In API gateway I have the two options to pass the API Key whether in the query string or in the header. Is there’s any way to prevent the API Key value to be passed as a query parameter and only enforced the API Key in the header?
Thanks in advance
Hi Mohamed,
I am not aware of any such OOTB option to disable this. You could use a custom extension to remove the query parameter before the IAM (Identify & Authorize) policy is executed. That way IAM will always receive the request without the query parameter and it will not allow the request based on API Key from the query parameter and hence always enforce the API Key header.
Hope this helps.
Regards,
Vallab.
1 Like
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.