sid8491
Reputation: 6800
Using Api keys with AWS API Gateway
I want to use api-keys for authorization and grouping users for accesing the api's in API Gateway. The requests will be sent from web-page using javascript calls.
- Is there any way to encrypt the api-keys?
- Lets say I am able to encrypt it, will it be beneficial at all? Because someone can still see the encrypted api-keys and use it, and it will still work, because anyhow i will be decrypting it somewhere.
- Is there any better way?
Upvotes: 0
Views: 345
Answers (1)
Khalid T.
Reputation: 10547
You cannot protect your API keys for authorization when your API calls are initiated from the client (i.e., JavaScript). As you said, there will be no point of encrypting them as well. You'll need to have an authorization provider that can return the API key as part of the response.
API Gateway allows you to have custom authorizer for your API. See Output from an Amazon API Gateway Custom Authorizer.
Upvotes: 1
Related Questions
- Creating API gateway api keys in Lambda
- Using an API key in Amazon API Gateway
- Send AWS API Gateway Key Name to Server
- aws api gateway api key access
- AWS API Gateway: Best practice for API key
- Authorize AWS API Gateway with either API Key or Authorizer
- Alternative way to pass 'x-api-key' to AWS API gateway
- Use API key pairs for users for API gateway
- Api Gateway Api Key immediate use upon creation giving forbidden
- aws api gateway enable api_key for authentication