2016/07/28 - Amazon API Gateway - 5 updated api methods
Changes Adds support for authentication through Cognito User Pools.
{'providerARNs': ['string'], 'type': ['COGNITO_USER_POOLS']}
Adds a new Authorizer resource to an existing RestApi resource.
Request Syntax
client.create_authorizer( restApiId='string', name='string', type='TOKEN'|'COGNITO_USER_POOLS', providerARNs=[ 'string', ], authType='string', authorizerUri='string', authorizerCredentials='string', identitySource='string', identityValidationExpression='string', authorizerResultTtlInSeconds=123 )
string
[REQUIRED]
The RestApi identifier under which the Authorizer will be created.
string
[REQUIRED]
[Required] The name of the authorizer.
string
[REQUIRED]
[Required] The type of the authorizer.
list
(string) --
string
Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.
string
[Required] Specifies the authorizer's Uniform Resource Identifier (URI).
string
Specifies the credentials required for the authorizer, if any.
string
[REQUIRED]
[Required] The source of the identity in an incoming request.
string
A validation expression for the incoming identity.
integer
The TTL of cached authorizer results.
dict
Response Syntax
{ 'id': 'string', 'name': 'string', 'type': 'TOKEN'|'COGNITO_USER_POOLS', 'providerARNs': [ 'string', ], 'authType': 'string', 'authorizerUri': 'string', 'authorizerCredentials': 'string', 'identitySource': 'string', 'identityValidationExpression': 'string', 'authorizerResultTtlInSeconds': 123 }
Response Structure
(dict) --
Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.
id (string) --
The identifier for the authorizer resource.
name (string) --
[Required] The name of the authorizer.
type (string) --
[Required] The type of the authorizer. Currently, the only valid type is TOKEN.
providerARNs (list) --
(string) --
authType (string) --
Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.
authorizerUri (string) --
[Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api} . Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial / . For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations
authorizerCredentials (string) --
Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.
identitySource (string) --
[Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.
identityValidationExpression (string) --
A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.
authorizerResultTtlInSeconds (integer) --
The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.
{'providerARNs': ['string'], 'type': ['COGNITO_USER_POOLS']}
Describe an existing Authorizer resource.
Request Syntax
client.get_authorizer( restApiId='string', authorizerId='string' )
string
[REQUIRED]
The RestApi identifier for the Authorizer resource.
string
[REQUIRED]
The identifier of the Authorizer resource.
dict
Response Syntax
{ 'id': 'string', 'name': 'string', 'type': 'TOKEN'|'COGNITO_USER_POOLS', 'providerARNs': [ 'string', ], 'authType': 'string', 'authorizerUri': 'string', 'authorizerCredentials': 'string', 'identitySource': 'string', 'identityValidationExpression': 'string', 'authorizerResultTtlInSeconds': 123 }
Response Structure
(dict) --
Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.
id (string) --
The identifier for the authorizer resource.
name (string) --
[Required] The name of the authorizer.
type (string) --
[Required] The type of the authorizer. Currently, the only valid type is TOKEN.
providerARNs (list) --
(string) --
authType (string) --
Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.
authorizerUri (string) --
[Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api} . Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial / . For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations
authorizerCredentials (string) --
Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.
identitySource (string) --
[Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.
identityValidationExpression (string) --
A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.
authorizerResultTtlInSeconds (integer) --
The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.
{'items': {'providerARNs': ['string'], 'type': ['COGNITO_USER_POOLS']}}
Describe an existing Authorizers resource.
Request Syntax
client.get_authorizers( restApiId='string', position='string', limit=123 )
string
[REQUIRED]
The RestApi identifier for the Authorizers resource.
string
If not all Authorizer resources in the response were present, the position will specificy where to start the next page of results.
integer
Limit the number of Authorizer resources in the response.
dict
Response Syntax
{ 'position': 'string', 'items': [ { 'id': 'string', 'name': 'string', 'type': 'TOKEN'|'COGNITO_USER_POOLS', 'providerARNs': [ 'string', ], 'authType': 'string', 'authorizerUri': 'string', 'authorizerCredentials': 'string', 'identitySource': 'string', 'identityValidationExpression': 'string', 'authorizerResultTtlInSeconds': 123 }, ] }
Response Structure
(dict) --
Represents a collection of Authorizer resources.
position (string) --
items (list) --
Gets the current list of Authorizer resources in the collection.
(dict) --
Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.
id (string) --
The identifier for the authorizer resource.
name (string) --
[Required] The name of the authorizer.
type (string) --
[Required] The type of the authorizer. Currently, the only valid type is TOKEN.
providerARNs (list) --
(string) --
authType (string) --
Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.
authorizerUri (string) --
[Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api} . Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial / . For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations
authorizerCredentials (string) --
Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.
identitySource (string) --
[Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.
identityValidationExpression (string) --
A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.
authorizerResultTtlInSeconds (integer) --
The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.
{'claims': {'string': 'string'}}
Simulate the execution of an Authorizer in your RestApi with headers, parameters, and an incoming request body.
Request Syntax
client.test_invoke_authorizer( restApiId='string', authorizerId='string', headers={ 'string': 'string' }, pathWithQueryString='string', body='string', stageVariables={ 'string': 'string' }, additionalContext={ 'string': 'string' } )
string
[REQUIRED]
Specifies a test invoke authorizer request's RestApi identifier.
string
[REQUIRED]
Specifies a test invoke authorizer request's Authorizer ID.
dict
[Required] A key-value map of headers to simulate an incoming invocation request. This is where the incoming authorization token, or identity source, should be specified.
(string) --
(string) --
string
[Optional] The URI path, including query string, of the simulated invocation request. Use this to specify path parameters and query string parameters.
string
[Optional] The simulated request body of an incoming invocation request.
dict
A key-value map of stage variables to simulate an invocation on a deployed Stage .
(string) --
(string) --
dict
[Optional] A key-value map of additional context variables.
(string) --
(string) --
dict
Response Syntax
{ 'clientStatus': 123, 'log': 'string', 'latency': 123, 'principalId': 'string', 'policy': 'string', 'authorization': { 'string': [ 'string', ] }, 'claims': { 'string': 'string' } }
Response Structure
(dict) --
Represents the response of the test invoke request in for a custom Authorizer
clientStatus (integer) --
The HTTP status code that the client would have received. Value is 0 if the authorizer succeeded.
log (string) --
The Amazon API Gateway execution log for the test authorizer request.
latency (integer) --
The execution latency of the test authorizer request
principalId (string) --
The principal identity returned by the Authorizer
policy (string) --
The policy JSON document returned by the Authorizer
authorization (dict) --
(string) --
(list) --
(string) --
claims (dict) --
(string) --
(string) --
{'providerARNs': ['string'], 'type': ['COGNITO_USER_POOLS']}
Updates an existing Authorizer resource.
Request Syntax
client.update_authorizer( restApiId='string', authorizerId='string', patchOperations=[ { 'op': 'add'|'remove'|'replace'|'move'|'copy'|'test', 'path': 'string', 'value': 'string', 'from': 'string' }, ] )
string
[REQUIRED]
The RestApi identifier for the Authorizer resource.
string
[REQUIRED]
The identifier of the Authorizer resource.
list
A list of operations describing the updates to apply to the specified resource. The patches are applied in the order specified in the list.
(dict) -- A single patch operation to apply to the specified resource. Please refer to http://tools.ietf.org/html/rfc6902#section-4 for an explanation of how each operation is used.
op (string) --
A patch operation whose value indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or "test"; other values are errors.
path (string) --
Operation objects MUST have exactly one "path" member. That member's value is a string containing a JSON-Pointer value that references a location within the target document (the "target location") where the operation is performed.
value (string) --
The actual value content.
from (string) --
The "move" and "copy" operation object MUST contain a "from" member, which is a string containing a JSON Pointer value that references the location in the target document to move the value from.
dict
Response Syntax
{ 'id': 'string', 'name': 'string', 'type': 'TOKEN'|'COGNITO_USER_POOLS', 'providerARNs': [ 'string', ], 'authType': 'string', 'authorizerUri': 'string', 'authorizerCredentials': 'string', 'identitySource': 'string', 'identityValidationExpression': 'string', 'authorizerResultTtlInSeconds': 123 }
Response Structure
(dict) --
Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.
id (string) --
The identifier for the authorizer resource.
name (string) --
[Required] The name of the authorizer.
type (string) --
[Required] The type of the authorizer. Currently, the only valid type is TOKEN.
providerARNs (list) --
(string) --
authType (string) --
Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.
authorizerUri (string) --
[Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api} . Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial / . For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations
authorizerCredentials (string) --
Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.
identitySource (string) --
[Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.
identityValidationExpression (string) --
A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.
authorizerResultTtlInSeconds (integer) --
The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.