This page likely won't work without JavaScript enabled.Notes - AWS API Gateway

API Gateway

Scope of an API and a stage

If an API in AWS API Gateway uses cookies, for example to authenticate the request, this API must be specific to one client, one stage and one origin url. A stage is a stage of development, for example production, staging, development etc. An origin is a URL, including the protocol (HTTP or HTTP over SSL), the domain, and, optionally, the port number, for example "http://example.com:3000" or "https://example.com". Wildcards are not allowed in the origin, when cookies are used.

As a result, you will want to maintain a separate API for every client, and a separate stage for every team and stage. For example

  • API: client-one

    • STAGE: development
    • STAGE: production
  • API: client-two

    • STAGE: development
    • STAGE: staging
    • STAGE: production

Dynamic CORS values

It's not possible to set "Access-Control-Allow-Origin" from a whitelist or a regular expression, since an OPTIONS method on a resource cannot be integrated with a Lambda function. However, OPTIONS response header values can be set using API Gateway's stage variables: '{$stageVariables.variableName}'.

It's possible to set OPTIONS headers dynamically via an ANY method. An ANY method can invoke a Lambda function.