0

I have read quite a few articles like this one and it looks like currently in AWS API Gateway you cannot send API Key in query string. We also have few legacy clients that will need passing api-key in query string.
So i thought of two options

1>Create lambda function as Integration Type and validate API in key inside function handler. But i am not able to figure out how to validate it against keys in aws. Something like

public async Task<JObject> FunctionHandler(JObject request, ILambdaContext context)
{
      // i know how to get apikey from queryStringParameters here 
      // but how do i validate it against api keys in aws
}

2> Create new custom authorizer, but again not sure how do i do it.

Which would be prefered option. I am using .NET core. Are there any nuget packages already available?

Please note querystring support is required and not debatable even if it is not recommended for security reason

LP13
  • 30,567
  • 53
  • 217
  • 400

1 Answers1

1

You can pass security key in query param use header and pass key 

curl -X PUT \
https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice \
 -H 'Content-Type: application/json' \
 -H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
 -d '{

 "initData": "HI",
 "name": "vaquar khan",
 "likes": "Java"
}'

Security key validation taken care by API getaway so no lambda authorizer required

If you are passing in query string

URL:

https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5

Python 2.7

from __future__ import print_function

import boto3
import json

print('Loading function')


def lambda_handler(event, context):
    print(event['params']['querystring']['x-api-key'])
    print(event['params']['querystring']['uid'])
vaquar khan
  • 10,864
  • 5
  • 72
  • 96