How to secure an API?

pshah331 · April 26, 2019, 1:00pm

Hi,
This is my scenario. I have a public web-site. There are two types of users:

Anonymous – They are exploring the site, haven’t created a login
Signed Users – Have an account and have logged in.

My question is how to handle anonymous users?
I do not want the API to be accessible to the whole world. CORS is also not a good option, as there are many ways around it.

What are my options?

Thanks.

lakshmanpasala · April 29, 2019, 4:50pm

You can set a custom authorizer function for your function and validate the request before invoking your main function.
Here’s the serverless documentation with an example.

Topic		Replies	Views
Make a Serverless API which can work with or without Authentication Serverless Framework lambda , api-gateway	1	737	September 10, 2020
How to setup lambda functions authorization for authenticated and unauthenticated users Serverless Framework	2	447	August 20, 2021
Securing API Gateway endpoints using Cognito Serverless Framework aws	7	13831	July 1, 2018
Best practice to secure API gateway + graphql access? Serverless Framework	0	646	June 18, 2020
How to Call external APIs securely from Serverless Framework Serverless Framework lambda	0	405	October 10, 2019

How to secure an API?

Related topics