Creating Api Keys


I followed the documentation on creating api keys for my api. After sls deploy, I see that the key was created in api gateway, however it is not associated with any particular api. All the endpoints I marked as private in serverless.yml did have their “API key Required” flag set to true, and the key itself was created, but it is not associated with the api. Is there another property I need to set in serverless.yml? Or, do I need to “hook up” the api key manually?


Has someone verified that this is a problem, or am I simply doing something wrong. Any info would be appreciated.


I’m having the same problem.


Can you post the serverless.yml files you are using?


I simply added apiKeys property to the serverless.yml file and set the private attribute to true for all the api methods that needed it.

I also tried adding UsagePlan to resources and was able to create a UsagePlan but couldn’t connect the key to the plan.


This is still an issue.

The serverless documentation says that as a result of a CloudFormation limitation, I have to manually connect my api keys to a usage plan. However, according to the CloudFormation documentation, it seems pretty trivial to connect the two. Is this problem really a CloudFormation limitation? If its not, can we get this fixed sooner rather than later? One of my main goals is to be able to create an api without performing manual steps.


Can you share your serverless.yml (at least just the relevant snippet) as @DavidWells mentioned above?


i already removed everything that I was using to try to do it using serverless. Severless documentation already states that it is not possible to connect an api key to a usage plan. The only thing I am doing now is using serverless to create the usage plan, and the api key. I then connect the two together using the aws console:

  Type: AWS::ApiGateway::UsagePlan
  DependsOn: ApiGatewayRestApi
    Description: My Usage plan.
    UsagePlanName: my-usage-plan

What I was trying to do is using the resources section of the serverless.yml file and create the resources according to aws documentation:

I tried several different approaches, but it seemed to come down to the fact I couldn’t get the proper stageId nor could I get a reference to the keyId of the newly created apiKey.


I haven’t used API Keys personally, so just coming at it from a CFN angle here.

You should be able to Ref the automatically generated logical ID (i.e. the API Key, which looks like ApiGatewayApiKey{SequentialID}) to use it in your UsagePlan in the resources section of your serverless.yml, no?


Well, it is working now.

  1. Thanks for pointing out the APiGatewayApiKey{SequentialID}. I guess I didn’t really understand the serverless documentation regarding the logical Id naming conventions until you pointed this out.

  2. AWS’s documentation regarding AWS::ApiGateway::UsagePlan, can’t be followed exactly according to the YAML example. They use a Ref: StageName. Can’t use Ref. If you do, serverless fails to create the script. I think if the serverless documentation didn’t say that connecting the keys to the plans wasn’t possible, I wouldn’t have given up so easily when I hit this error the first time.

  3. Below is what I ended up with:

name: aws
runtime: nodejs4.3
stage: dev
- MyApiKey

Type: AWS::ApiGateway::RestApi
Name: my-service-api

  Type: AWS::ApiGateway::UsagePlan
  DependsOn: ApiGatewayApiKey1
    UsagePlanName: my-usage-plan
      - ApiId:
          Ref: ApiGatewayRestApi
        Stage: ${self:provider.stage}

  Type: AWS::ApiGateway::UsagePlanKey
  DependsOn: MyUsagePlan
  Properties :
      Ref: ApiGatewayApiKey1
    KeyType: API_KEY
      Ref: MyUsagePlan

Making MyUsagePlan dependent upon ApiGatewayApiKey1 was also key. Without it, the attempt to create the plan always happened too soon and cloudformation would fail (API Stage not found). Again, if the serverless documentation didn’t state that connecting the key to the plan wasn’t supported, I wouldn’t have given up so soon when I hit this error the first time.


Thank you for sharing Shawn! However, it isn’t clear to me whether you are also using the serverless.yml file to create the API Keys or does this assume that they already exist?

Can you share a complete file so that we can also see how you are referring to the keys (in the provider section and/or in the functions section)?

So close!!!


The example i shared is from my severless.yml file.

However, this is an old post and my solution is no longer needed. The current version of serverless handles everything automatically.