AWS API Gateway Routing - aws-lambda

How can route a request from API Gateway based towards the lambda functions A/B/C based in the fact that specific header is present or not?
https://api.example.com/prod
if the headers "UserType" is:
guest -> redirect to lambda A
normal -> redirect to lambda B
admin -> redirect to lambda C
I know how only using different URL, e.g:
https://api.example.com/prod
https://api.example.com/dev

It's actually not possible. We can bind only one Lambda function with a specific resource of API Gateway. The headers are accessible as an event parameter within the lambda function itself.
Preferred way would be to create 3 different functions(your business logic's will reside here) within your lambda & based on usertype you can call the function.
And if you really want to make use of three different lambdas, you can make use of invoke method available in aws-sdk. You can refer following link for code syntax & example.
https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/Lambda.html#invoke-property
2nd method will definitely increase the response time.

Related

Does the value of global variable persist in multiple API calls

So I have done a lot of research and could not find a proper answer. This might be a bit long post so sorry for that. I am making a backend API using golang. I am using gingonic for routing and api stuffs.
There are 2 part of the service. Application and user. When lets say createAccount endpoint is called from the other micro service, it need to pass the user information and application token in body. Each application is like micro service that is registered to this micro service that I am building and have a unique token. If the token they pass matches then I will get the id of that row and use that to create an entry in user table which will have the id associate with it.
Now for every API call to this micro service, it is important that they are sending the valid token and that row id is needed to do all sort of functionality like login user, edit user info and so on as the each user is connected with that app id by foreign key. Currently, I wrote a middleware and when any api call is made I get row id and save it to a global variable and then when necessary I am using it in any part of the codebase.
Lets say if 5 multiple API call is made, will that global variable information will be persisted or for each call its brand new value? If it is persisted then what can I do to achieve the brand new of Global variable for every API call or if there are better approach can you please recommend it?
A global variable is not the answer here. It will be overwritten by each request as you suspected. Instead, the typical way to handle this situation is to have a context object that is created within the scope of the HTTP Request and passed to each method that requires knowledge of that context.
One basic rule is to AVOID using the global variables, it is bad practices, you cannot manage the state and you are limited for testing and concurrency using.
In my mind come two basic solutions:
Use context for this. In your handler, add the value in context and propagate this context by all your service calls. It is also useful for tracing if you are working with microservices, then you also should take a look for this. And in the place where you need the value from your global variable, do simple call: ctx.Value(YOUR_KEY) Take a look at the end of the page, you shouldn't use string as the key to context values.
You can wrap your data in the struct with this variable value. For example:
type CreateReq struct {
Token string // value from global variable
User user
}
and use this Token in your services.

How to execute different aws lambda depending on request body variable/item (aws api gateway)

I want to be able to execute different lambda based on a request parameter. How can I do this?
example:- If I have two aws lambdas abc and pqr, I want to send lambda-function-name parameter in request body (for a POST request). Depending on value of lambda-function-name I want to execute either abc or pqr?
Is this possible?
Unfortunately api gateway can only differentiate based on method and path.
A solution, however, would be to have a "proxy" lambda that inspected the POST body, invoked the desired lambda (using the aws-sdk; documentation for node here) and then returned the result.

Can API-Gateway check the input parameters and reject (without passing it to Lambda) an HTTP request?

I would like to use API-Gateway (plus Lambda) to realize a PetStore Restful API. One of the API entry point is and the body of the POST request needs to contain 'name'. See the PetStore definition snippet below:
/pets/
POST
definitions:
NewPet:
required:
- name
properties:
name:
type: string
tag:
type: string
Can I make API-Gateway smart enough to reject requests that does not contain the required field (in this case, 'name'), without calling the Lambda (yes, I understand I am able to check the input fields inside the Lambda function, but I wonder if I can avoid it)? -- this would save a lot of time and complexity to deal with the corner case.
This can be achieved through using request validation set in the "method request" settings.
If you want to validate the request body rather than query string you need to create a model;
APIs > {ApiName} > Models
In the sidebar.
Create your model using JSON Schema
In the API Gateway, choose to validate the request body then select your created model in the dropdown.
API Gateway config page

Is it possible to pass an API Gateway variable into a Lambda Context?

I'd quite like to be able to use context.stage in a Lambda call, passed in from the API gateway context - but I can only see how to put it into the message body (event object).
Is there any way to add arbitrary information to the Lambda Context?
I believe your only option is to add it to the event. You can always extract the value at the start of your Lambda function and then delete the property.
The Rest API example from AWS does something similar:
var operation = event.operation;
delete event.operation;

Combining GET and POST in Sinatra (Ruby)

I am trying to make a RESTful api and have some function which needs credentials. For example say I'm writing a function which finds all nearby places within a certain radius, but only authorised users can use it.
One way to do it is to send it all using GET like so:
http://myapi.heroku.com/getNearbyPlaces?lon=12.343523&lat=56.123533&radius=30&username=john&password=blabla123
but obviously that's the worst possible way to do it.
Is it possible to instead move the username and password fields and embed them as POST variables over SSL, so the URL will only look like so:
https://myapi.heroku.com/getNearbyPlaces?lon=12.343523&lat=56.123533&radius=30
and the credentials will be sent encrypted.
How would I then in Sinatra and Ruby properly get at the GET and POST variables? Is this The Right Way To Do It? If not why not?
If you are really trying to create a restful API instead if some URL endpoints which happen to speak some HTTP dialect, you should stick to GET. It's even again in your path, so you seem to be pretty sure it's a get.
Instead of trying to hide the username and password in GET or POST parameters, you should instead use Basic authentication, which was invented especially for that purpose and is universally available in clients (and is available using convenience methods in Sinatra).
Also, if you are trying to use REST, you should embrace the concept of resources and resoiurce collections (which is implied by the R and E of REST). So you have a single URL like http://myapi.heroku.com/NearbyPlaces. If you GET there, you gather information about that resource, if you POST, you create a new resource, if you PUT yopu update n existing resource and if you DELETE, well, you delete it. What you should do before is th structure your object space into these resources and design your API around it.
Possibly, you could have a resource collection at http://myapi.heroku.com/places. Each place as a resource has a unique URL like http://myapi.heroku.com/places/123. New polaces can be created by POSTing to http://myapi.heroku.com/places. And nearby places could be gathered by GETing http://myapi.heroku.com/places/nearby?lon=12.343523&lat=56.123533&radius=30. hat call could return an Array or URLs to nearby places, e.g.
[
"http://myapi.heroku.com/places/123",
"http://myapi.heroku.com/places/17",
"http://myapi.heroku.com/places/42"
]
If you want to be truly discoverable, you might also embrace HATEOAS which constraints REST smentics in a way to allows API clients to "browse" through the API as a user with a browser would do. To allow this, you use Hyperlink inside your API which point to other resources, kind of like in the example above.
The params that are part of the url (namely lon, lat and radius) are known as query parameters, the user and password information that you want to send in your form are known as form parameters. In Sinatra both of these type of parameters are made available in the params hash of a controller.
So in Sinatra you would be able to access your lon parameter as params[:lon] and the user parameter as params[:user].
I suggest using basic or digest authentication and a plain GET request. In other words, your request should be "GET /places?lat=x&lon=x&radius=x" and you should let HTTP handle the authentication. If I understand your situation correctly, this is the ideal approach and will certainly be the most RESTful solution.
As an aside, your URI could be improved. Having verbs ("get") and query-like adjectives ("nearby") in your resource names is not really appropriate. In general, resources should be nouns (ie. "places", "person", "books"). See the example request I wrote above; "get" is redundant because you are using a GET request and "nearby" is redundant because you are already querying by location.

Resources