Last Updated on 02/25/17

There are a few different ways to add a layer of authentication to your API Gateway endpoints, and today we’ll be going over using API keys. You can create API keys for different services or administrators in your architecture. It’s not recommended to set up API keys as user login keys since these API keys are more persistent. I would recommend using custom authorizers to handle your user authentication. API keys are great for testing especially when you’re setting up your API for the first time.

This assumes that you have already setup a Usage Plan and an API key for your endpoint. This short lesson only covers how to add API keys to HTTP requests.

To authenticate your requests, you need to add your key to the request via the x-api-key header. In a curl, you would do something like the following for a GET request:

curl --header "x-api-key: <your_key_here>" https://your-api.execute-api.us-east1-amazonaws.com/prod/<endpoint>

If you wanted to do it in Swift for example, it would look like this:

request.setValue("your-api-key-stuff-here", forHTTPHeaderField: "x-api-key")

In whatever language you’re using, use the requests API to add a header with x-api-key, and you’ll be all set to securely access your endpoint.