30

We are developing a mobile/web app for which we are using aws lambda and dynamo db as our backend.The standalone lambda functions are working perfectly. The calls are being routed via api gateway. We are using api keys to leverage the security features that it provides. For some testing purposes, we are trying to call the api end point through a third party rest client POSTMAN.

The requests are of POST type but no matter what we try, we get

403 ("message": "Missing authentication token.")

A snapshot is attached for reference. ( few portions are shaded for security reasons )

enter image description here

  1. We are unable to fathom the root cause for the behaviour.
  2. if the same can be achieved with some other tool then please suggest.
4

7 回答 7

25

From working with AWS API Gateway I have fell into the same trap as it seems you have. There are two things that can cause the infamous 403 ("message": "Missing authentication token.") message to be displayed:

  1. CloudFront's aggressive caching

I notice that you are using CloudFront to cache your API request/responses. CloudFront is a great tool — one of the best caching mechanisms if you ask me — but when caching things during development, it's really easy to get caught up with cached error messages. This may be the case here, so my advice is to remove the API from CloudFront until you have got it fully working.

  1. Forgetting to re-deploy

One of the major features of API Gateway is the way AWS handles multiple versions of APIs. Once deployed, you can be safe in the knowledge that your API endpoints will not change — exactly what you want from an API endpoint.

This is due to the way that endpoints are deployed. Each change that is made in the AWS console has to be deployed to a specific deployment in order to be interacted with live.

For instance, if I deploy my API to the "live" deployment and everything works well, that's great. I can now continue to tweak settings in the AWS console to improve the API over time, and when I'm happy with what I've changed I can deploy again to another API deployment, meaning that current API users will not have to change their interaction methods until a deployment is made back onto the deployment they are working on.

The problem you may be experiencing is that even though you have made lots of changes in the AWS console, you may not have re-deployed to the deployment that you are testing in Postman.

Sidenote:

In the Resource editor panel, you can provide information about this method's response types, their headers and content types. Here it is possible to provide more meaningful error messages to your endpoints.

于 2015-09-16T13:38:57.110 回答
23

It looks like you did not add the resource in your URL. The URL should be something like:

https://my-api-id.execute-api.region-id.amazonaws.com/test/mydemoresource

but yours is more like

https://my-api-id.execute-api.region-id.amazonaws.com/test
于 2015-11-25T09:57:46.460 回答
9

Requesting API Gateway paths that aren't there returns "message: Missing Authentication Token" payload.

Unfortunately that is pretty confusing.

于 2016-04-22T18:25:50.857 回答
5

In my case it was that the method I supported is POST and I tried to GET it in the browser. I retried by doing a POST in Postman and it worked!

于 2016-01-30T06:58:03.890 回答
4

I had to add an API Usage plan, and then link the plan to the API stage.

Seems like this is the only way to link the key to the API in AWS..

于 2016-09-07T08:42:39.613 回答
0

On the Stage Editor page, there is a left nav with the stage name. If you expand this you get a forward-slash; if you expand this, you get your resource. If you expand your resource you get your method, and if you click on the method you get an "Invoke URL" link (which is the same as the above but with the resource appended). This invoke URL link works, invoking the GET method and returning results.

于 2017-06-29T09:02:59.727 回答
0

Make sure you are calling the resources that are deployed. If not you will this confusing API error instead to 404. You can check if resources exist by going to deployed "Stages".

To deploy new resources: Go to Actions -> Deploy API

amz-api-gateway

And to get the correct endpoint, Go to "Stages" and click on the resource you'd like to call. You see the link "invoke URL"

resource-endpoint

Then you can simply run curl command, 

curl --request GET https://88upd88you.execute-api.us-west-2.amazonaws.com/dev/hello

Note: dev above is my stage name.

于 2018-11-18T19:40:29.650 回答