Secure AWS API Gateway Using API Key


There are multiple ways to secure the AWS API Gateway. I used the API Key to secure it. I integrated API Gateway with Lambda, so I will discuss things in Lambda’s context.

Pre Requisites

Go through this AWS API Gateway’s documentation to grasp the basic understanding.


  1. Create a Lambda and add a trigger:
Adding lambda trigger

2. Lambda will create an API Gateway instance, it can be seen in the API Gateway console:

API Gateway Console

3. Create a Usage Plan and associate API and its deployment stage with it. By default, a usage plan is created and attached to test-API.

Usage Plans Console

4. Create an API key and associate it with the usage plan:

API Keys Console

5. Deploy the API

API Gateway Resource Console

6. Get the API URL for API methods:


7. Access the API using the method given below:

  • Using Curl
curl -X POST --data '{"name": "irtiza"}' -H 'x-api-key: 'KeCZKoVY5Z9330Sq22qqh744IWr7oyjH9EBGOhLd'
  • Using Postman
Authorization Header
Request Body

Final Thoughts

Please share your feedback about anything that can be improved or I missed. Thank you

DevSecOps Engineer