Is there a way to validate request in API Gateway based on its body? I need to calculate SHA1 hash of the body to validate the sender - Facebook messenger events... Is there a workaround for it?
Asked
Active
Viewed 1,367 times
1 Answers
3
ApiGateway does not support passing complete body to custom authorizer. One option is to have two level of authentication - first just based on header/query parameter ( which api gateway support ) and enough to detect spoof senders. Second can be SHA1 hash based on complete body which you can implement in your backend
Vishal
- 635
- 4
- 9
-
And if i keep open API, could I somehow tell the gateway to block a sender of spoofed messages? – Jan Sila Jul 07 '18 at 05:52
-
One way to restrict access without authorizer to use resource policy ( https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-resource-policies.html ) - not sure if it can help detect spoof senders for you. – Vishal Jul 07 '18 at 06:10
-
Another option is to have two level of authentication - first just based on header/query parameter ( which api gateway support ) and enough to detect spoof senders. Second can be SHA1 hash based on complete body which you can implement in your backend. – Vishal Jul 07 '18 at 06:13
-
Yh thats what I started working on yesterday actually. Do you want to put it in your answer so I can accept it? :) – Jan Sila Jul 07 '18 at 06:49