设置 AWS ApiGateway 端点所需的 API 密钥（Swagger 导入）

Question

我尝试使用 Swagger/OpenAPI 定义我的 AWS Api Gateway 基础设施。到目前为止一切正常，但是我的端点需要 API 密钥时遇到问题。

我的 Swagger 文件如下所示（缩短）：

---
swagger: 2.0
basePath: /dev
info:
  title: My API
  description: Proof of concept
schemes:
  - https
securityDefinitions:
  api_key:
    type: apiKey
    name: X-Api-Key
    in: header

paths:
  /example-path:
    options:
      consumes:
        - application/json
      produces:
        - application/json
      x-amazon-apigateway-integration:
        type: mock
        requestTemplates:
          application/json: |
            {
              "statusCode" : 200
            }
        responses:
          "default":
            statusCode: "200"
            responseParameters:
              method.response.header.Access-Control-Allow-Methods: "'GET,HEAD,OPTIONS'"
              method.response.header.Access-Control-Allow-Headers: "'Content-Type,Authorization,X-Amz-Date,X-Api-Key,X-Amz-Security-Token'"
              method.response.header.Access-Control-Allow-Origin: "'*'"
            responseTemplates:
              application/json: |
                {}
    responses:
      200:
        description: Default response for CORS method
        headers:
          Access-Control-Allow-Headers:
            type: "string"
          Access-Control-Allow-Methods:
            type: "string"
          Access-Control-Allow-Origin:
            type: "string"          

    get:
      security:
        - api_key: []
      x-amazon-apigateway-integration:

        # Further definition of the endpoint, calling Lambda etc...

在 CloudFormation 模板中链接 Swagger 文件已成功处理。但是当我在 AWS Web 控制台中打开端点时，API Key Required 的标志仍然是 false。

有什么建议吗？谢谢。

Answer 1

找到解决方案：API 密钥必须命名为 x-api-key（全部小写）。

似乎只有这样才能在导入期间识别设置。

Answer 2

要启用所需的 API 密钥，您需要在安全方案块中添加此 "x-amazon-apigateway-api-key-source" : "HEADER"。

看一个例子：

    "components" : {
        "securitySchemes" : {
          "api-key" : {
            "type" : "apiKey",
            "name" : "x-api-key",
            "in" : "header",
            "x-amazon-apigateway-api-key-source" : "HEADER"
          }
        }
      }

这是一个使用代理请求的例子。 你的 JSON 应该是这样的： openapi3

{
    "openapi": "3.0.3",
    "info": {
      "title": "User Portal",
      "description": "API focused in User Portal.",
      "version": "v1"
    },
    "paths": {
      "users/{proxy+}": {
        "options": {
            "x-amazon-apigateway-integration": {
              "httpMethod": "OPTIONS",
              "payloadFormatVersion": "1.0",
              "type": "MOCK"
            }
          },
        "x-amazon-apigateway-any-method": {
          "produces":[ "application/json"],
          "parameters": [
            {
              "name": "proxy",
              "in": "path",
              "required": "true",
              "type": "string"
            }
          ],
          "responses": {},
          "security": [
            {
              "api-key": []
          }
        ],
          "x-amazon-apigateway-integration": {
            "uri":"https://test.com.br/users/{proxy}",
            "httpMethod":"ANY",
            "type": "HTTP_PROXY"
          }
        }
      }
    },
    "components" : {
        "securitySchemes" : {
          "api-key" : {
            "type" : "apiKey",
            "name" : "x-api-key",
            "in" : "header",
            "x-amazon-apigateway-api-key-source" : "HEADER"
          }
        }
      }
  }

在 openapi2 中，您可以在 yml 中添加它。

swagger: 2.0
basePath: /dev
info:
  title: My API
  description: Proof of concept
schemes:
  - https
securityDefinitions:
  api_key:
    type: apiKey
    name: X-Api-Key
    in: header
    x-amazon-apigateway-api-key-source: HEADER

如果您在使用 api 与 openapi 集成时遇到问题，可以查看这篇文章：Working with API Gateway extensions to OpenAPI