Can I only allow a single API Key to access a single AWS API Gateway endpoint?

Question

I want one of my endpoints to only be available to a single api key. For all others, I want to reject it.

I have been looking around and it seems that you can do this by IAM account or IP address but I can't find anything about API Key. Is this possible?

Answer 1

"I can't find anything about API Key. Is this possible?"

Yes it is.

1. Create a usagePlan, associate it with you API-Stage that you want to protect.
2. Create an API Key and associate it to a usage plan.
3. Mark the apiKey required field as true on the methods in your API.
4. Deploy your API.

Now your API methods will only execute if the correct X-API-Key header is passed in the request, every other request will get a forbidden status.

Answer 2

Yes you can create an API key and attach it to an API Gateway endpoint.

1. Firstly create an API key.
   AWS console -> API Gateway -> API Key -> Actions -> Create API Key.

2. Now Import an API key, API Gateway -> API Key -> Import API keys. Type key in format.

3. In API Gateway Methods(Get/Post) -> In Method request set API Ket Required to true.

4. Now create an usage plan: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-usage-plans-with-console.html

5. Deploy the API.

AWS doc: https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-setup-api-key-with-console.html

You can also follow: https://datanextsolutions.com/blog/protect-aws-api-gateway-endpoints-using-api-keys/