Reputation: 584
Amazon API security with API Keys?
I have deployed my rest API on amazon API gateway and I have a scenario in front of me with security concern. I am using an api key for all the api requests, I wanna know if the that api key is exposed somehow and as we know the same api key is being used by already published apps...Then what are my options?
Also as mentioned here
I can have only 10000 API keys per AWS account if I want the api keys to be unique per user for it to be more secure but what if the number of user shoots out to be more than 10000.
Please suggest on the same as it is very important.
Upvotes: 0
Views: 970
Answers (1)
Reputation: 1273
API keys are not recommended for authorization. Calls received from each API key are monitored and included in the Amazon CloudWatch Logs you can enable for each stage. You should use API keys to monitor usage by third-party developers and leverage a stronger mechanism for authorization, such as IAM or custom authorizers.
Hope this helps
Upvotes: 3
Related Questions
- Using async/await with a forEach loop
- What is the difference between Amazon SNS and Amazon SQS?
- How do I get the path to the current script with Node.js?
- How to pass a querystring or route parameter to AWS Lambda from Amazon API Gateway
- AWS API Gateway: programmatically generating API keys
- How to protect AWS API gateway endpoint from DDos attack?
- How to control access of resources in amazon api gateway through API Keys