Keys are used to provide access to specific locks. Before we can talk about keys, let's make sure we know how to create a lock using AWS API Gateway. My earlier tutorial will show you how to create a lock using CORS and Headers.
API Keys are used to track usage by Group or Organization. They're great for accounting purposes –as a way of keeping record of who is using your service. It's not very hard to use but there is a 4 step process to get started.
This step is about associating an API stage to a usage plan.
Step 4 - Subscribe API key to usage plan
This step focuses on associating an API key to a usage plan for monitoring and account reconciliation.
Step 5 - Associate an API key to an HTTP Method
There are a few good reason for this. For example, suppose you are an API administrator with 9 available methods. 3 methods are available to the open web, 3 are available to "bronze plan" subscribers and 3 more methods are available to "gold plan" subscribers. As an API administrator, one way to keep things organized is by associating specific API keys to specific methods.
Note: This probably isn't a scalable solution but you get the point.
You associated API keys to methods through the method request.
Once you've clicked the Method Request of an HTTP verb, you can select Api Key Required to true.