Client API throttling in API Gateway
Hi all,
Customer is looking to implement API throttling to their APIs exposed via API Gateway. It is supported by API Gateway using API Keys but the customer has not implemented API keys for each of their customers and is looking for other options leveraging information in the API request/header. Each of the requests currently includes a customer ID that they would like to use.
- Newest
- Most votes
- Most comments
What you are describing is a perfect use case for API keys + usage plans. But it seems your customer does not want their end users to make any changes. Have you looked into this blog post? It has an example of how CloudFront can inject the API key for the end users. Not sure how your customer is currently doing auth but another option might be to inject the API key in the Lambda custom authorizer.
A Lambda authorizer function's output is a dictionary-like object, which must include the principal identifier (principalId) and a policy document (policyDocument) containing a list of policy statements. The output can also include a context map containing key-value pairs. If the API uses a usage plan (the apiKeySource is set to AUTHORIZER), the Lambda authorizer function must return one of the usage plan's API keys as the usageIdentifierKey property value.
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated 2 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
