问题
I have read quite a few articles like this one and it looks like currently in AWS API Gateway you cannot send API Key in query string.
We also have few legacy clients that will need passing api-key in query string.
So i thought of two options
1>Create lambda function as Integration Type and validate API in key inside function handler. But i am not able to figure out how to validate it against keys in aws. Something like
public async Task<JObject> FunctionHandler(JObject request, ILambdaContext context)
{
// i know how to get apikey from queryStringParameters here
// but how do i validate it against api keys in aws
}
2> Create new custom authorizer, but again not sure how do i do it.
Which would be prefered option. I am using .NET core. Are there any nuget packages already available?
Please note querystring support is required and not debatable even if it is not recommended for security reason
回答1:
You can pass security key in query param use header and pass key
curl -X PUT \
https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice \
-H 'Content-Type: application/json' \
-H 'x-api-key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' \
-d '{
"initData": "HI",
"name": "vaquar khan",
"likes": "Java"
}'
Security key validation taken care by API getaway so no lambda authorizer required
If you are passing in query string
URL:
https://XXXX.XXXXX-api.ca-central-1.amazonaws.com/PROD/XXX-microservice ?x-api-key=XXXXXXXXXXXXXXXX &uid=5
Python 2.7
from __future__ import print_function
import boto3
import json
print('Loading function')
def lambda_handler(event, context):
print(event['params']['querystring']['x-api-key'])
print(event['params']['querystring']['uid'])
来源:https://stackoverflow.com/questions/54014737/how-to-validate-api-key-in-aws-lambda-function