AWS: Providing CORS access to your API Gateway
These are the tools you will need for API development
CORS cares about three things: The HEADER type, the HTTP verb (GET, POST, DELETE, UPDATE) and the origin of these requests (aka http://myspecificdomain.com).
We define our HEADER-types within the Method Response and their values within the Integration Response section.
Step 1 - Add Header Access
Within Method Response we identify the header-type, the HTTP verb and allowed origin.
The Method Response section allows you to pick which Headers, Methods and Origins you want to accept.
Step 2 - Insert Header Values
Within the Integration Response, we describe which values are permissible.
In this example we are allowing
GET requests from anyone
'*' in the world.
API Keys are used to track usage by Group or Organization. They're great for accounting purposes –as a way of keeping record of who is using your service. It's not very hard to use but there is a 4 step process to get started.
The steps to creating API access key include:
- Create a key from the API Dashboard
- Create a usage plan using the API Dashboard
- Link your API stage to a usage plan.
- Link your API key to a usage plan.
- Enter the IAM role that has access to write data to CloudWatch
Step 1 - Create an API Key
Using the process above, step one consists of creating an API key.
Step 2 - Create a usage plan
Usage plans are designed to help you, the API administrator, understand which of your clients is using your API and how much of it. This is especially helpful if you are planning to sell your API service within the AWS Marketplace.
Step 3 - Link your API key to the usage plan
This step is about associating an API stage to a usage plan.
Step 4 - Subscribe API key to usage plan
This step focuses on associating an API key to a usage plan for monitoring and account reconciliation.
Step 5 - Associate an API key to an HTTP Method
There are a few good reason for this. For example, suppose you are an API administrator with 9 available methods. 3 methods are available to the open web, 3 are available to "bronze plan" subscribers and 3 more methods are available to "gold plan" subscribers. As an API administrator, one way to keep things organized is by associating specific API keys to specific methods.
Note: This probably isn't a scalable solution but you get the point.
You associated API keys to methods through the method request.
Once you've clicked the Method Request of an HTTP verb, you can select Api Key Required to true.