Making calls to AWS api gateway endpoint with api key using rest client POSTMAN

amazon-web-services aws-lambda aws-api-gateway
26,795

Solution 1

From working with AWS API Gateway I have fell into the same trap as it seems you have. There are two things that can cause the infamous 403 ("message": "Missing authentication token.") message to be displayed:

  1. CloudFront's aggressive caching

I notice that you are using CloudFront to cache your API request/responses. CloudFront is a great tool — one of the best caching mechanisms if you ask me — but when caching things during development, it's really easy to get caught up with cached error messages. This may be the case here, so my advice is to remove the API from CloudFront until you have got it fully working.

  1. Forgetting to re-deploy

One of the major features of API Gateway is the way AWS handles multiple versions of APIs. Once deployed, you can be safe in the knowledge that your API endpoints will not change — exactly what you want from an API endpoint.

This is due to the way that endpoints are deployed. Each change that is made in the AWS console has to be deployed to a specific deployment in order to be interacted with live.

For instance, if I deploy my API to the "live" deployment and everything works well, that's great. I can now continue to tweak settings in the AWS console to improve the API over time, and when I'm happy with what I've changed I can deploy again to another API deployment, meaning that current API users will not have to change their interaction methods until a deployment is made back onto the deployment they are working on.

The problem you may be experiencing is that even though you have made lots of changes in the AWS console, you may not have re-deployed to the deployment that you are testing in Postman.

Sidenote:

In the Resource editor panel, you can provide information about this method's response types, their headers and content types. Here it is possible to provide more meaningful error messages to your endpoints.

Solution 2

It looks like you did not add the resource in your URL. The URL should be something like:

https://my-api-id.execute-api.region-id.amazonaws.com/test/mydemoresource

but yours is more like

https://my-api-id.execute-api.region-id.amazonaws.com/test

Solution 3

Requesting API Gateway paths that aren't there returns "message: Missing Authentication Token" payload.

Unfortunately that is pretty confusing.

Solution 4

In my case it was that the method I supported is POST and I tried to GET it in the browser. I retried by doing a POST in Postman and it worked!

Solution 5

I had to add an API Usage plan, and then link the plan to the API stage.

Seems like this is the only way to link the key to the API in AWS..

Share:
26,795
Subham Tripathi
Author by

Subham Tripathi

Frontend dev at Expedia #SOreadytohelp

Updated on November 19, 2020

Comments

  • Subham Tripathi
    Subham Tripathi over 3 years

    We are developing a mobile/web app for which we are using aws lambda and dynamo db as our backend.The standalone lambda functions are working perfectly. The calls are being routed via api gateway. We are using api keys to leverage the security features that it provides. For some testing purposes, we are trying to call the api end point through a third party rest client POSTMAN.

    The requests are of POST type but no matter what we try, we get

    403 ("message": "Missing authentication token.")

    A snapshot is attached for reference. ( few portions are shaded for security reasons )

    enter image description here

    1. We are unable to fathom the root cause for the behaviour.
    2. if the same can be achieved with some other tool then please suggest.
  • Nabin
    Nabin about 8 years
    Yes, usually we are in hurry of testing things out. But if we are patient to read one more line, we are there.
  • mbatchkarov
    mbatchkarov about 7 years
    Same if you use the wrong HTTP method, eg. POST instead of GET. Super confusing

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

AWS Lambda Function is misinterpreting event dictionary in python?
Increase maximum POST size for Amazon API Gateway
API Gateway Static IP Address
How to correctly call queryStringParameters for AWS Lambda + API Gateway?
How to get validate Cognito Access Token in AWS Lambda to allow Gateway API call?
Lambda return only 200 respose code
POST url encoded form to Amazon API Gateway
AWS API Gateway error response generates 502 "Bad Gateway"
AWS API Gateway Custom Authorizer AuthorizerConfigurationException
AWS API Gateway and Lambda to return image