Amazon API Gateway can leverage AWS Lambda functions to make authorization decision. This enables you to customize the business logic behind the scenes.
API Gateway supports two type of custom authorizers:
You can use Token authorizers when your authorization decision is purely based on the client’s bearer token. Request authorizers give your Lambda function access to all of the request information except for the body.
API Gateway can also receive context information from the custom authorizer and pass them to the backend service.
Step 1: Go to AWS API Gateway
Step 2: Open the WildRydes API in the left menu and select Authorizer page
Step 3: Click the button to Create New Authorizer at the top of page
Step 4: Enter ListUnicornAuthorizer as the Name and Lambda as the Type
Step 5: Using the Lambda Function field, select your region and enter the ListUnicornAuthorizer Lambda function name
Step 6: Leave the Lambda Invoke Role field blank
Configured this way, the API Gateway console automatically sets the permissions on the Lambda function to allow the invocation. The console will ask you to confirm this action as you save the new authorizer settings
Step 7: Select Token as the Lambda Event Payload and enter Authorization as the Token Source
Step 8: Leave the default values in the Authorization Caching settings and click Create
Step 9: The API Gateway console asks you to confirm the new permissions on the Lambda function. Click Grant & Create