{"id":799,"date":"2021-12-09T11:39:07","date_gmt":"2021-12-09T11:39:07","guid":{"rendered":"https:\/\/www.workfall.com\/learning\/blog\/?p=799"},"modified":"2025-08-20T11:08:39","modified_gmt":"2025-08-20T11:08:39","slug":"control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito","status":"publish","type":"post","link":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/","title":{"rendered":"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito?"},"content":{"rendered":"<span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\">12<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span>\n<p><img src=\"https:\/\/lh5.googleusercontent.com\/EbIFU-J5GCQUApVcGbh4IPEDl27avJDWn0kePvoPlHf9AecfBjAlQYR6ftMjMUIjDibk5zuR39HVJ_KnIrc8SJpIzEPNUa91EsBECoFFBZwtRs5szEJVl2scitlpB5hlzkofw6Og\" style=\"width: 1600px;\"><\/p>\n\n\n\n<p class=\"has-text-align-justify\">In this blog, we&#8217;ll look at how to secure <a href=\"https:\/\/www.workfall.com\/learning\/blog\/how-to-create-publish-and-maintain-high-scalable-apis-using-aws-api-gateway\/\">AWS API Gateway<\/a> endpoints using Cognito User Pools and a JWT authorizer. Authorizers, as described by API Gateway, are services that provide or deny API access to clients depending on a variety of parameters, including authenticated users, permissions, IP addresses, and so on. JWT Authorizers are a new form of Authorizer that uses JSON Web Tokens (JWTs) to offer access control to your API endpoints, as the name implies. JWT Authorizers are based on the OpenID Connect (OIDC) document and the OAuth 2.0 protocol, which are industry standards. Requests to your API will require an access token, which the Authorizer will check once enabled. We&#8217;ll look at how to add JWT authorizers to routes to protect them from unauthorized access.<\/p>\n\n\n\n<p>In this blog, we will cover:<\/p>\n\n\n\n<ul><li>What is Amazon Cognito?<\/li><li>How does it work?<\/li><li>Components of Amazon Cognito<\/li><li>Benefits of AmazonCognito<\/li><li>Common Use cases<\/li><li>Features of Amazon Cognito<\/li><li>Pricing<\/li><li>Customers using Amazon Cognito<\/li><li>Hands-on<\/li><li>Conclusion&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/li><\/ul>\n\n\n\n<h2>What is Amazon Cognito?<\/h2>\n\n\n\n<p class=\"has-text-align-justify\"><a href=\"https:\/\/aws.amazon.com\/cognito\/\" target=\"_blank\" rel=\"noreferrer noopener\">Amazon Cognito<\/a> is a web service that manages user identification and authentication. It synchronizes the user data pool across many Amazon Cloud devices. Amazon Cognito enables sign-in with social identity providers such as Apple, Facebook, Google, and Amazon, as well as enterprise identity providers through SAML 2.0 and OpenID Connect, and is scalable to millions of users.<\/p>\n\n\n\n<h2>How does it work?<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/uZ5aWuHs5ZfIU-dU1m8lqHP3a6_eKdElmNEv26gd7woQKLU6Rmv0EGEZsjeY_otLG2LoulRgHwaicnts6TBtwJq5hw1JuhI5adt5pNQStayQmBxWrfF8OcM-6VswUrL6DK8WqrPc\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Amazon Cognito lets you easily add users to your mobile and web apps by including sign-in screens and authentication functions. Amazon Cognito is a critical component of AWS application development.<\/p>\n\n\n\n<p>There are three basic features of Amazon Cognito:<\/p>\n\n\n\n<ul><li>User management<\/li><li>Authentication<\/li><li>Synchronization<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-justify\">For all of your users, Cognito handles security, authorization, and synchronization for your user management process across devices.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">External identity providers, such as Facebook, Twitter, Google, LinkedIn, and other social identity providers, can also be utilized to authenticate your users with Cognito.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">Cognito may also be used to verify identities in any solution that follows the SAML 2.0 standard. These authorized users can be given temporary security credentials with limited rights to safely access your AWS services.<\/p>\n\n\n\n<h2>Components of Amazon Cognito<\/h2>\n\n\n\n<p>Cognito is divided into two primary sections: User Pools and Identity Pools.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/v9YWNNsN2lPT3JCLYMAni4ExcaDZN6y0t-g_U59P7G4W62RXsQYNFVzC9PCFdaBaI2cEP-ENh0Cao3jKp8v-QRjF3cYyxcrKCucl0k68JN6oqgieci3xpa6AE8gBo9h_4uNhJJGL\" alt=\"Components of Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\"><strong>User Pools:<\/strong> A user directory for authentication (identity verification) that aids in the creation and maintenance of user sign-up and sign-in to online and mobile apps. It also has improved security features including multi-factor authentication (MFA) with email or phone number verification. It&#8217;s also set up using AWS Lambda, which allows customers to modify validation and registration routines.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/_kn8yDm75rlY9RMEXZ3ygtYkmWrzlPCN9JvJj2i7sfJKL65QC2vczm0FY-XO0_bK3tssDOKXP9OLWyY0QQUdtyy8_cuNDfH89xNpa7OgLGfJRvJ8P7Q6exu2E2KvEfKu8HADmtHo\" alt=\"Components of Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Identity Pools:<\/strong> It allows us to provide our users access to other AWS services without having to re-enter their credentials. User Pools and Identity Pools are versatile in Amazon Cognito and may be utilized independently or jointly.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/BkskJfCySEUTY1PBlVVezvCbPKIYRzOPIgQUe-wUeDwP9sAqfIilyLKzGagzjiBoBqQkuEXMGalRXrbUfJVsHcvqm27xiCHCk0hA9OaE32pitIA8omx9B2VOVmoL6_Zg6qRX8Sy-\" alt=\"Components of Amazon Cognito\"\/><\/figure>\n\n\n\n<h2>Benefits of Amazon Cognito<\/h2>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Secure and scalable user directory:<\/strong> Amazon constructs and manages the user pool for your application, making it secure and scalable. The user directory is extremely scalable, with the ability to handle millions of people. It&#8217;s also simple to set up. Each user&#8217;s distinct identity can be generated. You may utilize the directory to allow your users to sign in to your mobile or online application using Amazon Cognito.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Social and enterprise identity federation:<\/strong>&nbsp; In addition to AWS Cognito, your users may sign in using a variety of social identity providers. Users can, for example, create a profile using Google, Facebook, or Apple login. Your users will have a faultless and painless experience as a result of this. You will have a record in your directory of whether the user creates their profile using any of the aforementioned techniques.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Standards-based authentication:<\/strong> Amazon Cognito User Pools is a standards-based Identity Provider that supports OAuth 2.0, SAML 2.0, and OpenID Connect as well as other identity and access management standards.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/_PXoCU5iJOHaicjfqw7Bb0bFMGl1KKC8ovrUI3e-6zWG31P_nqO0eeoRuzxQhmULCupDiYVdQ2aAzj6h42LqtmNqm64BuC3_yfzt4NU6f02A-n5RbaxJdDZw1CuAkz1xkDOFJDsP\" alt=\"Benefits of Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Security for your apps and users:<\/strong> Amazon Cognito enables multi-factor authentication and data encryption at rest and in transit for your apps and users. HIPAA-compliant, Amazon Cognito complies with PCI DSS, SOC, ISO\/IEC 27001, ISO\/IEC 27017, ISO\/IEC 27018, and ISO 9001.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Access control for AWS resources: <\/strong>&nbsp;Amazon Cognito offers methods for controlling access to AWS resources from your app. You may create roles and assign users to them so that your app can only access the resources that each user has access to. Alternatively, you may utilize identity provider attributes in AWS Identity and Access Management permission policies to restrict resource access to users that fulfill certain attribute criteria.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Easy integration with your app:<\/strong> You can integrate Amazon Cognito to add user sign-in, sign-up, and access control to your app in minutes, thanks to a built-in UI and simple configuration for federating identity providers. You may personalize the user interface to make your company&#8217;s branding stand out during all user interactions.<\/p>\n\n\n\n<h2>Common Use cases<\/h2>\n\n\n\n<ul><li>It may also be used to implement AI using lambda expressions. When a user views a product, for example, a function can be called to display similar products.<\/li><\/ul>\n\n\n\n<ul><li>Access control to AWS services such as an S3 bucket is allowed only after user verification.<\/li><\/ul>\n\n\n\n<ul><li>To offer stronger security and provide confidence to its users, automatic email verification is required.<\/li><\/ul>\n\n\n\n<h2>Features of Amazon Cognito<\/h2>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Built-in customizable UI:<\/strong> For user sign-up and sign-in, Amazon Cognito has a built-in, customized UI. To add user sign-up and sign-in pages to your apps, you may utilize the Amazon Cognito SDKs for Android, iOS, and JavaScript.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/ItS5qchve9n_7cGILUx4ZfTX_xbXqRgguGOxhp2PeYTkdjhS3PxBdS1k3OoDOPDw5rx5LpMlYWO7CBbupRTC1I0JGLpWERqdp0kkjenUMYmuYEIFiWOUxrtM0nqa4lAbs-x0HK7y\" alt=\"Features of Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Advanced security features: <\/strong>You may enable advanced security features for your Amazon Cognito with only a few clicks. Amazon Cognito User Pools aid in the security of user accounts in your apps. These enable risk-based adaptive authentication as well as protection against credential compromise.<\/p>\n\n\n\n<p class=\"has-text-align-justify\"><strong>Apps directory for users:<\/strong> Amazon Cognito User Pools provide users access to a secure user directory. Because User Pools is a fully managed service, it&#8217;s simple to start up without worrying about server infrastructure. For users who join up directly and federated users who sign in using social and business identity providers, User Pools give user profiles and authentication tokens.<\/p>\n\n\n\n<h2>Pricing<\/h2>\n\n\n\n<p class=\"has-text-align-justify\">You only pay based on your monthly active users (MAUs) if you utilize Cognito Identity to build a User Pool.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">The overall quantity of data saved in the Amazon Cognito sync store and the number of sync operations executed determine Cognito Sync costs.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">For the first 12 months, eligible AWS users get 10 GB of cloud sync storage and 1,000,000 sync operations per month as part of the AWS Free Tier.<\/p>\n\n\n\n<h2>Companies using Amazon Cognito<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/NaI8A69NeIkTb_cvFk-88GPi6z1EvcLouFdvLhiSwG_Z-3vI--p-jMrhGf9u8bGt8oK8mJybKP8oAMmR2LZGhdwd2nZQfz-m8Vcs7YG4hdf1rj4iHNxJrSFmO4zi0RMmk1crI0cY\" alt=\"Companies using Amazon Cognito\"\/><\/figure>\n\n\n\n<h2>Hands-on<\/h2>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/PnaXqqGgGN_HsFcvvswqfTlbLxlrEHk0Ux2MPDSD_XrK_pwECo3xqkGvjbSd00ZirrUJQoODLwjMyL9nrlE5oTxduDo6iWPdhVqgpAhfL1ntPeGnFCicF6Z5V8UtNGbCQPRSjwaI\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Any business that creates an API-based architecture must create a standard security layer around these APIs, essentially on the edge, to ensure that all APIs are secure. In this blog, we will see how to create a JWT authorizer, attach the same to the API route and create an AWS Cognito User Pool to allow people to sign up with their email address as their username and a password. Cognito confirms the registration by sending the user a code to the email address provided during sign-in, which the person will have to pass to the Amazon Cognito service.<\/p>\n\n\n\n<p class=\"has-text-align-justify\">After the user has been verified, they can log in with their username and password, and Cognito will return a one-hour token. The token can then be used in the header of HTTP GET requests to Amazon API Gateway, which will be configured to use the Cognito User Pool as a JWT authorizer. Any queries with Unauthorized messages will be rejected if the API gateway does not have a valid token. With a valid token, the API gateway will pass the request to a Lambda function that will then return the response that is to be displayed on hitting the API URL.<\/p>\n\n\n\n<p><strong>To implement this, we will do the following:<\/strong><\/p>\n\n\n\n<ul><li>Log in to the AWS console and navigate to the Lambda function dashboard.<\/li><li>Create a new Lambda function with Python 3.8 as the Runtime.<\/li><li>Configure the code editor to add the code based on your API requirement.<\/li><li>Navigate to the Amazon API Gateway console and create an HTTP API.<\/li><li>Attach the Lambda function as an integration to your API route.<\/li><li>Navigate to the Amazon Cognito console and create a new user pool.<\/li><li>Configure the User pool creation.<\/li><li>Create an App client for your user pool.<\/li><li>Create a new Cognito domain and check for its availability.<\/li><li>Navigate to the API Gateway console and create and attach an authorizer.<\/li><li>Configure the JWT Authoriser with the Amazon Cognito service.<\/li><li>Configure the app client settings.<\/li><li>Attach the authorizer to your API Gateway route.<\/li><li>Open the Hosted UI.<\/li><li>Sign up and get verified as a Cognito user.<\/li><li>Test the JWT Authoriser by signing up and logging in and testing for the protection of the API route.<\/li><\/ul>\n\n\n\n<p class=\"has-text-align-justify\">Login to your AWS account and search for the Lambda service. Click on it to navigate to the Lambda dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/rPFaMw5IYx2q67R61IRP-P-ep37jPCKEMJz9u70iSxaMA2Gaza3T1sd9sfX3oYeKeGvhUxzapgeRY9lm2tvvDKR8U82-yc0TqKGmHMpz1onGkg_EB_Fcy9AVvjat2u2Z-8rz6MML\" alt=\"\"\/><\/figure>\n\n\n\n<p>On the Lambda dashboard, click on Create function.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/c1Z40Q8OzlK4ZE6pDV7v_PHagNC5_2KJ6d-Yu77Dbn8TUb-EP5WxcummgnzCpfwhAhWHeVoanlGlcylNlz2wEF9ZMZ4-GgpfSa8Wtru7bPwnPctoF8Z3y2joTva_HqsmD_bQloLR\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Select Author from scratch, enter a name for your function, select the runtime as Python 3.8.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/F2FhaCaHo4xe5LWNKgvOk295iLroAdtbumBJg4nTlMfFb698fubtVVwEgoF4TNeuEcdVDk87VSK2hL4EdmMbB5WAIdDofvKg74F8q1d1exXfBaKlfwt01WHN7LwITkU5j9xwVLpa\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Expand the Change default execution role, select a role if you have created a role for yourself, or let the AWS Lambda function create a new role by default. Click on the Create function once done.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/aex9JpNF8Xt8jA-u5ol91TYi2Y0wUYvrskErBvMzc87vEUjqIdJHdxlZeCzzvEHAG83jUkhkLBPgrg0yuh36fXFTwPTOnkFPsKMYKYLSmzWabHPw9rx5r927x6DyTkBMDgyJiVjz\" alt=\"\"\/><\/figure>\n\n\n\n<p>On success, you will see the message as shown in the image below.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/hB8YPf8EpCzrKwqtLgju8tRGGSsoVxCzJpiF6BYm6v7shqUICo3wPbcyxKUdrEAM76gm3O9_-8iV0EQRiwLAmcDoKqVVYLE7OQm478tnWnuoBfb4AqUCMdc8vjTK4YHVVQxq4sH6\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Scroll down and open the code editor. Enter the code for your API. For this blog, we are just returning a text from the Lambda function to experiment and test the JWT authorizer.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/uL_MUB5otHcc5ZGCp6VdJRG-Zk3jiPgh4JfzljlRz9AK3iakYtYBQF05CZi7__1J-y57zDG7EmtX1q4EV9BLUUGzSktHTAqmelbpHdp8YofeMoqm444sYCogG2B8C2reMDeMassf\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Now, in the search bar, search for the API Gateway service. Click on the service to navigate to its dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/22DEt3WyPWsWMAPaM7ar9XDUFXihLBVy34RVZ7e7OWdv94U4Vce65PBS4z0mH3kFXwk1cPMQTegT55roN_crXpkxl_SMK7tr-6wLK5x-vcMKwuDSnf8TziG2U7Pi0ttUYWce_Cls\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>On the API Gateway dashboard, click on Create API to create a new HTTP API.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/lnFFGL3KFA4IyCcWUBctQ1KRM6WezHIibfV6ejcLtUYXIq0QdQH1FShtLCFcjdLjo0BCDN0fA6ngf6W3qz_xUPBupgM_5RlVElGCg_SzSyXrHLs3bxzBInIWXxgG37-lj7XHnwO8\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click on Build for the HTTP API.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/JShzH3mv5GsB9duiJlN4Rc3TYgyW_xU9hpG4BKe9BOt3Rbn9N-RiHtDbq7pqwBDloq7WQXt4GtHAuWJ1EPvy6Zl5IxthDu3EUrwYeV7tn1OnntlaNJWMUDaNhRnUQOwRuXSB6UmL\" alt=\"\"\/><\/figure>\n\n\n\n<p>Choose an AWS Lambda function or an HTTP endpoint, then click Add integration.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/1UHqw4yum-3Jw1K60HQZ14DIhsB_X4P6MJZDftZ-hlKvRHvYpwK2OO7zw1GoxKx6xsSvGVo1Z0KIpejVbmP789ZTZWc9IPMOD8gGDxiATvL-1iAeimTJKN43n64_i4oyl-8zSZNT\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>For Name, enter a name for your API. Click on Next.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/G_4OXSw4_gajq07EPhN9sS_6DGMHXsS3jXDxJZE77w_wGmsLCs9RFJzxZftHMKlGj8di38OmfQ4aNV4da8D17eTxw-BxDsSCfE0yrb5RVzM4iZD7Z5DNhSRaGowLMSbL_G8MpePa\" alt=\"\"\/><\/figure>\n\n\n\n<p>Here, you need to configure your routes based on your requirements.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/EKPjssbv-DW5xh7_pJRlbdV6xP9PJ8ElIMQq5Rqda6eDRY2A8xBRu3SbkernnznpdfqOiRfyXYi8v6DhACe_gOidVETmOwInRcjcfeZxqJ-pmu7hDDMiDfTW2YUkCRZwUHxVD6Ac\" alt=\"\"\/><\/figure>\n\n\n\n<p>We have updated the route as shown in the image below. Once done, click on Next.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/fgYJk4J2rbPitcer4PiDAHqp9QX6SH2SUBYmHsco2RuwEFK7_u13VYXl7rKv849VqnYGdMwsyfzeGnP5LOhvtUzsF5lJeTUIJedt2GtUf5tmxNm1bpaEWNOZKyMhkjsIB5hj8yAh\" alt=\"\"\/><\/figure>\n\n\n\n<p>In this step, you need to add a stage if needed like development and production.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/yTMJ_3mxlIMWEXpa3dPBkED7rvYQlmAiw9goNKATRHzLLoNW5zWtrvYtGp--TZu86KnJIi9uC0D5dZl0OerSH__vA2SHoP_AZOSmu6eYSYlugrc5sRnSBjH84jhQaBliMDCcMwzp\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Click on Add Stage to add a new stage. You can switch on and off the toggle if you need auto-deployment for your stage. Click on Next.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/HpHn0dplZz-EB_dT-oOoTaInX-I7vsZ9IiemRj2HedJZ7nnDCJaIzObA5kG_HdJR-npkVL7pv89RYM0GTAlYida_DitxE4ZB3JNZ6u6ra4hniVjsXAvg3epkavcLK75ewBoANyvE\" alt=\"\"\/><\/figure>\n\n\n\n<p>Once done, review all the configurations and click on Create.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/vhGHie-zAglAJf2wANXTUxU7xnTARvneuGwKiFcXI48Rxd49l2xK2m6bX6q_HWqYLCmKTCRiUEwjCYKYVKvFAeDWD1kXA_vaBFH9PY2Tif03C-JohKRi6G5SiN4Rw9GU2iMqwNTl\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>If you are successful, you will see a notice similar to the one below.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/y1gEoBzPy1_S8XBsovRT8PdZjujCIY3IxC9ULBNQD1nw6YWCUwc5NknahttguEAbFY5zkVjM5JP8GnaZz7Ac4eliC5pzmdbIUAtLme3_M4b1BcJa5QPSxFiSKdRPBPMUeCVr_NUf\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Under stages, click on the Invoke URL to test if the API is invoking the Lambda function correctly.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/qQdDmW06dwzhlci-eVjYKYFX81u0b-6PBQ9pfjuQrTHTmSx2xPcF46DC8ScSj14EcSmtuozdaGNHCziNdx-bVWEbbd6YoIQotT0yOJf3pKE_Zz83MjBhR33WMv7dyMU3FBgdSDms\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">In the left navigation pane, click on integrations. Over here you can change the lambda integrations based on your API requirements.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/FrYs2QD6vb5UasPu-tpFH1pmcaNfxloQlXUQArSB1WTF3YIoBXKMCeKAb-9uwVJGlHLs62bWuQ2WSDnVZ06pLii1jgqGBOT7TrXWCWgZ_mUoC_z-BEjJAaFewG63J5JQgHTzznET\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Now, search for the Amazon Cognito service.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/1SNzTfdWN0SaYMEdN8QKBn4AWexizz_JYSyI_IU617Iv1p51v0PCLo6O3gj_oTqT9oYQM_pLy6RV2dFA67yQDEy03RWIFy3VGn6aiI8DiJGFszb_OarW017KXKJpZ_kdoQEgQylo\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Select Manage User Pools from the dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/HY3NcJ7THW_xGEVCH4TKGBKN5zj0V7lUSAe1xsT7msrs-pmoj-IoXcxYdHxJOwtsCkW5a9V2otB33dH7p0oxmCwuqQZ1wbLtEvn3IQKaf8hqQpvmGC_AE8bLTUQCj87N7kGAvkhU\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click on Create a user pool.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/zl60GmQT9OfC4PxgRKMzj63cdWqWZr6bUa6pu5q8n1fUKgdbyWzx9TybuTrpZGZl79nuj5A62W1GeVUVuCXzZXoqeWnQ-E2XWvT7bPYyDUZBAoCliEafcEdMwcx7lxaogq2p6YGQ\" alt=\"\"\/><\/figure>\n\n\n\n<p>Enter a name for your User pool. Click on Step through settings.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/ExrlFaunagDhcL6Vcuvgmwf28jGkUsSgzXdcOD4g2AvwwAp4AXTJZXgpgryZOg1iXbp_UnED06kE6_slpT6FkY-3JSP7Pjv49BsIrPm5qZpKmJkR-d1hfIJg_SJKPlJrA2c3BfPx\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Over here, you can make the changes as per your requirements.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/NVSA9JGdYuOU5C3Qcfn386vSrsKKCcyQ2R_vcl-nBgYeLnRQVeIxWZsvE1cQdo6iGwbo6jW1CD2xfAuE7sKtlG3txQMXzZefjwHu9Pn_FvSEkhC_w9msDwheTZng2jFXDzWCgMdI\" alt=\"\"\/><\/figure>\n\n\n\n<p>You can allow only the administrators to create and import users as per your requirements.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/zCkI_d9ADVdMHdYDKQL_OME7aUHf7GrigpKnWc-SLdesq-lKkW-jXEXCFdDFTvConiBeTe1rM4i5KNgI4jyLIcOX1qZlNqo8nNUS6Q0H07JxRZ4A-exn6aGuFcuSphynV1azGfTX\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click on App Clients in the left navigation pane. Click on Add an app client.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/kTkdDqf4cCAwGvR6yRyXos_4HWsPUVutgMpqnNGbNTzlVmaJoyoKIGMs_I-b7nalwbrpVr6lI8OGjBl0JvdYS_4Jg_RN1dWq_dZM5nm2qGs0ZN_c91wl1qG9VKWzZiIUdR8WdEHu\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Enter a name for your app client.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/elGw0bavakBK2z--kFegExW6cnQNYLKvotzEcBGuWVrfufdYQEfqfWo5_YC1sm7GMO69v31Y85aIA_0yR7WMIS8DV2uLX78CcKCTRjuv44weTCbosrAtlb8G7IFTmwe9EqlCnwNI\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Scroll down and change the configurations as shown in the image below. Once done, click on Create app client.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/pjMOCUuKXdNsxilYeVOiVRbuLVnsFePltQrb65G1qpRvnJh3-JCaUy6YojD52shUy2hFDWzgInRF6JT5ps2ewfADRpXzJHPOPTUBJ1hr8-veEhzrTvHIhQMAvcdnmPsotjLA9pvj\" alt=\"\"\/><\/figure>\n\n\n\n<p>You will see your newly created app client on the dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/bQ_QhHQ2TrZUpe5Y8gPkSSE7wQWuwMm-cp6P-pd_FUVXUUHIkoxd9NX2WgSV1tt0TLzBEQ6tkjggc8EgbS759U8xScxhWd83rAQksvpk_TyAcQllNS2o2HJpU1w3rXBXyKEuqci4\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click on Review in the left pane.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/lGurCekNb3x3XToFq9EyXJ8b_3b3IYdSzszY7ksZZ797Iouq2pKoCqY7v1iLCKl3PaAm1Dx3qOz8fpZZXYQV3NWqVx0Fq22YtbLS_zHoPLPG-8TNexrou3rU5BHKiZ4C4HAg_gLC\" alt=\"\"\/><\/figure>\n\n\n\n<p>Review all the configurations, scroll to the bottom, and click on Create pool.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/_1JY8Jd4aqb6IJh07hi_ZAlCMtOmiHpqgpO4t35oNpiAf68XHjgo3Vr4oz0Nfxosi2yd753eonakBXAeV9pqV3d5-jTp2RfWWh1M1Y0nb4YOGGCFSkUXWeiUeJSzJcjwU5mD8M9K\" alt=\"\"\/><\/figure>\n\n\n\n<p>You will see the notice as seen in the image below if you are successful.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/9S0qVrTjDsC8BOiU6Ox-Xc923_W7L3eeCzwjVkH7b44bgVAVz8YbYacO5Yg7sotMVO7lFvzayL7pyXew-jUsRfV4tL4NZ0CVUT7jJ8ljDiHjtl9e9bw0ZilDExLYgwR5Vk9bO2wN\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>In the left pane, select Domain name.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/Aq-F3QsGy1aOPnJ_Lc_fgNZkhImlOp23-RuR-XjqQB5mnYgt6LU7LrbNigu8Obih7ldKmFOtag1njH5OvBz0CMkA5ctAXJf6p9zm9xwv7IPODE1xAqKZu4cG2FsLLeo5noT4G-0d\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Enter a name for the domain and check its availability. Once done, click on Save Changes.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/uB4R4DAOfvvWvn9856_Ep7aZduQ2KDWZ8oPZt18ktpThH8ulMmUF6_xDRKbNC3TfweOoOYLPxVRj3MY72UOKNyF7jLlxHlTENLN5BhtAnjGRCJVGauMR03v2iXwaAlqkV4QadDHd\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Now, navigate back to the API Gateway dashboard. Click on Authorizations in the left pane. Click on Create and attach an authorizer.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/YVbfUfOb3yJ2CJYSKu7RMBRgZJW3hKQ1Tqt_FH04l2bptdGQUucYFxatk2qrJNNIG8SOlb9fhvIkxUx3v7fUi4XJIE74brlAhb6fHbLzEuNmiXHVfFdaEOXERCUmaOdcg5qPNflR\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Select JWT as the type. Select a name for your authorizer. Let the Identity source be the same as it was by default.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/RP7RCLpXEGtOVqXoQocC7kGNAkxNvAZKOHjlbrC7VXDLvDdlEPTm4UNhKjQtZgJaa5ektA6q846mdMzwGzSI5ZWYlZ4jKSZUghUQiBxQ0pPjzJeyfdMCEcBMgP8Yl07UdL-a0Fac\" alt=\"\"\/><\/figure>\n\n\n\n<p>Navigate to the Cognito dashboard and click on General settings. Copy the Pool Id.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/b8yOXEx5kPcQrKApXj3iJCuDJd8NBPEHwFUmk3ZB6QZJt0Y9nnV_DJJ3WMDkfjycp99KcziPbD2YPCg5InWGJ3eNzzBYVNVnSxiRxG4ixNc7snefYvayNHUyEbYmTb3qH54ldFTW\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Navigate back to the API Gateway console and in the Issuer URL, enter the following in the proper format with the required details:<\/p>\n\n\n\n<figure class=\"wp-block-embed\"><div class=\"wp-block-embed__wrapper\">\nhttps:\/\/cognito-idp.amazonRegion.amazonaws.com\/userPoolID\n<\/div><\/figure>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/hYV-c35WnSQdP1O8ccH055ji8kQplGUcZ4wlqiCa_yZxlvd--pD_pKf9wyUbqZ2IOwRA7JiN3Z5eJYY8Z2ch0J0hovVCyvwNK0QN6IY_whPRHONX2fF7c33WXJMW3BDaLra5Hiem\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Now, navigate to the Cognito dashboard and click on App clients. Copy the App client id.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/uo5XDHA08iVpuEzetYimvcGyr6hHVmlkV3VnerPhOCU7eCZW6JC0M-nveMxfH_slhNcYT1Q1uh7vB1dtjNRGv4xX_a5eo5u294UzmkJg-8uH6KFCYvhRY7Vr2TU-EJbu0T9X_cr0\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>On the API Gateway console, click on Add audience. Paste the client id in the text box.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/zx8sDdeLf7UjEiepxict_IwPGrcT566wYm1q9lBlDjZBHVRdlI7uXQVmNb75zsAGDNvKi_cC4rFTCf-gRNNZ8hS0TeubrBw3ajV5XlVH4oLRJuAUewbfLE8MaXNNwa27mix-16Io\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Once done, you will see the JWT Auth attached to your API route.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/Q0Znj7UTFkei65y-VIl96tkIiC4Xh3JA0kDhjveH__P7hqFUTAvkGTSWu8HQhF2aOqlOykV4y0KsTOh-xJhx3YyNRwj_4LJyUjc4DWkMx_4DSLUb0UhaIbby6tr9xw6XIlLGjA0z\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Now, navigate to the API section. If you click on the URL, you will get a message saying \u2018Unauthorized\u2019. Copy the URL.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/TgREfDwonaURGLwBp4ToVE3K1qvOBdw0KmbLIwetMuQi4W4Z0lqyveZGrhI4-i2OKF0YqFht4MmjrelH7QRTMVWk6gPJM45uQ-1oZCoGAek8KfMrkeN3-XuSqKVe8Y5OB-xWETCT\" alt=\"\"\/><\/figure>\n\n\n\n<p>Navigate to the Cognito dashboard and click on App client settings.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/zUgCwVb2U7EaOZrm-9QxmWAEiaSQoxPL_31KRHcxVNpiUBKpmgozIClIRNE9R2tk8UVcLVI0o-CTOCAC9Wk87WajjqNCjbyCnlysN_yvlr9bk40iZlHp5rfvtTJaUVoMZ164hI3v\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p>Select Cognito User Pool, in the Callback URL(s) paste the API URL.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/buLx4qa5DZWB_PuzVZVT59qzTuN2QE-8U7ZMURqfqZ5JSAn_dgS-j4vbXcBsFLZe-VC5KOxVN6AN7N-LTRjzPdcd4XhAUi32ZQncoZAQ9Bbo5XcoBXaB3C3yzm3mbB_zvRnSETyQ\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">Select the Allowed OAuth Flows and Allowed OAuth Scopes as shown in the image below. Once done, click on Save changes.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh4.googleusercontent.com\/BwNTanOb12f5ri_yDZaa_bLOM6x8tmT9Jt_ocaBOHvxd9-oia8ye6DZvDt907Ig7foE0Sz-Loh0aYga3kCEPEcL-rdVwfmIvVMcS8JUd52T5rsf3DH9oeaeRqpEVFQeFlhKVnTpq\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click on Launch Hosted UI.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/OqynGU0m2Yt-B3ZtX23ufA5DhAfsn_LDORicz1Iu3J--7IsOKV0W1FAkOHNDE-U22xdn4J8c_xZSpThHJzca2tHfZJgPJ5_b4Zd6Lxfzfk6DdHD-zCrXY_QRafBkrqcI7VWqtesR\" alt=\"\"\/><\/figure>\n\n\n\n<p>Click on Sign up.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/xk1hGp7PfQHeoxpAsi5BzeC4Pg3l5dQMwZ8LnaDbJW903D7Qr3EtgXfEed-Jy7E0CLTGF1YWaRALwPLP7gNIacO4BGDz8w8WVtRSwP6bh-KoYb-S41-nR-2-7cu6678BUupW10ol\" alt=\"\"\/><\/figure>\n\n\n\n<p>Enter the details. On success, click on Sign up and you will receive a verification code on the entered email.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh5.googleusercontent.com\/hVKME0fQUiMHi36PNWXs-ngqtu0sL4appCsQYXNdZMlfkjI8ViulUFj7EewSwTiAySMoVhTcaojZrBsOZMTKReyGgDlhZgsrO7nuv4cgffcLYNq7ctia3-xt4RZVhkhAO7O3nXxi\" alt=\"\"\/><\/figure>\n\n\n\n<p>Enter the verification code in the text box. Click on Confirm Account.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh6.googleusercontent.com\/eAshOFL5m5JKaTTs_83Vg6w8SKzbQSsHfzKz8KvnoUzmZKt6iVxX2zZgEqVf5gVhHrtiqxTyy4fmeOIi5aTiUIR6xxMlsVCV2jO-TPK98Fh70GHAImV8jnisCpr2FsdNu-wAq0uS\" alt=\"Amazon Cognito\"\/><\/figure>\n\n\n\n<p class=\"has-text-align-justify\">On successful sign-up, you will be navigated to your API that is protected with JWT. If you look at the URL, you will see a code. On successful login or sign up, you will see code as shown in the URL that allows you to authorize yourself and access the API.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img src=\"https:\/\/lh3.googleusercontent.com\/VKwW7GDE5ftd4OfO-ihl4MmmW07GB0JiezkaapOp_ryfJ9yFALSxquAPSPQxHnVQN5XoeYja7QZtNxE4YfxFex1kVpzOz9OucYmTLO9kTow9BZgiC_kKRNGA5iH0rpXF9nGsr0-8\" alt=\"\"\/><\/figure>\n\n\n\n<h2>Conclusion&nbsp; &nbsp; &nbsp; &nbsp;&nbsp;<\/h2>\n\n\n\n<p class=\"has-text-align-justify\">In this blog, we saw how we can create an HTTP API and integrate it with the JWT Authoriser and the Lambda function that is invoked on invoking the API URL. We even saw how to configure a hosted UI with the needed authorization to protect the HTTP API via the JWT Authorisers. JWT Authorizers are a new form of Authorizer that uses JSON Web Tokens (JWTs) to offer access control to your API endpoints, as the name implies. We will discuss more use cases of JWT Authorisers via Amazon Cognito and its integration with other services in our upcoming blogs. Stay tuned to keep getting all updates about our upcoming new blogs on AWS and relevant technologies.<\/p>\n\n\n\n<p>Meanwhile \u2026<\/p>\n\n\n\n<p><strong>Keep Exploring -&gt; Keep Learning -&gt; Keep Mastering<\/strong><\/p>\n\n\n\n<p class=\"has-text-align-justify\">This blog is part of our effort towards building a knowledgeable and kick-ass tech community. At <a href=\"https:\/\/www.workfall.com\/\">Workfall<\/a>, we strive to provide the best tech and pay opportunities to AWS-certified talents. If you\u2019re looking to work with global clients, build kick-ass products while making big bucks doing so, give it a shot at<a href=\"https:\/\/www.workfall.com\/partner\/\"> workfall.com\/partner<\/a> today.<\/p>\n","protected":false},"excerpt":{"rendered":"<p><span class=\"rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\">12<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span> In this blog, we&#8217;ll look at how to secure AWS API Gateway endpoints using Cognito User Pools and a JWT authorizer. Authorizers, as described by API Gateway, are services that provide or deny API access to clients depending on a variety of parameters, including authenticated users, permissions, IP addresses, and so on. JWT Authorizers are [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":814,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"spay_email":""},"categories":[2],"tags":[231,85,3,233,232,6],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.1 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to control access to an HTTP API using JWT Authorizers via Amazon Cognito? - The Workfall Blog<\/title>\n<meta name=\"description\" content=\"Amazon Cognito manages user identification &amp; authentication. It synchronizes the user data pool across many Amazon cloud devices.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito? - The Workfall Blog\" \/>\n<meta property=\"og:description\" content=\"Amazon Cognito manages user identification &amp; authentication. It synchronizes the user data pool across many Amazon cloud devices.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/\" \/>\n<meta property=\"og:site_name\" content=\"The Workfall Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/facebook.com\/workfall\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-09T11:39:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-08-20T11:08:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@workfall\" \/>\n<meta name=\"twitter:site\" content=\"@workfall\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Workfall\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"23 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#organization\",\"name\":\"Workfall - Hire #Kickass Coders On Demand\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/\",\"sameAs\":[\"https:\/\/www.instagram.com\/workfall\/\",\"https:\/\/www.linkedin.com\/company\/workfall\/\",\"https:\/\/facebook.com\/workfall\",\"https:\/\/twitter.com\/workfall\"],\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400\",\"contentUrl\":\"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400\",\"width\":400,\"height\":400,\"caption\":\"Workfall - Hire #Kickass Coders On Demand\"},\"image\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#website\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/\",\"name\":\"The Workfall Blog\",\"description\":\"#Tech #Remote #Jobs\",\"publisher\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/learning.workfall.com\/learning\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#primaryimage\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png\",\"contentUrl\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png\",\"width\":1200,\"height\":628,\"caption\":\"HTTP API JWT Authorizers via Amazon Cognito\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#webpage\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/\",\"name\":\"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito? - The Workfall Blog\",\"isPartOf\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#primaryimage\"},\"datePublished\":\"2021-12-09T11:39:07+00:00\",\"dateModified\":\"2025-08-20T11:08:39+00:00\",\"description\":\"Amazon Cognito manages user identification & authentication. It synchronizes the user data pool across many Amazon cloud devices.\",\"breadcrumb\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/learning.workfall.com\/learning\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#webpage\"},\"author\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a\"},\"headline\":\"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito?\",\"datePublished\":\"2021-12-09T11:39:07+00:00\",\"dateModified\":\"2025-08-20T11:08:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#webpage\"},\"wordCount\":2422,\"publisher\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png\",\"keywords\":[\"amazon cognito\",\"api\",\"AWS\",\"HTTP\",\"JWT\",\"workfall\"],\"articleSection\":[\"AWS Cloud Computing\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a\",\"name\":\"Workfall\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png\",\"contentUrl\":\"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png\",\"caption\":\"Workfall\"},\"sameAs\":[\"https:\/\/www.workfall.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito? - The Workfall Blog","description":"Amazon Cognito manages user identification & authentication. It synchronizes the user data pool across many Amazon cloud devices.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/","og_locale":"en_US","og_type":"article","og_title":"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito? - The Workfall Blog","og_description":"Amazon Cognito manages user identification & authentication. It synchronizes the user data pool across many Amazon cloud devices.","og_url":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/","og_site_name":"The Workfall Blog","article_publisher":"https:\/\/facebook.com\/workfall","article_published_time":"2021-12-09T11:39:07+00:00","article_modified_time":"2025-08-20T11:08:39+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png","type":"image\/png"}],"twitter_card":"summary_large_image","twitter_creator":"@workfall","twitter_site":"@workfall","twitter_misc":{"Written by":"Workfall","Est. reading time":"23 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#organization","name":"Workfall - Hire #Kickass Coders On Demand","url":"https:\/\/learning.workfall.com\/learning\/blog\/","sameAs":["https:\/\/www.instagram.com\/workfall\/","https:\/\/www.linkedin.com\/company\/workfall\/","https:\/\/facebook.com\/workfall","https:\/\/twitter.com\/workfall"],"logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400","contentUrl":"https:\/\/i1.wp.com\/18.141.20.153\/learning\/blog\/wp-content\/uploads\/2021\/10\/cropped-WF_logo.png?fit=400%2C400","width":400,"height":400,"caption":"Workfall - Hire #Kickass Coders On Demand"},"image":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/logo\/image\/"}},{"@type":"WebSite","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#website","url":"https:\/\/learning.workfall.com\/learning\/blog\/","name":"The Workfall Blog","description":"#Tech #Remote #Jobs","publisher":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/learning.workfall.com\/learning\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#primaryimage","url":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png","contentUrl":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png","width":1200,"height":628,"caption":"HTTP API JWT Authorizers via Amazon Cognito"},{"@type":"WebPage","@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#webpage","url":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/","name":"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito? - The Workfall Blog","isPartOf":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#primaryimage"},"datePublished":"2021-12-09T11:39:07+00:00","dateModified":"2025-08-20T11:08:39+00:00","description":"Amazon Cognito manages user identification & authentication. It synchronizes the user data pool across many Amazon cloud devices.","breadcrumb":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/learning.workfall.com\/learning\/blog\/"},{"@type":"ListItem","position":2,"name":"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito?"}]},{"@type":"Article","@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#article","isPartOf":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#webpage"},"author":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a"},"headline":"How to control access to an HTTP API using JWT Authorizers via Amazon Cognito?","datePublished":"2021-12-09T11:39:07+00:00","dateModified":"2025-08-20T11:08:39+00:00","mainEntityOfPage":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#webpage"},"wordCount":2422,"publisher":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/#organization"},"image":{"@id":"https:\/\/learning.workfall.com\/learning\/blog\/control-access-to-an-http-api-using-jwt-authorizers-via-amazon-cognito\/#primaryimage"},"thumbnailUrl":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png","keywords":["amazon cognito","api","AWS","HTTP","JWT","workfall"],"articleSection":["AWS Cloud Computing"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/cab8236044692bc5b27606b13167794a","name":"Workfall","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/learning.workfall.com\/learning\/blog\/#\/schema\/person\/image\/","url":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png","contentUrl":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2023\/09\/avatar_user_1_1693914404-96x96.png","caption":"Workfall"},"sameAs":["https:\/\/www.workfall.com"]}]}},"jetpack_featured_media_url":"https:\/\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/12\/cognito.png","jetpack-related-posts":[{"id":322,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-create-publish-and-maintain-high-scalable-apis-using-aws-api-gateway\/","url_meta":{"origin":799,"position":0},"title":"How to create, publish and maintain high scalable APIs using AWS API Gateway?","date":"November 1, 2021","format":false,"excerpt":"To access data, business logic, and functionalities from backend services, API can act as an interface! Using API Gateway, we can enable two-way communication in real-time applications. In this blog, we will discuss Amazon API Gateway, its architecture, key concepts, use cases, and features. As part of hands-on, we will\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"AWS API Gatway - Workfall","src":"https:\/\/i1.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/API-Gateway.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":523,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-create-an-api-endpoint-to-provision-a-dynamodb-table-using-aws-appsync-part-1\/","url_meta":{"origin":799,"position":1},"title":"How to create an API endpoint to provision a DynamoDB table using AWS AppSync? (Part 1)","date":"November 10, 2021","format":false,"excerpt":"AppSync is an AWS-managed GraphQL layer that is built on the benefits of GraphQL and adds a few more cool features to its web and mobile SDKs. AppSync is the best of GraphQL with less complexity than before, which works out great for Serverless applications. You can refer to our\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"AWS AppSync - Integration with React Application","src":"https:\/\/i0.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/CoverImages_1200x628px-1-1.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":316,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-create-an-api-endpoint-to-provision-a-dynamodb-table-using-aws-appsync-part-2\/","url_meta":{"origin":799,"position":2},"title":"How to create an API endpoint to provision a DynamoDB table using AWS AppSync?","date":"November 1, 2021","format":false,"excerpt":"In our previous blog How to create an API endpoint to provision a DynamoDB table using AWS AppSync? (Part 1), we have discussed AWS AppSync, its features, benefits, use cases, etc. In this blog, we will discuss a business scenario to understand and create an API endpoint to provision a\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"Amazon AppSync - Integration with React Application","src":"https:\/\/i1.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/AppSync.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":1498,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-etl-api-data-to-aws-s3-bucket-using-apache-airflow\/","url_meta":{"origin":799,"position":3},"title":"How to ETL API data to AWS S3 Bucket using Apache Airflow?","date":"November 1, 2022","format":false,"excerpt":"2.5 quintillion bytes of data are produced every day with 90% of it generated solely in the last 2 years (Source: Forbes). Data is pulled, cleaned, transfigured & then presented for analytical purposes & put to use in thousands of applications to fulfill consumer needs & more. While generating insights\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"How to ETL API data to AWS S3 Bucket using Apache Airflow?","src":"https:\/\/i0.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2022\/11\/Cover-Images_Part2-2.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":358,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-build-an-angular-authentication-application-using-aws-amplify\/","url_meta":{"origin":799,"position":4},"title":"How to build an Angular Authentication Application using AWS Amplify?","date":"November 3, 2021","format":false,"excerpt":"In this blog, we will discuss how to build an Angular Application using AWS Amplify and will demonstrate how to build an Authentication Application using AWS Amplify and Angular web framework without configuring the backend manually. In this blog, we will cover: Need for Serverless FrameworksBenefits of Serverless FrameworksPopular Serverless\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"Build an Angular Authentication Application using AWS Amplify","src":"https:\/\/i1.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2021\/11\/amplify.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":884,"url":"https:\/\/learning.workfall.com\/learning\/blog\/how-to-create-and-delete-email-templates-on-amazon-ses-using-node-js-and-postman-api\/","url_meta":{"origin":799,"position":5},"title":"How to create and delete Email Templates on Amazon SES using Node.js and Postman API?","date":"February 28, 2022","format":false,"excerpt":"If you are developing an application that needs to send bulk emails to larger communities for trigger-based messages such as email verification or password resets, announcements like festival discounts, newsletters, or general notifications in a cost-effective, flexible, and scalable manner, then Amazon SES is the answer. Amazon SES can be\u2026","rel":"","context":"In &quot;AWS Cloud Computing&quot;","img":{"alt_text":"Send and Delete Emails Templates with Amazon SES","src":"https:\/\/i0.wp.com\/learning.workfall.com\/learning\/blog\/wp-content\/uploads\/2022\/02\/Cover-Images_Part2-9.png?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts\/799"}],"collection":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/comments?post=799"}],"version-history":[{"count":4,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts\/799\/revisions"}],"predecessor-version":[{"id":1788,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/posts\/799\/revisions\/1788"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/media\/814"}],"wp:attachment":[{"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/media?parent=799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/categories?post=799"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/learning.workfall.com\/learning\/blog\/wp-json\/wp\/v2\/tags?post=799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}