If i'm making a saas application that lets user generate there own api key to use the api and given all apis are behind api gateway. Is there a way the api can be initialised at account level?
Hi Mate, As I understood your scenario, the client hits API gateway with his own api key and then it passed to your APIs. You want to measure how many requests each client. If that is the case, you can add Lambda authoriser (here you are just counting the number of requests. It doesnt do any auth logic) which can read the api key and measure how much many requests each client send. You can save this number in DB. You have to pass the header record from API gateway to the authoriser lambda. Assuming the client send the api key in the header. There are two video can be helpful: 1. How to create Lambda Authoriser ruclips.net/video/rRQbVJhlpC4/видео.html 2. How to pass header info from api gateway to lambda ruclips.net/video/o98qYUFSQbc/видео.html Please let me know how this helps. Thanks
Hi NishChin, You have to create usage plan and that is where you can attach the API end point. If you dont like Usage, just set to unlimited. That is same as no usage plan. Hope this helps.
Hi Mate, Usually usage plan comes with API-Key implementation. BTW still you can limit requests in some extends. Go to YOUR_API=> STAGES=> YOUR_STAGE=> YOUR RESOURCE=> ACTION => Then "Method overrides" => Throttling
@@lovetocode4486 yes but that rate and burst limit apply on that perticular API and not for a IP I think ...I mean if user A consumus all the request...then user B will get too many requests
How can I handle 429 exceptions automatically. I want to be notified when the usage quota of any user is almost exhausted so that I can make a decision whether to increase the quota or not
Hey Mate, The cloudwatch metric for API doesn't come specifically 429 (I has metrics for 4xx errors). So have to do a custom implementation. you can use "get-usage" awscli.amazonaws.com/v2/documentation/api/latest/reference/apigateway/get-usage.html api end point to get the usage information and increase the usage limit. Adding a scheduled lambda which checking the usage and increase the limit based on the result.
this is what i need... i dont need cognito or lambda authorization... this is save the day... thank you
Glad to here @Ari. Thanks for the comment
Grate video, Thanks
Thanks @jafarsafdari2753
To the point 👉. Nice
Thanks
Perfect! Thanks.
Thanks for the comment :)
Thanks
Glad that helps. Thanks
If i'm making a saas application that lets user generate there own api key to use the api and given all apis are behind api gateway. Is there a way the api can be initialised at account level?
Hi Mate, As I understood your scenario, the client hits API gateway with his own api key and then it passed to your APIs.
You want to measure how many requests each client.
If that is the case, you can add Lambda authoriser (here you are just counting the number of requests. It doesnt do any auth logic) which can read the api key and measure how much many requests each client send. You can save this number in DB. You have to pass the header record from API gateway to the authoriser lambda. Assuming the client send the api key in the header.
There are two video can be helpful:
1. How to create Lambda Authoriser ruclips.net/video/rRQbVJhlpC4/видео.html
2. How to pass header info from api gateway to lambda ruclips.net/video/o98qYUFSQbc/видео.html
Please let me know how this helps. Thanks
Great tutorial. Is there a way we can exclude a usage plan and use only key?
Hi NishChin,
You have to create usage plan and that is where you can attach the API end point. If you dont like Usage, just set to unlimited. That is same as no usage plan.
Hope this helps.
Can i use usage plan without api key ? I dont want to use api key.. i created useage plan but still i am able to hit request multiple times...
Hi Mate,
Usually usage plan comes with API-Key implementation.
BTW still you can limit requests in some extends.
Go to YOUR_API=> STAGES=> YOUR_STAGE=> YOUR RESOURCE=> ACTION => Then "Method overrides" => Throttling
@@lovetocode4486 yes but that rate and burst limit apply on that perticular API and not for a IP I think ...I mean if user A consumus all the request...then user B will get too many requests
How can I handle 429 exceptions automatically. I want to be notified when the usage quota of any user is almost exhausted so that I can make a decision whether to increase the quota or not
Hey Mate,
The cloudwatch metric for API doesn't come specifically 429 (I has metrics for 4xx errors). So have to do a custom implementation.
you can use "get-usage" awscli.amazonaws.com/v2/documentation/api/latest/reference/apigateway/get-usage.html api end point to get the usage information and increase the usage limit. Adding a scheduled lambda which checking the usage and increase the limit based on the result.