Member-only story
How to Use Custom Authorizer in AWS API Gateway With Serverless
Custom authorizer and serverless
Introduction
In this tutorial, we will go over setting up two similar APIs. We will compare differences and similarities using REST API and HTTP API in AWS with the help of serverless. Each solution has its own pros and cons.
To start this tutorial you must be at least familiar with basic Javascript programming, have VS Code installed (or any IDE of your preference), be familiar with command prompt, have npm and aws-cli installed and most importantly have AWS account with configured credentials. If you’re reading this then I assume you already have all prerequisites.
First let’s do a quick recap about AWS and their confusing naming convention.
AWS — stands obviously for Amazon Web Services. In order to follow this tutorial you must at least have some basic AWS knowledge or interest to learn something new today.
API — Application Programming Interface. Software that connects computer programs and allows exchanging of data. Soon we will realise API acronym is almost everywhere down below:
API Gateway — is, as the name suggests, gateway to our API. Once we log in to our AWS account we can navigate to API Gateway in order to inspect or manually configure different APIs.
REST API aka API Gateway v1 — the most common type of API nowadays.
HTTP API aka API Gateway v2 — did we just say something about confusing naming conventions. It starts now. HTTP API is also REST API! However, AWS decided to name HTTP API (v2) to distinguish it from REST API (v1). Moreover, HTTP stands for Hyper Text Transfer Protocol which both REST API (v1) and HTTP API (v2) can use. Thus, we will use HTTP protocol for sending request to both REST API (v1) and HTTP API (v2).
API Key — key to our API in a format of random letters and numbers. REST API (v1) supports this while HTTP API (v2) doesn’t.
Authorizer — another form of access control to API. However, this one is more sophisticated and can grant access to certain resources based on access policies and user rights.
