AWS API Gateway - 400: Bad Request

Question

I have an HTTP proxy endpoint, that when tested works properly:

Request: /results?auth=abc123&id=9876&start=2016-08-20&end=2016-09-01
Status: 200
Latency: 265 ms

When targeted via Postman returns the following:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html>
    <head>
        <title>400 Bad Request</title>
    </head>
    <body>
        <h1>Bad Request</h1>
        <p>Your browser sent a request that this server could not understand.
            <br />
        </p>
    </body>
</html>

The endpoint is setup as follows (some info redacted):

There is no authentication or authorization setup (it's a direct pass through query parameter).

Answer 1

I spent hours on this.

In my case, this was only happening from a XHR, causing a CORS error during preflight

Access to XMLHttpRequest at '...' from origin '...' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource

even though the headers were properly configured being returned from the backend (via HTTP Proxy integration) and CORS was properly configured in AWS API Gateway.

I tracked down the problem to the unencoded curly brackets used in the XHR query parameter:

where=[{"field": "client_id", "op": "eq", "value": 1}]

URL encoding those characters fixed the 400 Bad Request. Phew!

Answer 2

Apparently, the "HTTP Proxy" setting was causing this. Instead of doing this, I manually mapped each request query parameter in the integration step. By unchecking HTTP Proxy and doing this manual mapping, every request is properly proxied without issue.