Can we use HTTP API for private APIs? Like I don’t...
# ssta
Adrián Mouly
07/29/2021, 1:56 AMCan we use HTTP API for private APIs? Like I don’t want to expose my APIs to the world, due is going to be called internally by other services.
f
Frank
07/29/2021, 3:21 AM
Hey @Adrián Mouly, I don’t think it’s possible.
a
Adrián Mouly
07/29/2021, 3:21 AM😞
f
Frank
07/29/2021, 3:21 AM
Private APIs are supported by REST API only.
a
Adrián Mouly
07/29/2021, 3:21 AMYeah.
Adrián Mouly
07/29/2021, 3:21 AMI will need to use that.
Adrián Mouly
07/29/2021, 3:21 AMI have some internal APIs.
Adrián Mouly
07/29/2021, 3:21 AMWhat do you recommend?
f
Frank
07/29/2021, 3:25 AM
hmm.. I don’t have too much experience with it.. I’d imagine using IAM authorization would be the most secured way to protect it if you want to go with HTTP API
a
Adrián Mouly
07/29/2021, 3:29 AMOk. makes sense.
a
Ashishkumar Pandey
07/29/2021, 8:04 AM@Frank HTTP APIs have an integration available to use private vpcs. I think it's called private integration. It was documented on the same page where the http proxy integration was. I think that could work for this use case.
f
Frank
07/29/2021, 4:12 PM
@Ashishkumar Pandey yeah I was looking at that too, and that seems to be used for HTTP Api to proxy a request to something in your VPC (ie. ALB, EC2, etc). But the Api itself is still public visible.
a
Ashishkumar Pandey
07/29/2021, 4:16 PMAh! Understood, that wouldn’t work, this would need a private API Gateway. I think this could probably be achieved using IAM and a private ALB.
a
Adrián Mouly
07/29/2021, 5:03 PM😩