├── README.md ├── handler.js └── serverless.yml /README.md: -------------------------------------------------------------------------------- 1 | # Serverless secured API 2 | 3 | Serverless service which showcases how to build an API which is accessible through an API key. 4 | 5 | ## Installation 6 | 7 | Make sure that you use Serverless v1. 8 | 9 | 1. Run `serverless install --url https://github.com/pmuens/serverless-secured-api` to install the service in your current working directory 10 | 2. Next up cd into the service with `cd serverless-secured-api` 11 | 3. Deploy with `serverless deploy` 12 | 13 | ## How to use 14 | 15 | Simply perform a request against the exposed endpoint: 16 | 17 | This request should return `Forbidden`: 18 | 19 | ```bash 20 | curl https://XXXX.execute-api.region.amazonaws.com/dev/greet 21 | ``` 22 | 23 | Whereas this one should suceeds: 24 | (you get the API key in the info output after a successfull deployment or if you run `serverless info`) 25 | 26 | ```bash 27 | curl https://XXXX.execute-api.region.amazonaws.com/dev/greet --header "x-api-key: " 28 | ``` 29 | 30 | ## AWS services used 31 | 32 | - Lambda 33 | - API Gateway 34 | -------------------------------------------------------------------------------- /handler.js: -------------------------------------------------------------------------------- 1 | 'use strict'; 2 | 3 | module.exports.securedGreeter = (event, context, callback) => { 4 | const response = { 5 | statusCode: 200, 6 | body: JSON.stringify({ message: "You're in! Hello from the greeter!" }) 7 | }; 8 | 9 | context.succeed(response); 10 | }; 11 | -------------------------------------------------------------------------------- /serverless.yml: -------------------------------------------------------------------------------- 1 | service: serverless-secured-api 2 | 3 | provider: 4 | name: aws 5 | runtime: nodejs4.3 6 | region: us-east-1 7 | stage: dev 8 | apiKeys: 9 | - secret 10 | 11 | functions: 12 | securedGreeter: 13 | handler: handler.securedGreeter 14 | events: 15 | - http: 16 | path: greet 17 | method: GET 18 | private: true 19 | --------------------------------------------------------------------------------