getting message: forbidden reply from AWS API gateway

Question

I am trying to create a lambda service on AWS and have it accessed from outside via the API gateway with no authentication or restriction required.

To make things ea

Answer 1

On the API Gateway dashboard choose Resources, click Actions and choose Deploy API. Before your first deployment the only response you'll get is the {"message":"Forbidden"}.

Answer 2

The only other reason that I've experienced which I don't see mentioned here is literally that you tried to reach the API too quickly after being published. I hit publish and see the "your API is reachable at" domain name, and immediately copy and pasted that into Postman to check it.

I get the forbidden message. Change nothing. Check all settings to ensure that I haven't done anything - everything is correct. Kinda tearing my hair out.

Return a few minutes later to try because I'm quite sure I'm doing it all correct - it works.

DNS man. No matter how fast the Internet is - it ain't instant :)

Answer 3

You need to deploy your api on stage and use stage url go to Resources, click Actions and choose Deploy API

Now if you are getting error

{"message":"Forbidden"}.

Please check following steps

1 ) If you enable api key copy and pass your key in postman

2) Now you still getting same error means you will need to create usage plan

3) set limit and assign plan to your api

Answer 4

If you set 'API' key required to true, you need to pass the api key as header.

API Key is passed as header field 'x-api-key'. Even after adding this field in header, this issue may occur. In that case, please validate below points

• Do you have a Usage Plan? if not need to create one.
• Link you API with Usage Plan. For that add a stage, it will link your API.
• Do you have API Key? if not you need to create an API Key and enable it.
• Add the Usage Plan which is linked with your API to this API Key. For that add Usage Plan.

Answer 5

I might be too late but one of the reasons API Gateway would give "forbidden" message is when you pass data in request Body on a GET operation. To solve the problem either make your resource POST or you do not pass data in request Body.

Answer 6

There are a few things to do when we receive the {message: forbidden} in the API Gateway:

CORS enabled?

1. Check if CORS is Enabled within the API ( to start with, allow the origin '*', to make sure we can test safely )
2. Deploy the API to make sure all settings are as expected

API Key enabled?

3. Check if we have the API Key enabled in the API Gateway
4. Check if there is an API Key configured.
5. Check if your API Key is assigned to the correct usageplan and add an API Stage, without the API Stage you will always receive an {message: forbidden}

If you are still facing issues, let me know so me or one of our cloud gurus @levarne can help.