To access AWS API Gateway using the aws generated "API KEY", one must pass they key as a 'x-api-key' header. I know you can do this by 'curl', 'wget', postman and programmatically.
Question: Is there any way the key can be passed as part of a url so that folks who do not have curl/wget/postman etc can call it using just the browser? In other words, is there a way to create a url such as following to perform api-key auth?
https://<api-key>@www.aws-api-gw-url.com/path/to/get_my_data
or
https://www.aws-api-gw-url.com/path/to/get_my_data?x-api-key=<api-key>
I didn't see any way to do this in the official docs or after searching the web. I also tried various combinations unsuccessfully.
The API key may not be passed in the URL. This is by design. If the API key were in the URL, then anything which can see the URL could trivially capture the API key and use it to gain unauthorized access to the API. The would include users looking at the address bar and in some cases other script code running in the browser.