I have a problem with Api auth. I have two different api stacks, one for authenticated users, and another for signup, which should be available for unauth users as well. The problem is, that I get 403 forbidden, when I try to post something to the unauth api from within react:

this.api = new sst.Api(this, "SignupApi", {
         defaultAuthorizationType: "AWS_IAM",
         defaultFunctionProps: {
            environment: {
               TABLE_NAME: table.tableName,
            },
         },
         routes: {
            "POST   /registrations": "src/registration/register.main",
            "POST   /activations": "src/registration/activate.main",
         },
      });

In AuthStack:

constructor(scope, id, props) {
      super(scope, id, props);

      const { signupApi, api, bucket } = props;

      this.auth.attachPermissionsForUnauthUsers([signupApi]);

your auth type should be

sst.ApiAuthorizationType.NONE

I see. Thanks. So, would you recommend to use Cloudfront for this unauth api or maybe set up request signing?

I don’t think so.. not for the public API for stuff like user signup

eh, it would be something for later anyway