It seems it is not possible to set a different authorizer per route using the Api struct in SST. It always uses the defaultAuthorizer if set, and if not set it uses no authorizer.

Hey @Garret Harp, you should be able to. Does this work for you

import { HttpJwtAuthorizer } from "@aws-cdk/aws-apigatewayv2-authorizers";

new Api(this, "Api", {
  defaultAuthorizationType: ApiAuthorizationType.JWT,
  defaultAuthorizer: new HttpJwtAuthorizer({ ... }),
  routes: {
    "GET /a": "src/public.main",
    "GET /b": {
      authorizer: new HttpJwtAuthorizer({ ... }),
      function: "src/private.main",
    },
  },
});

Yeah just figured it out... I was using this:

"GET /": {
  handler: "src/index.handler",
  authorizer: MyAuthorizer
}

Making it:

"GET /": {
  function: { handler: "src/index.handler" },
  authorizer: MyAuthorizer
}

Worked. Looking back at the docs now no idea how putting handler worked as I dont think that is ever shown in the docs other than under the function object.

Yeah, for the route, you can either provide:

"GET /": FunctionDefinition,

or

"GET /": {
  function: FunctionDefinition
  authorizer: AuthorizerDefinition
}

Ah I see, yeah whenever using FunctionDefintion trying to specify the authorizer will not work. Might be worth pointing out in the docs 😅

Yeah, we need to do a better job validating the input and printing out helpful msgs.