使用GET参数限制AWS API Gateway端点

Question

I have an API Gateway endpoint at some url, like this:

https://api.myapp.com/myendpoint

The people and/or services that are going to be accessing this endpoint need to pass particular parameters and values to the endpoint. Like this:

https://api.myapp.com/myendpoint?token=123456

Is it possible to limit access to the endpoint if the token parameter is missing OR if the token value is not a specific pre-determined value? Can I setup my endpoint to simply ignore calls that don't have the proper token?

I'm planning on using Lambda as the backend. Do I have to deal with this in my Lambda function? Ultimately, I'm trying to avoid unnecessary Lambda and API Gateway usage costs by random individuals making bogus calls to the endpoint. So if I can have API Gateway simply ignore these calls without spinning up Lambda that would be ideal.

If I am able to have API Gateway ignore these calls, do I still get billed for usage when bogus calls are made to the endpoint(s) that are missing the token?

The reason I'm asking is because the 3rd party service that is going to access this endpoint does not have any options for passing authentication parameters in headers or using AWS Cognito, etc. So I'm just trying to think of a simple way to limit access.

Answer 1

You will need to perform this validation in Lambda.

If you have a mapping for a query parameter token to the integration endpoint, then for a request like ...?token=123 API Gateway will pass the parameter to the endpoint, but for ...?token= , API Gateway will not.

API gateway does not do validation of query parameters like you want and you will be billed for the requests.