Not all gateways are meant to be public. Therefore, if you want to share limited API access with the world, one way to do it is through Cross-Origin Resource Sharing (CORS) and API Keys. This is the first of a two-part entry dedicated to creating closed API access using AWS API Gateway.
These are the tools you will need for API development
Cross-Origin Resource Sharing (CORS)
CORS cares about three things:
- The HEADER type
- The HTTP verb (GET, POST, DELETE, UPDATE)
- The origin of these requests (aka http://myspecificdomain.com).
Creating a Process
Step 1 - Providing Access using Headers
Looking at this diagram, we show two blocks called Method Response and Integration Response.
Method Response is where we pick our Headers, Methods and Origins. Said differently, it's where we define our header-types, the HTTP verb and the allowed origin.
Step 2 - Describing which values are allowed into our Headers
Now that we understand the purpose of the Method Response, let's not look at Integration Reponse. This is where we describe which values are permissable from the outside world.
In this example we are allowing
GET requests from anyone
'*' in the world.
Looking at the Header Mappings, all this says is that we are allowing three types of headers, two types of HTTP verbs and access from anyone in the world.