Amazon API Gateway + AWS Lambda + OAuth

Amazon API Gateway + AWS Lambda + OAuth

Overview

This document describes how to protect a Web API implemented using Amazon API Gateway + AWS Lambda with an OAuth 2.0 access token.

2016-Apr-6: Amazon API Gateway introduced Custom Authorizer on Feb 11, 2016. It should be utilized. See our new document "Amazon API Gateway Custom Authorizer + OAuth".

Prerequisites

As prerequisites, you need to complete the steps described in the two documents listed below.

  1. [Amazon API Gateway] Walkthrough: Lambda Functions
  2. [Authlete] Getting Started

The following sections assume:

  1. You have a lambda function GetHelloWorld that returns {"Hello":"World"}.
  2. You have /mydemoresource resource that supports GET method on Amazon API Gateway.
  3. You have a service in Authlete. A service is created automatically on sign-up and you can use it.
  4. You have a client application in Authlete. A client application is created automatically on sign-up and you can use it.

If You Are In A Hurry

Go to this page.

If You Need Step-By-Step Guide

Go to the pages below.