http-api | The RAPyDo backend framework implementing core HTTP APIs | REST library

According to https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-develop-integrations-private.html it is possible to integrate API Gateway with an internal Application Load Balancer using a private VPC link.

However I cannot make it work.

I have a service accessible internally through the ALB. The ALB has no public IP, it balances requests in a AWS Fargate cluster (all within private subnets).

According to this AWS documentation page covering authorizers for AWS API Gateway it is possible to define authorizer as lambda function returning a boolean value in isAuthorized response field to allow/deny the API request.

However after numerous attempts I can't understand how to define it in serverless.yml (or at least in AWS console)

I'm new to AWS and serverless framework. I've decided not to dive into IAM access policies or Cognito just yet, thus I'm trying to build a very simple lambda authorizer function that just yields a boolean value to allow/deny API access.

I have defined my functions section in serverless.yml as follows:

I have an API Gateway setup using Terraform. I need to be able to visit the API Gateway on the base path, i.e, without the stage name appended to the base URL.

https://{api_id}.execute-api.{region}.amazonaws.com/ <- acceptable

https://{api_id}.execute-api.{region}.amazonaws.com/{StageName} <- not acceptable

I would do this from the console by creating a default deployment stage like here.

I looked but could not find anything in the terraform documentation here for stages

I want to be able to do this by creating the default stage, not using a aws_api_gateway_domain_name resource

I'm using jsforce find-api in order to search for an account by DOB which is a field of type Date.

The call to the API looks like this:

I'm writing an Android app that makes frequent requests to a REST API service. This service has a hard request limit of 2 requests per second, after which it will return HTTP 503 with no other information. I'd like to be a good developer and rate limit my app to stay in compliance with the service's requirements (i.e, not retry-spamming the service until my requests succeed) but it's proving difficult to do.

I'm trying to rate limit OkHttpClient specifically, because I can cleanly slot an instance of a client into both Coil and Retrofit so that all my network requests are limited without me having to do any extra work at the callsites for either of them: I can just call enqueue() without thinking about it. And then it's important that I be able to call cancel() or dispose() on the enqueue()ed requests so that I can avoid doing unnecessary network requests when the user changes the page, for example.

I started by following an answer to this question that uses a Guava RateLimiter inside of an OkHttp Interceptor, and it worked perfectly! Up until I realized that I needed to be able to cancel pending requests, and you can't do that with Guava's RateLimiter, because it blocks the current thread when it acquire()s, which then prevents the request from being cancelled immediately.

I then tried following this suggestion, where you call Thread.interrupt() to get the blocked interceptor to resume, but it won't work because Guava RateLimiters block uninterruptibly for some reason. (Note: doing tryAcquire() instead of acquire() and then interruptibly Thread.sleep()ing isn't a great solution, because you can't know how long to sleep for.)

So then I started thinking about scrapping the Guava solution and implementing a custom ExecutorService that would hold the requests in a queue that would be periodically dispatched by a timer, but it seems like a lot of complicated work for something that may or may not work and I'm way off into the weeds now. Is there a better or simpler way to do what I want?

I stumbled across this article and out of curiosity, I gave it try. I could successfully generate the OpenAPI spec as a JSON file from our ASP.NET Core Web API.

But when trying to create a Connected Service within Visual Studio 2019 to generate the client code from the OpenAPI spec, it fails with the following error:

In my project, I have presently a legacy authentication that works in such a way:

1. There is a client (standalone) that talks to an API service which is a custom application running in a container.
2. A cloud Identity provider (IdP) is used that supports OAuth with PKCE. It provides its token via usual login process when the user goes to a login page and then gets redirected to a callback.
3. API service acts as a recipient for the callback. It, therefore, obtains Identity Provider token-1 and stores it in a cache. Based on this it returns to the client a modified token-2 "computed" from token-1 but different.
4. Once the client needs to make a REST call, it decorates it with the token-2 JWT token. The call goes to the API service that matches it to token-1 which can be then validated against IdP.

I have a need to get rid of the API service with cloud-native mechanisms. I assume that AWS HTTP API gateway can be integrated with IdP directly using its JWT Authorizer capability. Regretfully I can not affect the current legacy flow that must remain functional.

However, I would like to insert a Lambda between the JWT Authorizer and client endpoints which would be doing the exchange of client-facing tokens to IdP tokens (doing what API service was doing). Would that be possible and how I can approach this?

We are trying to set up a desktop application requiring a multi factor authenticated login to connect to Amazon's API gateway. To this end, we have used Amazon Cognito for the authentication with the intention of integrating it with the API gateway. Both of the Cognito and API gateway parts of the setup work independently. The issue comes with adding in the security.

By following the documentation here: https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html, we have configured the API gateway to use an authorizer and a token, which is received on successful login through Cognito. When testing the the authorizer in the AWS console, the token that is received is valid and the authentication is passed.

The issue arises when trying to do this from the desktop application. After hours and hours trawling through documentation and endless googling, we're still no closer to getting it to work.

The documentation says that we have to put the token in the header of the request with the 'Authorization' key. We do this but just keep receiving a HTTP 401 (Unauthorised).

The request header being sent is as follows (the first black rectangle is the api endpoint and the second is the token we are passing in):

The same result is seen when using 3rd party apps such as postman.

From the following documentation: https://docs.aws.amazon.com/apigateway/latest/developerguide/http-api-troubleshooting-jwt.html, we tried the curl command: curl -v -H "Authorization: "

but just keep getting the response:

I installed Hono+Ditto using helm-charts, as it is described in cloud2edge.

That means Hono+Ditto is running inside a minikube on my PC. I also created a connection, policy, and a device. So far everything works fine.

In the next step, I just wrote a simple "frond-end" to fetch the thing state from Ditto-HTTP-API. As long as I fetch the thing state manually by the mean of fetch-API everything is fine. But as soon as I try to use the SSE (Eventsource) I get the following CORS error: