x-api-key only secures some resources
My setup:
flask - awsLambda - zappa - api gateway
I do have a simple app running via above mentioned services. In my zappa_settings.json I have 'api_key_required' set to true.
Is it possible to set it up the way, that I will be using api key for every resource endpoint, but one (swagger documentation).
If, yes, where actually do I have to set it up. I don't have any api key setup in my flask app, so I assume it has to be done somewhere in aws.console - but I cannot find it.
EDIT: Just to add to correct answer (below). If you use flasgger it is not sufficient to add just one public endpoint pointing to /apidocs. To make documentation work without api key I had to open these enpoints:
- /apidocs and /apidocs/{proxy+}
- /apispec_1.json - may be different in your case
- /flasgger_static and /flasgger_static/{proxy+}
Yes, this is possible with a bit of configuration in the AWS console.
In your API Gateway setup you probably have the default resources created with a Zappa deployment: / and /{proxy+}.
You can now manually create a new resource corresponding to your documentation endpoint (e.g. /docs).
Clicking on "Actions" -> "Create Resource" you can create the new resource:
After the resource is created, click "Actions" -> "Create Method" and choose "ANY". Point the method and resource to your Lambda function in the dialog.
By default, the new resource should not require the API key.
Note: you might need to redeploy the gateway before the changes take effect. "Actions" -> "Deploy API".