Today, we will see how we can leverage AWS API Key and Usage Plan to authenticate and restrict the number of requests to AWS REST API.

You will find the whole code and sam CLI deployment script at the end of this post. To configure directly through AWS console visit https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-usage-plans.html

What are usage plans and API keys?

A usage plan specifies who can access one or more deployed API stages and methods — and also how much and how fast they can access them. The plan uses API keys to identify API clients and meters access to the associated API stages for each key. It also lets you configure throttling limits and quota limits that are enforced on individual client API keys.

API keys are alphanumeric string values that you distribute to application developer customers to grant access to your API. You can use API keys together with usage plans or Lambda authorizers to control access to your APIs. API Gateway can generate API keys on your behalf, or you can import them from a CSV file. You can generate an API key in API Gateway, or import it into API Gateway from an external source. For more information, see Set up API keys using the API Gateway console.

Let us look at the example and steps to integrate:

Make sure to add API Auth to true in REST API code in the template.yaml to use the usage plan and API key. You can use the below two lines to set auth to true.

#rest-api #aws #api-key #api-gateway #authentication