2

Using REST API (AWS API Gateway v1) we can use X-API-Key header in request and maintain API Key to control access to given endpoint.

In AWS if I go to API Gateway and select REST API (v1) then under Resources I see: API Key Required and under API Keys I can find my key.

Using serverless this can be configured like this:

provider:
  apiKeys:
    - my-api-key

functions:
  hello:
    handler: handler.hello
    events:
      - http:
          path: /hello
          method: get
          private: true

But if I switch to httpApi then I get:

Configuration warning at 'functions.hello.events[0].httpApi': unrecognized property 'private'

Moreover, in API Gateway, under HTTP API (v2) there are no API Keys anywhere.

When I check documentation there is a big section about API Keys under REST API: https://www.serverless.com/framework/docs/providers/aws/events/apigateway but API Gateway HTTP API has nothing about API keys: https://www.serverless.com/framework/docs/providers/aws/events/http-api

Is there REST API (API Gateway v1) API key equivalent in HTTP API (API Gateway v2)? Basically, I want to be able to use X-API-Key with HTTP API as in REST API.

iaforek
  • 2,860
  • 5
  • 40
  • 56

1 Answers1

5

I can think about some workaround (using custom authorizer) that will mimic API Key functionality while using AWS API Gateway v2 (HTTP API) but that won’t be near v1 (REST API) so the short answer is no. There is no equivalent.

In Choosing between HTTP APIs and REST APIs there is API Management table that clearly shows API Keys are not supported in HTTP API.

Moreover, from the same document:

Previous-generation REST APIs currently offer more features.

iaforek
  • 2,860
  • 5
  • 40
  • 56