No wonder. I didn't realize I needed to set up an usage plan. Although the documentation does have this section under "distribution", I didn't think about setting it up during the development phase. Thank you very much for your video!
Hi Felix, thanks for the video, very helpful. One question, say I have 100 different endpoints with a GET and POST method for each. What's the best way to apply the API key to each Method Request? Using the SDK? Doing it manually one by one is not feasible for big apps.
Nice tutorial, there’s a way to get the number of request left for that API key? Example, define a quota of 100 API calls per month and sends to the user how many he has left Thanks
Hey , I am making a phone number locator. I used OpenCageData for API key. The program i am making is just a file on my computer, I am not intending to use it on any website or anything. Do I have to encrypt or restrict the API key? and another question, I am not finding any way to restrict in OpenCage like in Google. (A subscription is needed to do that.) I am using Latitude and Longitude coordinates for locating on the maps. Can I use Google cloud services instead of OpenCage for that?
@Felix Yu Is there a way I can restrict unknown bot clients if the bot creator copies the x-api-key value from their browser and use it in the shell script and invoke api gateway via cURL?
nice presentation. now, how could I add this API-key to my code? And if I do (for example App.js using React) then doesn't this key will be exposed? Sorry, it might be a very naive one. I am quite new to aws.
Thanks for the great tutorials! I followed your tutorials and managed to host my frontend app in cloudFront(with S3) and created api gateway using lambda. Last task is fetching data from the endpoint from my app. I wondering if there is a way to hide api key in the frontend app? Having api key seems safe to use in postman but I can't think a way to hide it in the app🤔
Thats a great question. i dont think we should store api keys in the frontend (not even the .env file) becuz it will go into the build files and users can see everything from the browser. i think the best way to handle that may be having 2 separate api's. one api handles the authentication (i.e., users sign in), which doesnt require an api key cuz anyone can try to log in from the web page. and then after a successful login, this api will call a second api (using an api key) to fetch data from the database and serve it back to the client. i have a separate video that talks abt authentication in react. note that i think i used an api directly in the frontend there. thats is for tutorial/demo purposes only. we shouldnt do that in production ruclips.net/video/ReNkQ0Xkccw/видео.html
@@FelixYu Is there a way I can restrict unknown bot clients if the bot creator copies the x-api-key value from their browser and use it in the shell script and invoke api gateway via cURL?
@@FelixYu Great. I have been looking for a tutorial with a authentication and authorization before users can do something with the app. Looking forwards to it.
Hi, I have a question how do I use the API key in my code? I understand how to access the API in postman, but if I want to push json data to my front end where do i put the header information?
i have a diff video that talks abt how to integrate that into the frontend. make sure u check out part 1 as well so u know how to enable cross site access ruclips.net/video/ReNkQ0Xkccw/видео.html
@@FelixYu What if I want to do it in the backend though? The front end isn't safe because I'm trying to make a public facing application. Basically, I don't know how to pass an http header parameter (the api key) through Javascript. Sorry, if I'm asking too many questions. Your videos are awesome!
Felix, well done. Your presentation is clear, concise, and we can feel you at your ease. A+
glad that it helped :)
damn usage plan portion had me stuck for an hour today! Thanks for the video
o
Wow what a explaination. You got a subscriber. Thanks dude.
Great tutorial Felix. This is what I was looking for
No wonder. I didn't realize I needed to set up an usage plan. Although the documentation does have this section under "distribution", I didn't think about setting it up during the development phase. Thank you very much for your video!
Glad that u found it helpful!!
Thanks for making this follow-up video. Very helpful!
Love your videos, thanks for giving me a better idea of how AWS works.
Glad that u found them helpful :)
Great tutorial. Very clear all steps.
Glad that u found it helpful!!
Thanks bro, simple and short.
Thanks a lot Felix!
Very helpful. Thanks for producing this.
Glad that u found it helpful!!
Thank you Felix for a great tutorial....
Glad that it’s helpful
It really helped, thanks for it, appreciated!
👍
Great work. Really well details video - Thanks for this.
glad that u found it helpful 👍
Felix, awesome video. Thank you very much.
Glad that u found it helpful!!
Hello, thanks for the turorial. Is there a way to create the client API key using aws SDK?
Hi Felix, thanks for the video, very helpful. One question, say I have 100 different endpoints with a GET and POST method for each. What's the best way to apply the API key to each Method Request? Using the SDK? Doing it manually one by one is not feasible for big apps.
thank you so much, it helped me a lot this video!
Awesome!! how can you hide the key when invoking the service from the front? because it appears when I inspect the page.
Did you figure this out?
Thanks much, is x-api-key is a reserved word ?
Nice tutorial, there’s a way to get the number of request left for that API key? Example, define a quota of 100 API calls per month and sends to the user how many he has left
Thanks
Hey ,
I am making a phone number locator. I used OpenCageData for API key. The program i am making is just a file on my computer, I am not intending to use it on any website or anything. Do I have to encrypt or restrict the API key?
and another question,
I am not finding any way to restrict in OpenCage like in Google. (A subscription is needed to do that.) I am using Latitude and Longitude coordinates for locating on the maps. Can I use Google cloud services instead of OpenCage for that?
@Felix Yu Is there a way I can restrict unknown bot clients if the bot creator copies the x-api-key value from their browser and use it in the shell script and invoke api gateway via cURL?
During patch or delete you will get
"message": "Missing Authentication Token
nice presentation. now, how could I add this API-key to my code? And if I do (for example App.js using React) then doesn't this key will be exposed? Sorry, it might be a very naive one. I am quite new to aws.
Thanks for the great tutorials!
I followed your tutorials and managed to host my frontend app in cloudFront(with S3) and created api gateway using lambda. Last task is fetching data from the endpoint from my app. I wondering if there is a way to hide api key in the frontend app?
Having api key seems safe to use in postman but I can't think a way to hide it in the app🤔
Thats a great question. i dont think we should store api keys in the frontend (not even the .env file) becuz it will go into the build files and users can see everything from the browser. i think the best way to handle that may be having 2 separate api's. one api handles the authentication (i.e., users sign in), which doesnt require an api key cuz anyone can try to log in from the web page. and then after a successful login, this api will call a second api (using an api key) to fetch data from the database and serve it back to the client.
i have a separate video that talks abt authentication in react. note that i think i used an api directly in the frontend there. thats is for tutorial/demo purposes only. we shouldnt do that in production
ruclips.net/video/ReNkQ0Xkccw/видео.html
@@FelixYu Is there a way I can restrict unknown bot clients if the bot creator copies the x-api-key value from their browser and use it in the shell script and invoke api gateway via cURL?
What happend if we have an Apikey by Secrets Manager, how we can test it?
Nice. Can you do an TODO app with user registration and login with API Gateway and DynamoDB?
Thank you for the suggestions. I’ll certainly look into it!!!!
@@FelixYu Great. I have been looking for a tutorial with a authentication and authorization before users can do something with the app. Looking forwards to it.
Thank you! :)
Hi, I have a question how do I use the API key in my code? I understand how to access the API in postman, but if I want to push json data to my front end where do i put the header information?
i have a diff video that talks abt how to integrate that into the frontend. make sure u check out part 1 as well so u know how to enable cross site access
ruclips.net/video/ReNkQ0Xkccw/видео.html
@@FelixYu What if I want to do it in the backend though? The front end isn't safe because I'm trying to make a public facing application. Basically, I don't know how to pass an http header parameter (the api key) through Javascript. Sorry, if I'm asking too many questions. Your videos are awesome!
You are god. Thanks.
Tyty glad that u found it helpful!!
In my test error message: "Missing Authentication Token
did u deploy the API to a stage (new or existing one)
10/10
5:28
Thanks a lot
Glad that it’s helpful 👍
Que afan de ponerle anuncions a todos los videos existentes..
done
Thanks
ty