Securing Your Serverless API With API Keys

Hi Sam, thanks for the excellent FreeCodeCamp Serverless tutorial! The videos have been very clear and easy to follow. Quality videos.

programmusicuk

Excellent tutorial, clear step by step guide. I wish there were more like this around. Thanks! :)

toninotonnato

Hi sam, please note that after the V3 there has been some changes so there need to be a minor changes in this video, i know you have made a video about V3 changes but this one worthy to be mentioned since a very starter would struggle if he didnt know how to fix it, the apiKeys property become now under the apiGateway property now, same for the usagePlan

abdelhadidjafer

Thanks for the video, it really helped! Could you make another one to explain more intricate details of dealing with api keys? For example, how to create different keys for different stages, what happens with the key every time you deploy everything, is it possible to pass your own value for the key, etc? Because while the docs are confusing, your explanations are crystal clear and easy to follow) thanks again : )

marynavatsko

Hey Sam, you are awesome and definitely a savior for me .Kudos

pavithrab

Nice! just for testing I changed the limit from 1000 down to 5 and I got "message": "Limit Exceeded" on the 6th request :)

MagicJF

You are doing really great work thank you

indianappguy

great tutorials! You deserve a lot of likes! :-)

nielsrozeboom

Hello nice video, is there any way to configure an API Key into my API Gateway without an usage plan configured ?

DanielLpz

Very helpful. How would you update the serverless.yml file programmatically every time a user signs up as needed based on what was said at 12:59?

jacksonmangler

Crystal clear as always, thanks.
Storing the individual users' API keys right there in the .yml file will actually work for the pet project I'm applying this to, since there's only a dozen or so users. But how do you usually store those keys for an API with a large number of users?

alexgochenour

When we use this method for securing apikey and use the apikey in our headers, will the key be visible in network tags in chrome developer tools

ManikPokhetra

Absolutely Awesome your videos, I got a question if I wanted renew the api keys for all user, then what I can do to distribute it without affecting backend or users experience ?
every time that I deploy I get a new api key?

thanks so much 🙂

andresm

@complete Coding How to get the API key value in output using physical or logical ID?. because I want to export and import it in another serverless.yml file, can you help me with it?

vacanttime

Hi, I'm having issues with the private attribute, I'm getting a 403 response. Also, when I put the key, I get the 403 response, too. Can you help me please?

Ner

Note. This technique only applies to AWS rest API (v1)

simonbennett

Loving your videos! I want to secure my back end api so that only my front end can use it. Will an api key be visible in the browser dev tools? Is api key the right solution?

alanmangroo

I am facing the warning unrecognized property 'apiKeys' while run the command sls deploy after added apiKeys in provider, can you please share the solution? iam using serverless version 3

manikandanp

i tried many time, but it is saying apiKeys is a invalid property, please @Complete Coding. can you verify if there is some changes. and this method is no longer supported

abhaysoni