the behaviour of APIG and create a random token that's printed on the screen. With this token you can access your private methods adding x-api-key: generatedToken to your request header. All api keys will share the same token. To specify a custom token use the --apiKey cli option.

Command will look like this:

sls offline --apiKey any-pregenerated-key
Yurii
  • 166
  • 2
  • 4
2

For local dev use this inside serverless.yml:

custom:
  serverless-offline:
    apiKey: 'your-key-here'

Or this inside serverless.ts:

 custom: {
    'serverless-offline': {
      apiKey: 'your-key-here',
    },
  },
Stefan Drl
  • 53
  • 7
0

Given latest changes this configuration worked for me with serverless offline:

  provider: {
    name: 'aws',
    region: region,
    runtime: 'nodejs14.x',
    stage: stage,
    apiGateway:{
      apiKeys: [{
        name: 'test name',
        value: 'sadasfasdasdasdasdafasdasasd'
      }],
    },
  },

https://github.com/dherault/serverless-offline/issues/963

Bogdan M.
  • 2,161
  • 6
  • 31
  • 53