The Author Online Book Forums are Moving

The Author Online Book Forums will soon redirect to Manning's liveBook and liveVideo. All book forum content will migrate to liveBook's discussion forum and all video forum content will migrate to liveVideo. Log in to liveBook or liveVideo with your Manning credentials to join the discussion!

Thank you for your engagement in the AoF over the years! We look forward to offering you a more enhanced forum experience.

641666 (2) [Avatar] Offline
#1
I followed the instructions about using an api key to throttle connections, but after I enable it, I get a "Forbidden" error on every request. I tried deleting what I had done and followed the instructions again with the same result. Has anyone else had problems with this section?
Yan Cui (73) [Avatar] Offline
#2
After you enable API Key on your API endpoints, you need to authenticate the request by sending the API key in the HTTP header, e.g. x-api-key: my-super-secret-api-key

If you don't do that, then you will get a 403 Forbidden. If you had manually set up the API Key on your API in the API Gateway console, then you will need to deploy the changes to a stage (probably 'dev' if you were following along with my instructions). Normally when you deploy the changes via the serverless framework, the CloudFormation stack would update the API configuration, then do a deployment as well.

The way to think about it is that, when you change the configurations of the API and its endpoints, you're updating the blueprint. But the changes doesn't take until you deploy it to a particular stage (which, when you're managing it through the Serverless framework, it'll always be one API and one stage, but API Gateway itself allows you to deploy the same API to multiple stages.)
641666 (2) [Avatar] Offline
#3
I was making the changes in the AWS console, and included the x-api-key using postman just like you showed in the video.

I did notice that the UI looked a bit different (around 3:05 in the "How to secure APIs in API gateway" video). After creating the usage plan and api key, the AWS console shows API, stage and a separate section called "configure method throttling" (which I didn't see appear in your video). This looks like a more fine grained version of the throttling already set up in the usage plan, but I'm not sure how it interacts with the overall usage plan settings.