Amazon API Gateway

2016/07/29 - Amazon API Gateway - 5 updated api methods

Changes  Update apigateway client to latest version

CreateAuthorizer (updated) Link ¶
Changes (both) 
{'providerARNs': ['string'], 'type': {'COGNITO_USER_POOLS'}}

Adds a new Authorizer resource to an existing RestApi resource.

Request Syntax

client.create_authorizer(
    restApiId='string',
    name='string',
    type='TOKEN'|'COGNITO_USER_POOLS',
    providerARNs=[
        'string',
    ],
    authType='string',
    authorizerUri='string',
    authorizerCredentials='string',
    identitySource='string',
    identityValidationExpression='string',
    authorizerResultTtlInSeconds=123
)
type restApiId:

string

param restApiId:

[REQUIRED]

The RestApi identifier under which the Authorizer will be created.

type name:

string

param name:

[REQUIRED]

[Required] The name of the authorizer.

type type:

string

param type:

[REQUIRED]

[Required] The type of the authorizer.

type providerARNs:

list

param providerARNs:

  • (string) --

type authType:

string

param authType:

Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.

type authorizerUri:

string

param authorizerUri:

[Required] Specifies the authorizer's Uniform Resource Identifier (URI).

type authorizerCredentials:

string

param authorizerCredentials:

Specifies the credentials required for the authorizer, if any.

type identitySource:

string

param identitySource:

[REQUIRED]

[Required] The source of the identity in an incoming request.

type identityValidationExpression:

string

param identityValidationExpression:

A validation expression for the incoming identity.

type authorizerResultTtlInSeconds:

integer

param authorizerResultTtlInSeconds:

The TTL of cached authorizer results.

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'type': 'TOKEN'|'COGNITO_USER_POOLS',
    'providerARNs': [
        'string',
    ],
    'authType': 'string',
    'authorizerUri': 'string',
    'authorizerCredentials': 'string',
    'identitySource': 'string',
    'identityValidationExpression': 'string',
    'authorizerResultTtlInSeconds': 123
}

Response Structure

  • (dict) --

    Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.

    • id (string) --

      The identifier for the authorizer resource.

    • name (string) --

      [Required] The name of the authorizer.

    • type (string) --

      [Required] The type of the authorizer. Currently, the only valid type is TOKEN.

    • providerARNs (list) --

      • (string) --

    • authType (string) --

      Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.

    • authorizerUri (string) --

      [Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api}. Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations

    • authorizerCredentials (string) --

      Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

    • identitySource (string) --

      [Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.

    • identityValidationExpression (string) --

      A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

    • authorizerResultTtlInSeconds (integer) --

      The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.

GetAuthorizer (updated) Link ¶
Changes (response) 
{'providerARNs': ['string'], 'type': {'COGNITO_USER_POOLS'}}

Describe an existing Authorizer resource.

Request Syntax

client.get_authorizer(
    restApiId='string',
    authorizerId='string'
)
type restApiId:

string

param restApiId:

[REQUIRED]

The RestApi identifier for the Authorizer resource.

type authorizerId:

string

param authorizerId:

[REQUIRED]

The identifier of the Authorizer resource.

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'type': 'TOKEN'|'COGNITO_USER_POOLS',
    'providerARNs': [
        'string',
    ],
    'authType': 'string',
    'authorizerUri': 'string',
    'authorizerCredentials': 'string',
    'identitySource': 'string',
    'identityValidationExpression': 'string',
    'authorizerResultTtlInSeconds': 123
}

Response Structure

  • (dict) --

    Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.

    • id (string) --

      The identifier for the authorizer resource.

    • name (string) --

      [Required] The name of the authorizer.

    • type (string) --

      [Required] The type of the authorizer. Currently, the only valid type is TOKEN.

    • providerARNs (list) --

      • (string) --

    • authType (string) --

      Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.

    • authorizerUri (string) --

      [Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api}. Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations

    • authorizerCredentials (string) --

      Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

    • identitySource (string) --

      [Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.

    • identityValidationExpression (string) --

      A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

    • authorizerResultTtlInSeconds (integer) --

      The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.

GetAuthorizers (updated) Link ¶
Changes (response) 
{'items': {'providerARNs': ['string'], 'type': {'COGNITO_USER_POOLS'}}}

Describe an existing Authorizers resource.

Request Syntax

client.get_authorizers(
    restApiId='string',
    position='string',
    limit=123
)
type restApiId:

string

param restApiId:

[REQUIRED]

The RestApi identifier for the Authorizers resource.

type position:

string

param position:

If not all Authorizer resources in the response were present, the position will specificy where to start the next page of results.

type limit:

integer

param limit:

Limit the number of Authorizer resources in the response.

rtype:

dict

returns:

Response Syntax

{
    'position': 'string',
    'items': [
        {
            'id': 'string',
            'name': 'string',
            'type': 'TOKEN'|'COGNITO_USER_POOLS',
            'providerARNs': [
                'string',
            ],
            'authType': 'string',
            'authorizerUri': 'string',
            'authorizerCredentials': 'string',
            'identitySource': 'string',
            'identityValidationExpression': 'string',
            'authorizerResultTtlInSeconds': 123
        },
    ]
}

Response Structure

  • (dict) --

    Represents a collection of Authorizer resources.

    • position (string) --

    • items (list) --

      Gets the current list of Authorizer resources in the collection.

      • (dict) --

        Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.

        • id (string) --

          The identifier for the authorizer resource.

        • name (string) --

          [Required] The name of the authorizer.

        • type (string) --

          [Required] The type of the authorizer. Currently, the only valid type is TOKEN.

        • providerARNs (list) --

          • (string) --

        • authType (string) --

          Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.

        • authorizerUri (string) --

          [Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api}. Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations

        • authorizerCredentials (string) --

          Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

        • identitySource (string) --

          [Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.

        • identityValidationExpression (string) --

          A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

        • authorizerResultTtlInSeconds (integer) --

          The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.

TestInvokeAuthorizer (updated) Link ¶
Changes (response) 
{'claims': {'string': 'string'}}

Simulate the execution of an Authorizer in your RestApi with headers, parameters, and an incoming request body.

Request Syntax

client.test_invoke_authorizer(
    restApiId='string',
    authorizerId='string',
    headers={
        'string': 'string'
    },
    pathWithQueryString='string',
    body='string',
    stageVariables={
        'string': 'string'
    },
    additionalContext={
        'string': 'string'
    }
)
type restApiId:

string

param restApiId:

[REQUIRED]

Specifies a test invoke authorizer request's RestApi identifier.

type authorizerId:

string

param authorizerId:

[REQUIRED]

Specifies a test invoke authorizer request's Authorizer ID.

type headers:

dict

param headers:

[Required] A key-value map of headers to simulate an incoming invocation request. This is where the incoming authorization token, or identity source, should be specified.

  • (string) --

    • (string) --

type pathWithQueryString:

string

param pathWithQueryString:

[Optional] The URI path, including query string, of the simulated invocation request. Use this to specify path parameters and query string parameters.

type body:

string

param body:

[Optional] The simulated request body of an incoming invocation request.

type stageVariables:

dict

param stageVariables:

A key-value map of stage variables to simulate an invocation on a deployed Stage.

  • (string) --

    • (string) --

type additionalContext:

dict

param additionalContext:

[Optional] A key-value map of additional context variables.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'clientStatus': 123,
    'log': 'string',
    'latency': 123,
    'principalId': 'string',
    'policy': 'string',
    'authorization': {
        'string': [
            'string',
        ]
    },
    'claims': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    Represents the response of the test invoke request in for a custom Authorizer

    • clientStatus (integer) --

      The HTTP status code that the client would have received. Value is 0 if the authorizer succeeded.

    • log (string) --

      The Amazon API Gateway execution log for the test authorizer request.

    • latency (integer) --

      The execution latency of the test authorizer request

    • principalId (string) --

      The principal identity returned by the Authorizer

    • policy (string) --

      The policy JSON document returned by the Authorizer

    • authorization (dict) --

      • (string) --

        • (list) --

          • (string) --

    • claims (dict) --

      • (string) --

        • (string) --

UpdateAuthorizer (updated) Link ¶
Changes (response) 
{'providerARNs': ['string'], 'type': {'COGNITO_USER_POOLS'}}

Updates an existing Authorizer resource.

Request Syntax

client.update_authorizer(
    restApiId='string',
    authorizerId='string',
    patchOperations=[
        {
            'op': 'add'|'remove'|'replace'|'move'|'copy'|'test',
            'path': 'string',
            'value': 'string',
            'from': 'string'
        },
    ]
)
type restApiId:

string

param restApiId:

[REQUIRED]

The RestApi identifier for the Authorizer resource.

type authorizerId:

string

param authorizerId:

[REQUIRED]

The identifier of the Authorizer resource.

type patchOperations:

list

param patchOperations:

A list of operations describing the updates to apply to the specified resource. The patches are applied in the order specified in the list.

  • (dict) -- A single patch operation to apply to the specified resource. Please refer to http://tools.ietf.org/html/rfc6902#section-4 for an explanation of how each operation is used.

    • op (string) --

      A patch operation whose value indicates the operation to perform. Its value MUST be one of "add", "remove", "replace", "move", "copy", or "test"; other values are errors.

    • path (string) --

      Operation objects MUST have exactly one "path" member. That member's value is a string containing a JSON-Pointer value that references a location within the target document (the "target location") where the operation is performed.

    • value (string) --

      The actual value content.

    • from (string) --

      The "move" and "copy" operation object MUST contain a "from" member, which is a string containing a JSON Pointer value that references the location in the target document to move the value from.

rtype:

dict

returns:

Response Syntax

{
    'id': 'string',
    'name': 'string',
    'type': 'TOKEN'|'COGNITO_USER_POOLS',
    'providerARNs': [
        'string',
    ],
    'authType': 'string',
    'authorizerUri': 'string',
    'authorizerCredentials': 'string',
    'identitySource': 'string',
    'identityValidationExpression': 'string',
    'authorizerResultTtlInSeconds': 123
}

Response Structure

  • (dict) --

    Represents an authorization layer for methods. If enabled on a method, API Gateway will activate the authorizer when a client calls the method.

    • id (string) --

      The identifier for the authorizer resource.

    • name (string) --

      [Required] The name of the authorizer.

    • type (string) --

      [Required] The type of the authorizer. Currently, the only valid type is TOKEN.

    • providerARNs (list) --

      • (string) --

    • authType (string) --

      Optional customer-defined field, used in Swagger imports/exports. Has no functional impact.

    • authorizerUri (string) --

      [Required] Specifies the authorizer's Uniform Resource Identifier (URI). For TOKEN authorizers, this must be a well-formed Lambda function URI. The URI should be of the form arn:aws:apigateway:{region}:lambda:path/{service_api}. Region is used to determine the right endpoint. In this case, path is used to indicate that the remaining substring in the URI should be treated as the path to the resource, including the initial /. For Lambda functions, this is usually of the form /2015-03-31/functions/[FunctionARN]/invocations

    • authorizerCredentials (string) --

      Specifies the credentials required for the authorizer, if any. Two options are available. To specify an IAM Role for Amazon API Gateway to assume, use the role's Amazon Resource Name (ARN). To use resource-based permissions on the Lambda function, specify null.

    • identitySource (string) --

      [Required] The source of the identity in an incoming request. For TOKEN authorizers, this value is a mapping expression with the same syntax as integration parameter mappings. The only valid source for tokens is 'header', so the expression should match 'method.request.header.[headerName]'. The value of the header '[headerName]' will be interpreted as the incoming token.

    • identityValidationExpression (string) --

      A validation expression for the incoming identity. For TOKEN authorizers, this value should be a regular expression. The incoming token from the client is matched against this expression, and will proceed if the token matches. If the token doesn't match, the client receives a 401 Unauthorized response.

    • authorizerResultTtlInSeconds (integer) --

      The TTL in seconds of cached authorizer results. If greater than 0, API Gateway will cache authorizer responses. If this field is not set, the default value is 300. The maximum value is 3600, or 1 hour.