Client API throttling in API Gateway
Hi all,
Customer is looking to implement API throttling to their APIs exposed via API Gateway. It is supported by API Gateway using API Keys but the customer has not implemented API keys for each of their customers and is looking for other options leveraging information in the API request/header. Each of the requests currently includes a customer ID that they would like to use.
- 最新
- 最多得票
- 最多評論
What you are describing is a perfect use case for API keys + usage plans. But it seems your customer does not want their end users to make any changes. Have you looked into this blog post? It has an example of how CloudFront can inject the API key for the end users. Not sure how your customer is currently doing auth but another option might be to inject the API key in the Lambda custom authorizer.
A Lambda authorizer function's output is a dictionary-like object, which must include the principal identifier (principalId) and a policy document (policyDocument) containing a list of policy statements. The output can also include a context map containing key-value pairs. If the API uses a usage plan (the apiKeySource is set to AUTHORIZER), the Lambda authorizer function must return one of the usage plan's API keys as the usageIdentifierKey property value.
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 10 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前