API Gateway

Go to Networking & Content Delivery - API Gateway

Create a new API by clicking on “+ Create API”. Give the API a name, say “Caliper”, and click “Create API”.


“Resources” is where you create the endpoint methods and paths. It is also where you deploy the API when it is ready.

The data will be received via a POST. Any endpoint path can be used, we will use “store”.

To create the endpoint:

  • Actions - Create Resource
    • Resource Name = Store
    • Resource Path = store
      If you want things like /v1/store or /test/store they do not need to go here. They can be dealt with later at Stages and Custom Domain Names.
    • Click “Create Resource”
  • Click on /store
    • Actions - Create Method
    • Choose POST the click on the tick
  • Click on POST
    • Enter the name of the Lambda Function created at Lambda
    • Save - OK

If the Lambda function has not been created you can ignore the error message. It might be better to create the Lambda function first otherwise the permissions do not get set. However, we can re-do this later under Integration Request.

There is now a nice representation of the endpoint titled “/store - POST - Method Execution”.

There are four endpoint blocks: Method Request, Integration Request, Integration Response and Method Response.

Method Request

We will not do anything here.

Integration Request

The Authorization header and the POST body need to passed to our Lambda function.

Click “Integration Request”.

  • Mapping Templates
    • Request body passthrough - Never
    • Add mapping template
      • Enter application/json - tick
      • Enter the below template and Save
  "authorization" : "$input.params('Authorization')",
  "envelope" : $input.json('$')

This template will actually look for Authorization in the path and query string as well as in the header. To restrict it to just the headers, use:

  "authorization" : "$input.params().header.get('Authorization')",
  "envelope" : $input.json('$')
Method Response

We would like to do this last, we need to add 403 here before we do the Integration Response.

Click “Add Response”

Enter 403 - tick

Integration Response

The Lambda function will return some JSON containing “authorization” if the bearer token is missing or unknown, otherwise it will return some JSON saying everything is okay.

For the first, we want an HTTP 403 code returned and for the second a 200. For both, we want the JSON returned in the body.

Everything is already okay for the 200, but a mapping needs to be added for the 403.

Click “Integration Response”.

Click “Add integration response”, then:

  • Lambda Error Regexp: .*authorization.*
  • Method response status: 403 (Must have done under “Method Response” first)
  • Content handling: Passthrough
  • Save

Click the twisty next to “.*authorization.*”:

  • Click Mapping Templates
  • Add mapping template
    • Enter application/json - tick
    • Enter the below template and Save
  #set ($errorMessageObj = $util.parseJson($input.body))


  • Actions - API Actions - Deploy API
  • [New Stage]
  • Enter test, Save

Other Sections

  • Stages - nothing yet, will be created when we Deploy
  • Authorizers - none
  • Gateway Responses - leave
  • Models - nothing to do here
  • Resource Policy - nothing to do here
  • Documentation - later
  • Dashboard - nothing to do here
  • Settings - nothing to do here

In API Gateway, go to Custom Domain Names

  • Create Custom Domain Name
  • Domain Name: caliper.netkno.com
  • Edge Optimized
  • ACM Certificate (us-east-1) - choose the certificate created at HTTPS Certificate (it must have been validated)
  • Save

Get the Target Domain Name and add it to your DNS:

 Hostname   Type   Data
 caliper  CNAME  d2mamfs9a5xjlu.cloudfront.net.

For some differences between Edge Optimized and Regional see: Regional/Edge-optimized API Gateway VS Regional/Edge-optimized custom domain name

Edit the Base Path Mappings as desired.

  • Usage Plans - nothing
  • Client Certificates - nothing
  • VPC Links - nothing
  • Settings - nothing