Is AWS usage plan in effect even without API-key as authorization mechanism?

Question

When using API-keys and usage plans for AWS API-gateway - is usage plan used even though the authorization method is not using API-keys (I would still pass x-api-key http header to the API)?

Answer 1

I ran into the same question, but I did not find the answer so I did some testing myself. This is what I found: Even if a method is not API Key required, any request sent to the method with API key in header will subject to the usage plan which is associated API key.

The test I did is:

1. create method A and set requireApiKey to false
2. set the rate and burst throttling values to 0 for a method A under a usage plan
3. associate an APIKey K with the usage plan
4. sent request through PostMan to method A with including K in header, resulted "Too Many Requests" error
5. sent request through PostMan to method A without including K in header, request succeeded.