Amazon API Gateway
Developer Guide

Call an API Integrated with an Amazon Cognito User Pool

To call a method with a user pool authorizer configured, the client must do the following:

  • Enable the user to sign up with the user pool.

  • Enable the user to sign in to the user pool.

  • Obtain an identity token of the signed-in user from the user pool.

  • Include the identity token in the Authorization header (or another header you specified when you created the authorizer).

You can use one of the AWS SDKs to perform these tasks. For example:

The following procedure outlines the steps to perform these tasks. For more information, see the blog posts on Using Android SDK with Amazon Cognito User Pools and Using Amazon Cognito User Pool for iOS.

To call an API that's integrated with a user pool

  1. Sign up a first-time user to a specified user pool.

  2. Sign in a user to the user pool.

  3. Get the user's identity token.

  4. Call API methods that are configured with a user pool authorizer, and supply the unexpired token in the Authorization header or another header of your choosing.

  5. When the token expires, repeat steps 2–4. Identity tokens provisioned by Amazon Cognito expire within an hour.

For code examples, see an Android Java sample and an iOS Objective-C sample.