swagger for API gateway

Below is the sample snippet for get end point for pets based on id. For this endpoint pet id is passed as path parameter.
In the below snippet few values need to be substituted for it to work. PetsByIdGetLambda.Arn refers to the lambda resource with name PetsByIdGetLambda. This resource needs to be available in the SAM template and reference should be valid. Alternatively we could use the acutal arn of the lambda but it will have to be substituted as part of the provisioning process. Alternative approaches involves using function import and export available in cloudformation. We could also use shell script to token replace the value based on parameters or hard code the value for manual testing purpose and use the console to import the API

swagger: 2.0
basePath: /prod
info:
  title: Pet store API
schemes:
  - https
paths:
    '/api/v1/pets/{id}':
          get:
            produces:
              - application/json
            parameters:
              - name: id_token
                in: header
                required: true
                type: string
              - name: limit
                in: query
                required: false
                type: string
              - name: access_token
                in: header
                required: true
                type: string
              - name: offset
                in: query
                required: false
                type: string
              - name: id
                in: path
                required: true
                type: string
                schema:
                  type: integer
                  minimum: 1
                description: Fetches details of the pet based on id
            responses:
              '200':
                description: 200 response
                schema:
                  $ref: '#/definitions/petsbyidschema'
                headers:
                  Access-Control-Allow-Origin:
                    type: string
                  Access-Control-Allow-Methods:
                    type: string
                  Access-Control-Max-Age:
                    type: string
                  Access-Control-Allow-Headers:
                    type: string
              '400':
                description: 400 response
                headers:
                  Access-Control-Allow-Origin:
                    type: string
                  Access-Control-Allow-Methods:
                    type: string
                  Access-Control-Max-Age:
                    type: string
                  Access-Control-Allow-Headers:
                    type: string
              '401':
                description: 401 response
                headers:
                  Access-Control-Allow-Origin:
                    type: string
                  Access-Control-Allow-Methods:
                    type: string
                  Access-Control-Max-Age:
                    type: string
                  Access-Control-Allow-Headers:
                    type: string
              '403':
                description: 403 response
                headers:
                  Access-Control-Allow-Origin:
                    type: string
                  Access-Control-Allow-Methods:
                    type: string
                  Access-Control-Max-Age:
                    type: string
                  Access-Control-Allow-Headers:
                    type: string
              '404':
                description: 404 response
                headers:
                  Access-Control-Allow-Origin:
                    type: string
                  Access-Control-Allow-Methods:
                    type: string
                  Access-Control-Max-Age:
                    type: string
                  Access-Control-Allow-Headers:
                    type: string
              '500':
                description: 500 response
                headers:
                  Access-Control-Allow-Origin:
                    type: string
                  Access-Control-Allow-Methods:
                    type: string
                  Access-Control-Max-Age:
                    type: string
                  Access-Control-Allow-Headers:
                    type: string
            security:
              - OAuth2: []
            x-amazon-apigateway-request-validator: Validate query string parameters and headers
            x-amazon-apigateway-integration:
              uri: !Sub >-
                arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${PetsByIdGetLambda.Arn}/invocations
              responses:
                .*Encountered empty access_token.*|.*Authorization request parameters are empty*.:
                  statusCode: '401'
                  responseTemplates:
                    application/json: |
                      {
                          "resource-path" : "$context.resourcePath",
                          "errorMessage" : "Encountered bad token. Token invalid and might be expired"
                      }
                .*NoResultException.*|.*No entity found for query*.:
                  statusCode: '404'
                  responseTemplates:
                    application/json: |
                      {
                          "resource-path" : "$context.resourcePath",
                          "errorMessage" : "Resource not found"
                      }
                default:
                  statusCode: '200'
              passthroughBehavior: when_no_match
              httpMethod: POST
              cacheNamespace: 8y1w8l
              cacheKeyParameters:
                - method.request.querystring.offset
                - method.request.querystring.limit
                - method.request.header.id_token
                - method.request.header.access_token
              contentHandling: CONVERT_TO_TEXT
              type: aws_proxy
          options:
            consumes:
              - application/json
            produces:
              - application/json
            responses:
              '200':
                description: 200 response
                headers:
                  Access-Control-Allow-Origin:
                    type: string
                  Access-Control-Allow-Methods:
                    type: string
                  Access-Control-Max-Age:
                    type: string
                  Access-Control-Allow-Headers:
                    type: string
            x-amazon-apigateway-integration:
              responses:
                default:
                  statusCode: '200'
                  responseParameters:
                    method.response.header.Access-Control-Max-Age: '''600'''
                    method.response.header.Access-Control-Allow-Methods: '''GET,OPTIONS,POST,PUT'''
                    method.response.header.Access-Control-Allow-Headers: |-
                      'Content-Type, Authorization, X-Amz-Date, X-Api-Key,
                      X-Amz-Security-Token, access_token, id_token'
                    method.response.header.Access-Control-Allow-Origin: '''*'''
                  responseTemplates:
                    application/json: |
       
                      {}
              requestTemplates:
                application/json: |
                  {
                    "statusCode" : 200
                  }
              passthroughBehavior: when_no_match
              type: mock

Comments

Post a Comment

Popular posts from this blog

Integrate an API with lambda - Part 5

Image
In this part of the blog we will cover the section Integration Response  in detail. This is where we configuration how the response needs to be mapped. On clicking the  details we get a similar screen In here we could add multiple integration responses. This is a very important section for output error code mapping.  If we intend to capture some keyword coming from backend we can use regex expression to filter response and handle the conversion. For example, we could expression .*exception*. to filter responses which has exception occurring any where and map it to error code like 500. Below screenshots shows the steps involved in achieving this.
Read more

Custom authorizer

Creating custom authorizer using SAM AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Resources:   Api:     Type: AWS::Serverless::Api     Properties:       StageName: devtesting       DefinitionBody:         swagger: "2.0"         info:           title:             Ref: AWS::StackName         description: My API that uses custom authorizer         version: 1.0.0         paths:           "/getmesomething":             get:               x-amazon-apigateway-integration:                 httpMethod: GET                 type: aws_proxy         ...
Read more

Integrate an API with lambda - Part 4

Image
In this part of the blog we will cover the section  Integration Request  in detail. In the below screenshot we can see two kinds of integration request involving lambda as back end service. The first one uses lamba function where as second one uses lambda proxy There are multiple options in this section. Most commonly used ones are lambda and mock. Lambda is default option selected Mock option is used when we want API gateway to provide response based on mappings and transformation. It is also the choice when implementing options. Options http method invocation will be used to understand the various method the resource provides along with CORS details. HTTP option is used when we want to make request to another existing end point. We can provide the existing endpoint url in the text box available. This configuration also provides an option to use proxy setting. We could also make method transformations here. For example if the incoming request is a get ...
Read more