Hi In SST is it possible to use API key to authenticate lamb Serverless Stack #help

Hi In SST, is it possible to use API key to authe...

Vishal Vijay

08/01/2021, 7:12 AM

Hi In SST, is it possible to use API key to authenticate lambda with API Gateway ? (Couldn’t find any reference to api key in the doc)

Ashishkumar Pandey

08/01/2021, 10:11 AM

API Key Auth is directly available for the AppSync API. AWS itself doesn’t provide API key based auth for API Gateway v1 or v2. With API Gateway v2 i.e. the

sst.Api

construct you could achieve this using

HttpLambdaAuthorizer

as given in the example here - https://docs.serverless-stack.com/constructs/Api#adding-lambda-authorization. You could set the

HttpLambdaAuthorizer

’s response type to

SIMPLE

to authorize requests by just returning a boolean. For reference check this out - https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigatewayv2-authorizers-readme.html#lambda-authorizers.

Ashishkumar Pandey

08/01/2021, 10:12 AM

@Jay it would be great if we could include the simple response type example for Lambda Authorizers in our docs as provided here - https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigatewayv2-authorizers-readme.html#lambda-authorizers.

Vishal Vijay

08/01/2021, 10:14 AM

Hi @Ashishkumar Pandey Thanks for the response. https://www.serverless.com/framework/docs/providers/aws/events/apigateway/#setting-api-keys-for-your-rest-api Please have a look at above link, this where I'm coming from.

Vishal Vijay

08/01/2021, 10:16 AM

https://serverless-stack.com/chapters/how-to-add-authentication-to-a-serverless-app.html It this article also, it talks about "API keys"

Ashishkumar Pandey

08/01/2021, 10:23 AM

Ah! I figured it out, what serverless is doing is creating a usage plan and binding it to the

RestApi

, here’s how you can do that using the cdk - https://docs.aws.amazon.com/cdk/api/latest/docs/aws-apigateway-readme.html#usage-plan--api-keys. You’ll have to use the

sst.ApiGatewayV1

construct for this though. HTTP APIs i.e.

sst.Api

doesn’t support usage plans.

Vishal Vijay

08/01/2021, 10:25 AM

Got it. Thanks @Ashishkumar Pandey

Frank

08/01/2021, 6:21 PM

@Vishal Vijay yeah, you can add a custom authorizer for

Api

and manage the API keys urself inside a Lambda - https://docs.serverless-stack.com/constructs/Api#adding-lambda-authorization

Frank

08/01/2021, 6:24 PM

The authorizer code looks something like:

Copy code

export const main = async (event) => {
  const authHeader = event.headers.authorization;
  const apiKey = ...; // parse api key from auth header
  const isAuthorized = ...; // check ie. against DynamoDB and see if the key is valid

  return { isAuthorized };
};

Vishal Vijay

08/01/2021, 6:36 PM

Thanks for the suggestion @Frank. I'm aware of this approach, basically I was trying to see if I can use API Gateway default feature (usage plan) for this.

Frank

08/01/2021, 6:38 PM

Ah yeah. That’s only supported in API Gateway REST API. You’d need to use

sst.ApiGatewayV1Api

for that.

Vishal Vijay

08/01/2021, 7:18 PM

Okay 👍

Tomasz Michalak

08/02/2021, 10:51 AM

I implemented my Authorizer with TS:

Copy code

import {
    APIGatewayRequestAuthorizerEventHeaders,
    Handler
} from 'aws-lambda';

interface APIGatewaySimpleAuthorizerEvent {
    headers: APIGatewayRequestAuthorizerEventHeaders | null;
}

interface APIGatewaySimpleAuthorizerResult {
    isAuthorized: boolean
}

/**
 * @link <https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-lambda-authorizer.html>
 */
export const handler: Handler<APIGatewaySimpleAuthorizerEvent, APIGatewaySimpleAuthorizerResult> = async (event) => {
    return handleLogic(event);
};

export function handleLogic(event: APIGatewaySimpleAuthorizerEvent) {
    // your logic here
}

Tomasz Michalak

08/02/2021, 10:51 AM

it works as expected with V2

Open in Slack

Previous Next