问题
I have deployed my rest API on amazon API gateway and I have a scenario in front of me with security concern. I am using an api key for all the api requests, I wanna know if the that api key is exposed somehow and as we know the same api key is being used by already published apps...Then what are my options?
Also as mentioned here
I can have only 10000 API keys per AWS account if I want the api keys to be unique per user for it to be more secure but what if the number of user shoots out to be more than 10000.
Please suggest on the same as it is very important.
回答1:
API keys are not recommended for authorization. Calls received from each API key are monitored and included in the Amazon CloudWatch Logs you can enable for each stage. You should use API keys to monitor usage by third-party developers and leverage a stronger mechanism for authorization, such as IAM or custom authorizers.
Hope this helps
来源:https://stackoverflow.com/questions/37672721/amazon-api-security-with-api-keys