AWS API Gateway with API Key / Usage Plan (LATEST)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
uh today I'm gonna go through API Gateway with usage plan and API key the usage plan help us to throttle and limit API requests from the client where API key is used to secure our API Gateway API endpoint in a simpler manner so as usual Please Subscribe my channel if you like my content appreciate your help let's get in right one important things uh before we gonna start this is one of the question in AWS solution architect Pro exam uh definitely it's come from please stay tuned uh you can make it a very easy if you go through this video you said plan and API key is one of the question come in the exam so stay tuned right so I'm in a AWS console what we're gonna do we're going to create a new API Gateway endpoint and add usage plan and API key so I'm typing over here API Gateway or you can use the one that already over here let's let's get a new API I'm gonna go with the option three which is rest API okay give it a name as a API my API create API click on upgrade so we got a root endpoint so what we're going to do this API what we just created my API so we're going to create a resource first which is called a resource uses and under users we're going to create a method which is called let's create a get method right so over here either you can integrate with the Lambda function or your HTTP uh other endpoint ATP or you can integrate with the awss other AWS CSS or VPC link so what we're going to do we this is more like more tutorial about usage plan and API key I'm not gonna create any Lambda or any HTTP uh endpoints what we're gonna do uh I'm gonna create a mock so this one basically return the mock response whenever you call the get 10 point it's return amox Christmas I'm click on a save so we got the end points get 10 point so we can do a if you want to go the settings you can go click on here and you can go here and otherwise you can do a fit of testing click on the test and if I click on test you can see we get the 200 status code that's been it's it's success so let's uh deploy this into a different stages let's say we deploy to Dev stages click on deploy API currently I don't have any stage I'm click on the dev new stage and click deploy so let's move into the next tab which is stages under stages we can see our endpoint is there and it's give a URL so this is a URL we need to use to hit our endpoint so if I click on that oh right this this is basically the this is the mock endpoint we don't get any data so basically what I'm doing I'm I do have a in soya which is a client tool it's like a Bossman if you are guys using so I'm gonna paste this URL and click on send so as you can see we get the 200 response because that's a mock endpoint we are using it doesn't return anything it's just written uh 200 HTTP code so endpoint is working it we can access and we get the 200 status code as a successor response so what we're going to do now so add the usage plan let's go to usage plan and click on the new usage band this is where we are going to create a new usage plan click on Create and let's create a my API my usage plan you can give it a description and this is says okay how many you can you control the RS request so you can say uh tourists request per second you can do some boasting and you can say uh total 10 requests per month just to make sure we are getting there we can get the different status code that's why I put a 10. so this is how you can create a usage plan so click on the next and this is where you can add the usage plan into this uh our API so basically what we're going to do add API stage so click on the our API select our API which is my API and select the dev stage and click on tick button so we added the our API into our usage plan click on next this is where you need to add a API key let's add the API key okay before going to the API key what I'm going to do I'm click on okay let's edit the API key that's fine um currently I don't have a array API so what I'm going to do at API we already added the API then click on next and let's create a new API key and add that key to this usage plan so my API okay Auto Electric to Auto generator or you can create a custom one so I'll let it auto generate it save my API key got created and click on done so right so my usage plan created I'm and this is my API key the other one that I just created so and you can use the usage how much its currently it's using for using the other basically let's say we hand over this API key to client and we can measure how many crickets coming from particular client that's the usage So currently we don't have any usage it's empty right so now if I go here and let's say let's try to okay let's deploy first our endpoint let's deploy first make sure I will deploy otherwise it's not going to work go to my API click on get and let's deploy deploy to David Norman whatever you do changes one once you've done changes you need to deploy so we get the same request that's fine okay now still we get the 200 okay so why because we added the usage plan but we haven't restrict the API key so we haven't restrict the endpoint our endpoint so what we're going to do we will go to our resource click on get and click on the method request and over here you can see a little uh the drop down you can see API key required so this is where you need to set true once I click select the through and click on next then what we need to do infinitely yes you need to deploy the API I'm gonna deploy this and I'm back to mine Sonia let's try uh give a couple of requests so it's sometimes it takes some bit of time to uh get updated the the API so I'll give a few seconds and then I'll come back I'm back so it didn't take much time like within 50 seconds it got updated so what's going to happen if I still if I call the same endpoint without providing any API key what's going to happen I'm getting the Forbidden 403 that means you can't access the uh you can hit the API endpoint but you can't access the resources so that's a 403 so what we need to do we need to provide the API API key so how do we provide API key what we need to do we need to go our API Keys uh whereas our API which is my API key the one that we created copy let's copy the API key come back to my insomnia and hand the header what you need to do Type X X API key uh you need to the key name should be this as you can see if x dash API Dash key then paste your API key so let's give a shot right so what you can see the now we get the 200 so if I disable let's say I'm not this is enable disable the the headers if I disable and click Send we get the 403 if I enable the headers and if I send key send a request we get a 200 so it's pretty easy so what we can do is usually the API key is not something you gonna use to secure your API Gateway you are using Lambda authorizer or you can use concrete authorizer that's something you really use to secure your endpoint but this is a one of the easy way to secure your endpoint and based on that based on the API key you can restrict some of the access to a particular client for example let's gonna do because we do have a usage plan let's go to the usage plan uh let's cut the US state plan go to usage my usage plan okay what's going to happen right two requests per second and best took and court is 10 Rupees so basically after 11 requests 11th one request 11th we should get a uh something uh limit uh response let's have a look one two three four five six seven eight Okay cool so earlier I I send the three request basically what I'm doing whenever I hit the 11th one what the request I get four to nine too many requests because I'm arrest checked in the API this API is endpoint is restricted for 10 request per day so that's how you can definitely assist should be more than 10 this is for the demo I want to show the the error message we are getting so we are sending the API key still we you can't access the end point because you request you use the uh use more than what you allocated per day through the usage plan this is usage plan house usage plan work and with API key so hope you enjoy so if you have any question down the line if you follow this tutorial please comment on below so I'm happy to help so that's all it's a quick video so if you enjoy my video please like And subscribe really appreciate it thank you so much see you then on next video [Music]
Info
Channel: LoveToCode
Views: 6,922
Rating: undefined out of 5
Keywords: awsapigateway, awatutorials, aws tutorial for beginners, rate limit, api gateway
Id: AxhbAx4PTow
Channel Id: undefined
Length: 11min 31sec (691 seconds)
Published: Wed Mar 22 2023
Related Videos
What is Amazon API Gateway?
Digital Cloud Training
123K
AWS Portfolio Project: Build an End-to-End Web Application with 7 Services | Step-by-Step Tutorial
Tiny Technical Tutorials
50K
How to create REST API in AWS Using API Gateway and Lambda | Hands On Tutorial
AWS Made Easy
913
The cloud is over-engineered and overpriced (no music)
Tom Delalande
197K
AWS HTTP API Gateway Throttling (API Rate Limiting)
Alex Rusin
2.8K
API Gateway Lambda Token Authorizer | Serverless Security
FooBar Serverless
57K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.