API Gateway

Restrict access by using CORS

Cross-origin resource sharing (CORS) defines a way for client web applications that are loaded in one domain to interact with resources in a different domain

Invalidate caching for the API clients

Header Cache-Control: max-age=0

3 types of authorizations

IAM policy

Amazon Cognito user pool

As an alternative to using IAM roles and policies or Lambda authorizers (formerly known as custom authorizers), you can use an Amazon Cognito user pool to control who can access your API in Amazon API Gateway.

Lambda authorizers

There are two types of Lambda authorizers:

A token-based Lambda authorizer (also called a TOKEN authorizer) receives the caller's identity in a bearer token, such as a JSON Web Token (JWT) or an OAuth token. For an example application, see Open Banking Brazil - Authorization Samples on GitHub.
A request parameter-based Lambda authorizer (also called a REQUEST authorizer) receives the caller's identity in a combination of headers, query string parameters, stageVariables, and $context variables.

For WebSocket APIs, only request parameter-based authorizers are supported.

Restrict access by using CORS​

Invalidate caching for the API clients ​

3 types of authorizations​

IAM policy​

Amazon Cognito user pool​

Lambda authorizers​