How to access HTTP headers for request to AWS API Gateway using Lambda?

amazon-web-services aws-lambda aws-api-gateway

I see in the API Gateway FAQ that it is possible to access the request headers sent to the API Gateway...

If you already utilize OAuth tokens or any other authorization mechanism, you can easily setup API Gateway not to require signed API calls and simply forward the token headers to your backend for verification.

However, I can find no example of how to do so in the documentation and it is unclear how to access this data using Lambda.

I am able to set up an open API and gain access to the JSON object that is part of a POST (Walkthrough: API Gateway and Lambda Functions), but in order to implement a OAuth 2.0 style API with my own provider I need access to the "Authorization" header.

My preference is to set this up using Lambda and Java 8, but an example using node.js would also be helpful in understanding how to accomplish this.


Solution 1:

You can use the following Mapping Template in the Integration Request to generically map all path, query, and header parameters into the Lambda event. You will still need to register them in the Method Request section of the API Gateway but you can at least decouple the Mapping Template from the specific parameters you want to use. This way you don't have to change the Mapping Template code each time you change headers, query, or path parameters.

I wrote a blog post that gives more detail and some explanation of the Mapping Template: http://kennbrodhagen.net/2015/12/06/how-to-create-a-request-object-for-your-lambda-event-from-api-gateway/

Here is the Mapping Template you can use:

{
  "method": "$context.httpMethod",
  "body" : $input.json('$'),
  "headers": {
    #foreach($param in $input.params().header.keySet())
    "$param": "$util.escapeJavaScript($input.params().header.get($param))" #if($foreach.hasNext),#end

    #end
  },
  "queryParams": {
    #foreach($param in $input.params().querystring.keySet())
    "$param": "$util.escapeJavaScript($input.params().querystring.get($param))" #if($foreach.hasNext),#end

    #end
  },
  "pathParams": {
    #foreach($param in $input.params().path.keySet())
    "$param": "$util.escapeJavaScript($input.params().path.get($param))" #if($foreach.hasNext),#end

    #end
  }  
}

Solution 2:

First, you need to trap the Authorization header from the HTTP GET request. Then you need to map that value to the Lambda event object.

Go to the API method dashboard and click on Method Request. In there you can add an HTTP Request Header called Authorization as shown below.

HTTP Request Headers

This will trap the Authorization header so you can use it later.

Now go back to the method dashboard and click on Integration Request. From here you can pass the value of the header into the Lambda function by using a mapping like this.

{
    "Authorization": "$input.params('Authorization')"
}

Now in your Lambda function you can get the value like this.

event.Authorization

Solution 3:

You need to create input mapping inside Integration Request panel on the dashboard screen describing your API method.

Following code translates name query input parameter into Lambda Event input object:

{
   "name": "$input.params('name')"
}

Screenshot:

API Dashboard screenshot

You can find more info about this in the original API Gateway to Lambda input thread on AWS Forums.

Related

ValueError: Shape of passed values is (1, 6), indices imply (6, 6)
SyntaxError: Generator expression must be parenthesized
FastAPI throws an error (Error loading ASGI app. Could not import module "api")
Should you use a partial class across projects?
What is the most portable way to check whether a trigger exists in SQL Server?
How do i get an Image for the various MessageBoxImage(s) or MessageBoxIcon(s)
How to clear textarea on click?
Best radio-button implementation for IOS
Is there a preprocessor define that is defined if the compiler is MSVC?
write results of sql query to a file in mysql
AutoLayout to keep view sizes proportional
My Git bash forgets my aliases. What can I do?