5

I am using AWS Api Gateway. I have created resource and method using API Gateway.

I have created Lambda function for generating signed URL in json format to access s3 bucket via CloudFront.

When I call lambda function using GET method. I pass "channekID" as a querystring. I want to send X-API-Key custom header as well for authorization.

I have tried lot things but did not find any solution. How to send custom header in Lambda function?? and after accessing header value in Lambda How to authorize using x-api-key ?

Improve this question

2 Answers 2

Reset to default
12

You cannot access the header using Lambda. But what you can do is in the Api Gateway create a mapping template that puts a header value in the event object.

The header should be in the $input.params(x) variable that can be used in the mapping template. See the full documentation of how to exactly integrate this.

update: in your mapping template (under api gateway -> your endpoint -> integration request), add something like this:

#set($inputRoot = $input.path('$'))
{
  "apikey" : "$input.params('X-Api-Key')"
}

Now you can access the api key in the lambda function under event.apikey (I did not test this, but we use something similar in production). Note that you can do this for all header variables and also variables in the body.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Okay , Thanks for your response. $input.params(x) means that I am accessing header variable as a querystring . Right !!!!
So How to authorize lambda function using x-api-key ??
I updated the answer with a little example that shows how it could work
Sorry to add this several years later, but I am tryign to figure something after following your response. What you describe works, but then I cannot make the body to be mapped as well. If I try to add a line "body": "$input.params('body')" it does nto work. Can you point me what is different for body?
The post body should be in the event somewhere if you just log it. However, I would highly recommend not using it like this anymore. Instead, it is much easier to use an open source serverless framework like serverless.com. If you create a HTTP endpoint using their yaml file structure you have everything you need right there. The headers are passed by default.
3

Api Gateway team checking in, Luc's answer is correct. Your Lambda function context has access to the request body only, so any headers that your clients send to Api Gateway will have to be mapped in the request template. The example that Luc gave is a good one, but also check out the reference doc:

http://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-mapping-template-reference.html

Jack

Improve this answer

1 Comment

I'm trying to get access to the api key name used (not the actual key) from within a django application. I need to log each request and who made it. How would I do that? Thanks.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.