CODEWITHSUNDEEP
restamazon-web-servicesaws-lambdapostmanaws-api-gateway
joev
joev

Reputation: 105

Authenticate AWS API gateway with AWS_IAM and API key from REST client Postman

I am trying to access authenticated POST API gateway with postman rest client, but I am getting status 403 with forbidden message.

{ "message": "Forbidden" }

I am using AWS Signature Authentication with AccessKey, SecretKey, AWS Region and Service Name. I don't understand why its not allowing my rest call, is it something to do with my AccessKey and SecretKey pair lacking authorisation?? (My user is Admin thought)

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://xxxxxxxxxx.execute-api.us-west-2.amazonaws.com/dev/score",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "input1=1&input2=2",
  CURLOPT_HTTPHEADER => array(
    "authorization: AAAA-AAAA-XXX123 Credential=XXXXXXXXXX/20160414/us-west-2/execute-api/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=sdddddssdddddddddddddddddsdsdsdsdsdsdsdsdsdsd",
    "cache-control: no-cache",
    "content-type: application/javascript",
    "host: xxxxxxxxxx.execute-api.us-west-2.amazonaws.com",
    "postman-token: abf462fe-24ae-244d-ba8d-d3e953f0e712",
    "x-amz-date: 20160414T084331Z"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

Upvotes: 1

Views: 5873

Answers (4)

OttoV
OttoV

Reputation: 264

It often happens when API is not deployed to API Gateway or you are accessing the wrong path /your-rout instead of /api-name/your-route.

Upvotes: 0

Daniel Jihoon Oh
Daniel Jihoon Oh

Reputation: 1909

If you set 'API Key Required' option to true, please check below.

  1. Deploy your API to update changes.
  2. you have to pass 'x-api-key' HTTP Header Parameter to API Gateway.
  3. The API Key had to be created.
  4. In addition, you need to check a Usage Plan for the API Key on API Gateway Console.

Upvotes: 3

TimoSolo
TimoSolo

Reputation: 7325

If you are using an API Key, make sure you set the "x-api-key" header.

I also had the same problem until I created a Usage Plan and linked the plan to the API stage and the API key.

Upvotes: 3

Jurgen
Jurgen

Reputation: 1273

This can have multiple reasons, would you mind sharing a sample setup where it fails?

Please check the following:

  1. Did you deploy your API?
  2. Does the user have the proper permissions? You can use the managed IAM policy "AmazonAPIGatewayInvokeFullAccess" or create your own. Please refer to our documentation for more details.

Best,

Jurgen, API Gateway

Upvotes: 1

Related Questions