API Authentication via API Keys | AWS API Gateway

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
what's up everyone welcome back to another episode of aws tutorial and today's video is the continuation of another video where i talked about how to build a serverless api using a lambda function api gateway and the dynamodb i'll include a link down below to that video so you can check that out if you're interested and today i'm going to talk about how to secure or restrict access to your api so there are many ways you can do that and the method i'm going to talk about today is to use an api key i like this method the most because i can categorize my users or my customers into different tiers and give them different types of access for example if i have a group of customers who pay me premiums every month i will want to allow them to have more requests per minute and then on the other hand i have a basic plan which is free for people to try out the service before they subscribe to it so i want them to have less requests per minute to my api so this way i can set up my api to serve my customers in different tiers so without further ado let's get to it alright so right now i'm on aws console what i have here is i just have an api that has two methods one is a post and then the other one is get and i only have one stage which is broad and right now i just have it set up to return some dummy data and it's currently open to the world so let's test it out first using postman so let me copy this link go to postman paste it here and it has sent i got some dummy data here and then the post method to post i'll just give it a body and then hit send he's successful and obviously we don't want our api to be open to the whole world in our application and right now i'm going to show you how to restrict access to it so go back to the aws console i'll go back to resources click on the method method request and then under api key required i'll change that to true hit the check mark and then make sure that i do that for all the methods i want to restrict access hit the checkmark and then make sure that i deployed the api and we only have one environment i think this is going to take about 30 seconds to become effective so i'm gonna pause the video and then come back all right so it's been about one minute so right now let's go back to postman and hit the same method it's going to say forbidden and i think the same thing is going to happen to the get method and yes and right now let's enable access to some of the customers and we're gonna do that using the api keys so click on api keys action create api key give it a name i just do customer one i'll just let it auto generate a key for me and this is the api key that was auto generated and we're gonna give that to the customer to use but before we do that we need to do one more thing so let's go back to apis select api that we want to restrict access to and then usage plans hit create i'll just call it premium plan let's do 1 500. you can customize it the way you want it quota let's do i just do one million and then hit next and then i'll add api stage i choose our api and the prod stage click the check mark hit next and then add the customer one api key that we just created is this one hit the check mark and hit done alright so this is done i think it's going to take about 30 seconds as well so i'm going to pause the video and then come back all right so it's been about one minute so right now if i go to the api keys click on customer one and then copy this key go back to postman now the method is still forbidden but if i go to head is add another header call x api key and then paste the key that we just copied and then hit send again and now we have access to it again and the same thing is going to work for the post method hit send and there you go it works and this is it everyone i hope you have learned something and if you like this video i hope you can give it a thumbs up and i'll see you in the next video
Info
Channel: Felix Yu
Views: 37,425
Rating: undefined out of 5
Keywords: api, authentication, serverless api, api gateway, aws, lambda, dynamodb, api key, api keys
Id: V-ac_ZvdAW4
Channel Id: undefined
Length: 5min 53sec (353 seconds)
Published: Fri Mar 12 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.