Menu
Amazon API Gateway
Developer Guide

x-amazon-apigateway-authorizer Object

Defines a custom authorizer to be applied for authorization of method invocations in API Gateway. This object is an extended property of the Swagger Security Definitions Operation object.

Properties

Property Name Type Description
type string

The type of the authorizer. This is a required property and the value must be "token".

authorizerUri string

The Uniform Resource Identifier (URI) of the authorizer (a Lambda function). For example,

Copy
"arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:account-id:function:auth_function_name/invocations"
authorizerCredentials string

Credentials required for the authorizer, if any, in the form of an ARN of an IAM execution role. For example, "arn:aws:iam::account-id:IAM_role".

identityValidationExpression string

A regular expression for validating the incoming identity. For example, "^x-[a-z]+".

authorizerResultTtlInSeconds string

The number of seconds during which the resulting IAM policy is cached.

x-amazon-apigateway-authorizer Example

The following Swagger security definitions example specifies a custom authorizer named test-authorizer.

Copy
"securityDefinitions" : { "test-authorizer" : { "type" : "apiKey", // Required and the value must be "apiKey" for an API Gateway API. "name" : "Authorization", // The source header name identifying this authorizer. "in" : "header", // Required and the value must be "header" for an AAPI Gateway API. "x-amazon-apigateway-authtype" : "oauth2", // Specifies the authorization mechanism for the client. "x-amazon-apigateway-authorizer" : { // An API Gateway custom authorizer definition "type" : "token", // Required property and the value must "token" "authorizerUri" : "arn:aws:apigateway:us-east-1:lambda:path/2015-03-31/functions/arn:aws:lambda:us-east-1:account-id:function:function-name/invocations", "authorizerCredentials" : "arn:aws:iam::account-id:role", "identityValidationExpression" : "^x-[a-z]+", "authorizerResultTtlInSeconds" : 60 } } }

The following Swagger operation object snippet sets the GET /http to use the custom authorizer specified above.

Copy
"/http" : { "get" : { "responses" : { }, "security" : [ { "test-authorizer" : [ ] } ], "x-amazon-apigateway-integration" : { "type" : "http", "responses" : { "default" : { "statusCode" : "200" } }, "httpMethod" : "GET", "uri" : "http://api.example.com" } } }