Securing Your AWS Lambda API with API Gateway and Postman-Tested Key Authentication

In this article, we will delve into securing your API by adding authentication using AWS API Gateway keys.

Hands-On Section:

Step 1: Create an API Key

The first step in securing your AWS Lambda API is to create an API key that will be used for authentication. These keys can be associated with different users or clients, allowing you to control their access.

  1. Navigate to API Gateway: Start by going to your AWS Management Console and selecting the API Gateway service. Here, you’ll find a list of APIs that you’ve created.
  2. Create an API Key: Under the API Gateway service, click on ‘API Keys’ in the left menu. Then click ‘Create API Key’ to generate a new key. You can give your key a unique name, such as ‘YT Key.’
  3. Save the Key: After creating the key, click ‘Save’ and make sure to take note of the API key that is generated. You will need this key to make authenticated requests to your API.

Step 2: Secure Your API with the Key

Now that you have an API key, you’ll need to configure your API Gateway to require this key for authentication.

  1. Access Your API: Go back to the list of APIs in the API Gateway. Select the API that you want to secure; this is the one you created in the previous video.
  2. Configure API Key Requirement: Inside your API, navigate to the method that you want to secure. In this example, we are using the ‘POST’ method. Under ‘Method Request,’ you will find an option called ‘API Key Required.’ Change this option from ‘False’ to ‘True.’
  3. Deploy the API: After configuring the key requirement, you’ll need to deploy your API to make these changes take effect. Select the stage you want to deploy to (usually the default stage) and click ‘Deploy.’ This might take a little time to propagate.

Step 3: Create a Usage Plan

Usage plans help you manage and control how many requests users can make using their API key. You can create different plans for different types of users, such as free trial users, regular users, and premium users.

  1. Create a Usage Plan: In your API Gateway settings, under ‘Usage Plans,’ click ‘Create Usage Plan.’ Give it a meaningful name, such as ‘YT Plan.’
  2. Set Rate Limits: In your usage plan, you can set the rate limits for requests. You can specify how many requests a user can make per second, how many requests they can make concurrently, and their monthly limit. This helps you prevent abuse and control usage.

Step 4: Attach the Key and Resource to the Plan

Now, it’s time to attach your API key and the API resource to the usage plan.

  1. Attach the Plan to the API: In your usage plan, select your API (e.g., ‘YouTube Demo API’) and the stage (usually the default stage). This connects your usage plan to the API.
  2. Add the API Key: You can add the API key you created earlier. This associates the key with your usage plan.

Step 5: Testing

After configuring all these settings, it’s time to test your secured API. You can do this in a few ways:

  1. Test in API Gateway: In your API’s method, you can use the ‘Test’ feature to verify that your key is required for authentication.
  2. Using Postman or Other API Clients: You can use tools like Postman to make requests to your API. Remember to include the ‘X-API-Key’ header with your API key in your request for authentication.


Securing your AWS Lambda API with API Gateway and API keys is a crucial step in ensuring that only authorized users can access your resources. By following the steps outlined in this article, you can create and manage API keys, set usage limits, and attach them to your API. This provides an extra layer of security and control over your API, allowing you to manage access and usage effectively.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top