使用 Amazon API Gateway 时，如何从 Django 后端获取请求中使用的 API 密钥？

Question

Pretty self explanatory title. I'm using API Gateway in AWS, requiring an API key to access a backend written in Django (not using lambda). I need to know how to access the API key used in the request to keep track of who did what at the app level.

Answer 1

You can use mapping templates and get the API Key from the $context variable, it's the apiKey property inside the identity object: http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html#context-variable-reference

Create a mapping template for your requests and include the property in it. For example, if you wanted to include the entire request body + the API Key you would do this:

{
  "body": $input.json('$'),
  "apiKey": "$context.identity.apiKey"
} 

Answer 2

Depending on how your backend application is built, you could send the API key to your application in a HTTP parameter (path, query string, or header) or in the request body. Please have a read through the docs on how to move data between the two systems.

Thanks, Ryan

Answer 3

Here is how I finally made it work. At the top or bottom of the template, include this line.

#set($context.requestOverride.header.x-api-key = $context.identity.apiKey)

When your backend receives this request, the api key will be in the header x-api-key .

Here is a basic mapping template that just forwards the (json) body and the header.

$input.json("$")
#set($context.requestOverride.header.x-api-key = $context.identity.apiKey)

API Gateway uses the X-API-Key header, so I like for my backend to also use that. That way I can use the same testing commands with only the URL being different.