Hi @leeeomaaax ,
Hmmm, I am confused and probably I am totally missing the point, here but if those are two different services how is the base path relevant, then at all?
You can "easily" register an authorizer per endpoint (see serverless.yml below).
If the question is about the policy and the value for "Resource": the resource is passed as methodArn to your custom authorizer handler and so you can generate the policy accordingly. See first example here: http://docs.aws.amazon.com/apigateway/latest/developerguide/use-custom-authorizer.html
If this still doesn't answer your question: when you say "base path", do you mean the base path you defined on the custom domain, or the path of the endpoint (regardless of your custom domain)?
serverless.yml - custom authorizer