Missing Authentication Token while accessing API Gateway?
Solution 1
I think you are directly trying to access API link, this won't work because API is secured using IAM role and you must provide AWS authentication i.e Access key and Secret key.
Use the Postman Chrome extension to test your API: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-use-postman-to-call-api.html
Solution 2
I've lost some time for a silly reason:
When you create a stage, the link displayed does not contain the resource part of the URL:
API URL: https://1111.execute-api.us-east-1.amazonaws.com/dev
API + RESOURCE URL https://1111.execute-api.us-east-1.amazonaws.com/dev/get-list
The /get-list was missing
And of course, you need to check that the method configuration looks like this:
Solution 3
I just had the same issue and it seems it also shows this message if the resource cannot be found.
In my case I had updated the API, but forgotten to redeploy. The issue was resolved after deploying the updated API to my stage.
Solution 4
Make sure you are clicking on the specific Resource first in the Stages tree, as that will populate a URL with the full path to the resource (rather than just the root path):
For other causes, see http://www.awslessons.com/2017/aws-api-gateway-missing-authentication-token/
Solution 5
Looks like (as of April 2019) AWS API Gateway throws this exception for a variety of reasons - mostly when you are hitting an endpoint that API Gateway is not able to reach, either because it is not deployed, or also in cases where that particular HTTP method is not supported.
I wish the gateway sends more appropriate error codes like HTTP 405 Method not supported or HTTP 404 not found, instead of a generic HTTP 403 Forbidden.
umer
I am a professional Web developer. I acquired lots of skills in web development and desktop applications. I always seeking to learn new skills and doing new projects. Always love to be at organizations where innovative multidimensional projects keep appearing. I love to make components that can be used in any application. TECHNICAL EXPERTISE • Server Side Programming: C#, OOP, ASP.Net MVC, ADO.NET, Entity Framework, LINQ, C/C++ • Client Side Programming: JavaScript, jQuery, jQueryUI, JQGrid.js, AJAX, JSON, Bootstrap, HTML, CSS, XML • Databases: MS SQL Server 2014/2012/2008 • Development Tools: MS Visual Studio 2015/2013/2012/2010 Ultimate, MS SQL Server Management Studio, TFS, GitHub, Git , JIRA, ReSharper, Fiddler ,Matlab, Eclipse, Angroid Studio, Rational Rose • Applications: MS Office 2013 Pro Plus, PDF Editors, Image Editors • Operating Systems: Microsoft Windows 8.1/8/7/Vista/Server 2003/XP
Updated on April 22, 2022Comments
-
umer almost 2 years
I am trying to call a Lambda Function through AWS API Gateway. When I mention Authentication type NONE it works fine but API become public and anyone with url can access my API. To make API call secure, I am using Authentication type AWS_IAM and also attached AmazonAPIGatewayInvokeFullAccess policy to my user but getting this error:
{ message: "Missing Authentication Token"}
I don't know what I am missing here.
-
cellepo about 4 yearsI believe most if not all Answers here would also work for any other AWS Service (i.e: also DynamoDB) mapped behind a given API Gateway Resource endpoint. Assuming that's true, API Gateway is the operative interface here (not the AWS Service Resource).
-
Rexben over 3 yearsThe error is as a result of hitting the wrong endpoint
-
RaisinBranCrunch about 3 yearsOr the right endpoint with the wrong method, GET vs. POST, etc.
-
-
Jeff Richards over 6 yearsspecial kudos are required for admitting silly (but common) reasons for a problem. This got me as well.
-
Carlos Alberto Schneider about 6 yearsSorry, I didn't understand what you meant, If you want to check if a post request is setup to use authentication, you need to click on the POST option, under the resource you created, for example, you may have /my-post-call in your resources, and under it, you have OPTION and POST methods. Click on the POST , and then in method configuration, there you can see if authentication is required. But If you want to get the full URL to a post call, it works the same way as a get API URL + RESOURCE, for example, 1111.execute-api.us-east-1.amazonaws.com/dev/my-pos-tcall
-
Josh1billion about 5 yearsA related, dumb thing that tripped me up: make sure your HTTP verb is correct. I was sending a GET instead of a POST by mistake. It seems you'll get this error on any route that doesn't match exactly in terms of both path and verb.
-
Pankaj Sharma over 4 yearsHi Saddam, How AWS authentication can be done in SOAP ui. In POSTMAN, its very easy. Do we have similar way in SOAP UI?
-
cellepo about 4 yearsFWIW, clicking on the Resource itself (in this case, GET) first in the Stages tree I believe should reveal the full URL for that resource directly. More details and an explanatory pic in my related Answer: stackoverflow.com/a/60858537/1357094
-
KQI almost 4 yearsThat's how I got it to work. Re-deployed the resource!.
-
sumanth shetty almost 4 yearscould you have a look at this stackoverflow.com/questions/62894455/…
-
cellepo almost 4 years@sumanthshetty did you try this solution, or any of the rest of the Answers here? Or did you read the AWS link from here?
-
sumanth shetty almost 4 yearsi have tried all the answer from here and also the article
-
Iching Chang about 3 yearsI had the same problem and this solved it, thanks. My issue was actually a bit different than the one mentioned, my problem is that I have an authentication type as NONE, but the request to API gateway does not work. I solve it by (1) not providing any authorization in postman, (2) deploy the api, since I never click the deploy button.
-
Alex 75 almost 3 yearsUsing Postman ? The problem is to call it "for real", not from Postman. > ou must provide AWS authentication i.e Access key and Secret key How?
-
Khan over 2 yearsthat was my fault, i was using the wrong URL
-
Spankied over 2 yearsThis should be accepted answer.
-
Admin about 2 yearsYour answer could be improved with additional supporting information. Please edit to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers in the help center.
-
Z41N about 2 yearsThank you for this! Another issue I ran into was that I was trying to add my API key to "params" in postman instead of "Headers". I knew it was going to work because in the "KEY" column, I started typing "x-api" and it auto-populated the key name, then simply added the API key to the "VALUE" column. Thanks again!
-
OtaconKiko about 2 yearsBTW there's no need to disable authentication, you can pass the api key as x-api-key header