How to use API key in API Gateway

AwsHow-ToBeginner · 4 min read

How to Use API Key in AWS API Gateway: Simple Guide

To use an API key in AWS API Gateway, first create the key in the API Gateway console, then enable API Key Required on your API method. Finally, associate the key with a Usage Plan to control access and usage limits.

📐

Syntax

Using an API key in API Gateway involves these parts:

API Key: A unique string that clients send to identify themselves.
Usage Plan: Defines throttling and quota limits and links API keys to APIs.
API Method Setting: Enable API Key Required to enforce key usage.

terraform

resource "aws_api_gateway_api_key" "example_key" {
  name        = "example-api-key"
  description = "API key for client access"
  enabled     = true
}

resource "aws_api_gateway_usage_plan" "example_plan" {
  name = "example-usage-plan"
  api_stages {
    api_id = aws_api_gateway_rest_api.example.id
    stage  = aws_api_gateway_stage.example.stage_name
  }
  throttle {
    burst_limit = 100
    rate_limit  = 50
  }
  quota {
    limit  = 1000
    period = "MONTH"
  }
}

resource "aws_api_gateway_usage_plan_key" "example_key_association" {
  key_id        = aws_api_gateway_api_key.example_key.id
  key_type      = "API_KEY"
  usage_plan_id = aws_api_gateway_usage_plan.example_plan.id
}

resource "aws_api_gateway_method" "example_method" {
  rest_api_id   = aws_api_gateway_rest_api.example.id
  resource_id   = aws_api_gateway_resource.example.id
  http_method   = "GET"
  authorization = "NONE"
  api_key_required = true
}

💻

Example

This example shows how to create an API key, enable API key requirement on a GET method, and link the key to a usage plan using AWS CLI commands.

bash

aws apigateway create-api-key --name "MyApiKey" --enabled

aws apigateway create-usage-plan --name "MyUsagePlan" --throttle burstLimit=100,rateLimit=50 --quota limit=1000,period=MONTH

aws apigateway create-usage-plan-key --usage-plan-id <usage-plan-id> --key-id <api-key-id> --key-type API_KEY

aws apigateway update-method --rest-api-id <api-id> --resource-id <resource-id> --http-method GET --patch-operations op=replace,path=/apiKeyRequired,value=true

Output

API key created with ID: abc123 Usage plan created with ID: xyz789 Usage plan key associated Method updated to require API key

⚠️

Common Pitfalls

Common mistakes when using API keys in API Gateway include:

Not enabling API Key Required on the API method, so the key is ignored.
Forgetting to associate the API key with a usage plan, which disables key enforcement.
Sharing API keys publicly, which risks unauthorized access.
Not deploying the API stage after changes, so updates don't take effect.

json

Wrong:
{
  "apiKeyRequired": false
}

Right:
{
  "apiKeyRequired": true
}

📊

Quick Reference

Summary tips for using API keys in API Gateway:

Create API keys in the API Gateway console or CLI.
Enable API Key Required on methods that need protection.
Use usage plans to control access and limits.
Distribute keys securely to clients.
Deploy API stages after configuration changes.

✅

Key Takeaways

Always enable API Key Required on API methods to enforce key usage.

Associate API keys with usage plans to manage access and quotas.

Create and distribute API keys securely to prevent unauthorized use.

Deploy your API stage after making changes to apply them.

Use usage plans to throttle and limit API usage effectively.