serverless-appsync-plugin
serverless-appsync-plugin copied to clipboard
Allow to select which API key for API_KEY authentication
Hi everyone,
I'm building Saas app model where each client should have their own API_KEY specified expiry dateTime as additional authorization method (AWS Cognito User Pool is used by default authorization).
I can see we have one field API_Key but have no idea how appsync works out on selecting specifically which API_KEY corresponding for each clients.
Another scenario using API_Key as additional authorization is to allow my mobile apps accessing AppSync with different API_KEY than web apps. Each app should use different API Keys.
Any advise ? really appreciate
Hi @Jackychans There are several issues here I think
- AppSync does support several API keys definitions, and that is definitely something we should support (Currently, we don't)
- Currently, the plugin generates an API key with a one year expiry date by default. I understand you might want to set that yourself. This is also something we should support.
- I imagine you might want to define yourself custom API keys for each microservice/app. This one is currently not possible (API key is generated randomly). See this issue for more details.
Will look into 1) and 2) when I can, unless you want to open a PR yourself??
@Jackychans Please check the new feature available in v1.5.0 See the Api key Management section in the README