Skip to main content

Api

The Api construct is a higher level CDK construct that makes it easy to create an API. It provides a simple way to define the routes in your API. And allows you to configure the specific Lambda functions if necessary. It also allows you to configure authorization and custom domains.

Constructor‚Äč

new Api(scope, id, props)

Parameters

Examples‚Äč

The Api construct is designed to make it easy to get started with, while allowing for a way to fully configure it as well. Let's look at how, through a couple of examples.

Using the minimal config‚Äč

import { Api } from "@serverless-stack/resources";

new Api(stack, "Api", {
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
},
});

Configuring routes‚Äč

Using ANY methods‚Äč

You can use the ANY method to match all methods that you haven't defined.

new Api(stack, "Api", {
routes: {
"GET /notes": "src/list.main",
"ANY /notes": "src/any.main",
},
});

Using path variable‚Äč

new Api(stack, "Api", {
routes: {
"GET /notes" : "src/list.main",
"GET /notes/{id}": "src/get.main",
},
});

Using greedy path variable‚Äč

A path variable {proxy+} catches all child routes. The greedy path variable must be at the end of the resource path.

new Api(stack, "Api", {
routes: {
"GET /notes" : "src/list.main",
"GET /notes/{proxy+}": "src/greedy.main",
},
});

Using catch-all route‚Äč

To add a catch-all route, add a route called $default. This will catch requests that don't match any other routes.

new Api(stack, "Api", {
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
"$default" : "src/default.main",
},
});

Lazily adding routes‚Äč

Add routes after the API has been created.

const api = new Api(stack, "Api", {
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
},
});

api.addRoutes(this, {
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
});

Configuring Function routes‚Äč

Specifying function props for all the routes‚Äč

You can set some function props and have them apply to all the routes.

new Api(stack, "Api", {
defaults: {
function: {
timeout: 20,
environment: { tableName: table.tableName },
permissions: [table],
},
},
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
},
});

Configuring an individual route‚Äč

Configure each Lambda function separately.

new Api(stack, "Api", {
routes: {
"GET /notes": {
function: {
handler: "src/list.main",
timeout: 20,
environment: { tableName: table.tableName },
permissions: [table],
},
},
},
});

Note that, you can set the defaults.function while using the function per route. The function will just override the defaults.function. Except for the environment, the layers, and the permissions properties, that will be merged.

new Api(stack, "Api", {
defaults: {
function: {
timeout: 20,
environment: { tableName: table.tableName },
permissions: [table],
},
},
routes: {
"GET /notes": {
function: {
handler: "list.main",
timeout: 10,
environment: { bucketName: bucket.bucketName },
permissions: [bucket],
},
},
"POST /notes": "create.main",
},
});

So in the above example, the GET /notes function doesn't use the timeout that is set in the defaults.function. It'll instead use the one that is defined in the function definition (10 seconds). And the function will have both the tableName and the bucketName environment variables set; as well as permissions to both the table and the bucket.

Attaching permissions for the entire API‚Äč

Allow the entire API to access S3.

const api = new Api(stack, "Api", {
routes: {
"GET /notes" : "src/list.main",
"POST /notes" : "src/create.main",
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
},
});

api.attachPermissions(["s3"]);

Attaching permissions for a specific route‚Äč

Allow one of the routes to access S3.

const api = new Api(stack, "Api", {
routes: {
"GET /notes" : "src/list.main",
"POST /notes" : "src/create.main",
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
},
});

api.attachPermissionsToRoute("GET /notes", ["s3"]);

Getting the function for a route‚Äč

const api = new Api(stack, "Api", {
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
},
});

const listFunction = api.getFunction("GET /notes");

Configuring ALB routes‚Äč

You can configure a route to integrate with Application Load Balancers in your VPC.

new Api(stack, "Api", {
routes: {
"GET /": {
type: "alb",
cdk: {
albListener,
}
},
},
});

Configuring HTTP proxy routes‚Äč

You can configure a route to pass the entire request to a publicly routable HTTP endpoint.

new Api(stack, "Api", {
routes: {
"GET /": {
type: "url",
url: "http://domain.com",
},
},
});

Custom domains‚Äč

You can configure the API with a custom domain hosted either on Route 53 or externally.

Using the basic config‚Äč

new Api(stack, "Api", {
customDomain: "api.domain.com",
routes: {
"GET /notes": "src/list.main",
},
});

Configuring with a wildcard‚Äč

new Api(stack, "Api", {
customDomain: "*.domain.com",
routes: {
"GET /notes": "src/list.main",
},
});

Using the full config‚Äč

new Api(stack, "Api", {
customDomain: {
domainName: "api.domain.com",
hostedZone: "domain.com",
path: "v1",
},
routes: {
"GET /notes": "src/list.main",
},
});

Mapping multiple APIs to the same domain‚Äč

const usersApi = new Api(stack, "UsersApi", {
customDomain: {
domainName: "api.domain.com",
path: "users",
},
});

new Api(stack, "PostsApi", {
customDomain: {
path: "posts",
cdk: {
domainName: usersApi.cdk.domainName,
}
},
});

Importing an existing API Gateway custom domain‚Äč

import { DomainName } from "@aws-cdk/aws-apigatewayv2-alpha";

new Api(stack, "Api", {
customDomain: {
path: "newPath",
cdk: {
domainName: DomainName.fromDomainNameAttributes(this, "MyDomain", {
name,
regionalDomainName,
regionalHostedZoneId,
}),
},
},
routes: {
"GET /notes": "src/list.main",
},
});

Importing an existing certificate‚Äč

import { Certificate } from "aws-cdk-lib/aws-certificatemanager";

new Api(stack, "Api", {
customDomain: {
domainName: "api.domain.com",
cdk: {
certificate: Certificate.fromCertificateArn(this, "MyCert", certArn),
},
},
routes: {
"GET /notes": "src/list.main",
},
});

Specifying a hosted zone‚Äč

If you have multiple hosted zones for a given domain, you can choose the one you want to use to configure the domain.

import { HostedZone } from "aws-cdk-lib/aws-route53";

new Api(stack, "Api", {
customDomain: {
domainName: "api.domain.com",
cdk: {
hostedZone: HostedZone.fromHostedZoneAttributes(this, "MyZone", {
hostedZoneId,
zoneName,
}),
},
},
routes: {
"GET /notes": "src/list.main",
},
});

Loading domain name from SSM parameter‚Äč

If you have the domain name stored in AWS SSM Parameter Store, you can reference the value as the domain name:

import { StringParameter } from "aws-cdk-lib/aws-ssm";

const rootDomain = StringParameter.valueForStringParameter(this, `/myApp/domain`);

new Api(stack, "Api", {
customDomain: {
domainName: `api.${rootDomain}`,
cdk: {
hostedZone: HostedZone.fromHostedZoneAttributes(this, "MyZone", {
hostedZoneId,
zoneName,
}),
},
},
routes: {
"GET /notes": "src/list.main",
},
});

Note that, normally SST will look for a hosted zone by stripping out the first part of the domainName. But this is not possible when the domainName is a reference. So you'll need to specify the cdk.hostedZone explicitly.

Using externally hosted domain‚Äč

import { Certificate } from "aws-cdk-lib/aws-certificatemanager";

new Api(stack, "Api", {
customDomain: {
isExternalDomain: true,
domainName: "api.domain.com",
cdk: {
certificate: Certificate.fromCertificateArn(this, "MyCert", certArn),
},
},
routes: {
"GET /notes": "src/list.main",
},
});

Note that you can also migrate externally hosted domains to Route 53 by following this guide.

Authorization‚Äč

You can use IAM, JWT, or a Lambda authorizer to add auth to your APIs.

Adding IAM authorization‚Äč

You can secure all your API routess by setting the defaults.authorizer.

new Api(stack, "Api", {
defaults: {
authorizer: "iam",
},
routes: {
"GET /notes": "list.main",
"POST /notes": "create.main",
},
});

Adding IAM authorization to a specific route‚Äč

You can also secure specific routes in your API.

new Api(stack, "Api", {
routes: {
"GET /public": "src/public.main",
"GET /private": {
authorizer: "iam",
function: "src/private.main",
},
},
});

Adding JWT authorization‚Äč

JWT allows authorized users to access your API. Note that, this is a different authorization method when compared to using iam, which allows you to secure other AWS resources as well.

new Api(stack, "Api", {
authorizers: {
myAuthorizer: {
type: "jwt",
jwt: {
issuer: "https://myorg.us.auth0.com",
audience: ["UsGRQJJz5sDfPQDs6bhQ9Oc3hNISuVif"],
}
},
},
defaults: {
authorizer: "myAuthorizer",
},
routes: {
"GET /notes": "list.main",
"POST /notes": "create.main",
},
});

Adding JWT authorization to a specific route‚Äč

You can also secure specific routes using JWT by setting the authorizer per route.

new Api(stack, "Api", {
authorizers: {
myAuthorizer: {
type: "jwt",
jwt: {
issuer: "https://myorg.us.auth0.com",
audience: ["UsGRQJJz5sDfPQDs6bhQ9Oc3hNISuVif"],
}
},
},
routes: {
"GET /public": "src/public.main",
"GET /private": {
authorizer: "myAuthorizer",
function: "src/private.main",
},
},
});

Using Cognito User Pool as the JWT authorizer‚Äč

JWT can also use a Cognito User Pool as an authorizer.

new Api(stack, "Api", {
authorizers: {
myAuthorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
}
},
},
defaults: {
authorizer: "myAuthorizer",
authorizationScopes: ["user.id", "user.email"],
},
routes: {
"GET /notes": "list.main",
"POST /notes": "create.main",
},
});

Adding Lambda authorization‚Äč

You can also use a Lambda function to authorize users to access your API. Like using JWT and IAM, the Lambda authorizer is another way to secure your API.

import { Function, Api } from "@serverless-stack/resources";

new Api(stack, "Api", {
authorizers: {
myAuthorizer: {
type: "lambda",
function: new Function(this, "Authorizer", {
handler: "src/authorizer.main",
}),
resultsCacheTtl: "30 seconds",
},
},
defaults: {
authorizer: "myAuthorizer",
},
routes: {
"GET /notes": "list.main",
"POST /notes": "create.main",
},
});

Note that resultsCacheTtl configures how long the authorization result will be cached.

Adding Lambda authorization to a specific route‚Äč

You can also secure specific routes using a Lambda authorizer by setting the authorizer per route.

import { Function, Api } from "@serverless-stack/resources";

new Api(stack, "Api", {
authorizers: {
myAuthorizer: {
type: "lambda",
function: new Function(this, "Authorizer", {
handler: "src/authorizer.main",
}),
resultsCacheTtl: "30 seconds",
},
},
routes: {
"GET /public": "src/public.main",
"GET /private": {
authorizer: "myAuthorizer",
function: "src/private.main",
},
},
});

Sharing an API authorizer‚Äč

If defaults.authorizer is configured for the Api, it will be applied to all routes, across all stacks.

stacks/MainStack.js
const api = new Api(stack, "Api", {
authorizers: {
myAuthorizer: {
type: "lambda",
function: new Function(this, "Authorizer", {
handler: "src/authorizer.main",
}),
resultsCacheTtl: "30 seconds",
},
},
defaults: {
authorizer: "myAuthorizer",
},
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
},
});

this.api = api;
stacks/AnotherStack.js
api.addRoutes(this, {
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
});

In this case, the 3 routes added in the second stack are also secured by the Lambda authorizer.

Access log‚Äč

Configuring the log format‚Äč

Use a CSV format instead of default JSON format.

new Api(stack, "Api", {
accessLog:
"$context.identity.sourceIp,$context.requestTime,$context.httpMethod,$context.routeKey,$context.protocol,$context.status,$context.responseLength,$context.requestId",
routes: {
"GET /notes": "src/list.main",
},
});

Configuring the log retention setting‚Äč

new Api(stack, "Api", {
accessLog: {
retention: "one_week",
},
routes: {
"GET /notes": "src/list.main",
},
});

CORS‚Äč

Override the default behavior of allowing all methods, and only allow the GET method.

new Api(stack, "Api", {
cors: {
allowMethods: ["GET"],
},
routes: {
"GET /notes": "src/list.main",
},
});

Throttling‚Äč

new Api(stack, "Api", {
defaults: {
throttle: {
rate: 2000,
burst: 100,
}
},
routes: {
"GET /notes": "list.main",
"POST /notes": "create.main",
},
});

Advanced examples‚Äč

Configuring the Http Api‚Äč

Configure the internally created CDK HttpApi instance.

new Api(stack, "Api", {
cdk: {
httpApi: {
disableExecuteApiEndpoint: true,
},
},
routes: {
"GET /notes": "src/list.main",
},
});

Importing an existing Http Api‚Äč

Override the internally created CDK HttpApi instance.

import { HttpApi } from "@aws-cdk/aws-apigatewayv2-alpha";

new Api(stack, "Api", {
cdk: {
httpApi: HttpApi.fromHttpApiAttributes(this, "MyHttpApi", {
httpApiId,
}),
},
routes: {
"GET /notes": "src/list.main",
},
});

Sharing an API across stacks‚Äč

You can create the Api construct in one stack, and add routes in other stacks. To do this, return the API from your stack function.

stacks/MainStack.ts
import { Api, StackContext } from "@serverless-stack/resources";

export function MainStack(ctx: StackContext) {
const api = new Api(ctx.stack, "Api", {
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
},
});

return {
api
}
}

Then in another stack, utilize use to import the first stack's API. Finally, call addRoutes. Note that the AWS resources for the added routes will be created in AnotherStack.

stacks/AnotherStack.ts
import { StackContext, use } from "@serverless-stack/resources";
import { MainStack } from "./MainStack"

export function AnotherStack(ctx: StackContext) {
const { api } = use(MainStack)
api.addRoutes(ctx.stack, {
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
});
}

Using 1 role for all routes‚Äč

By default, Api creates 1 IAM role for each Function handling a route. To have all Functions reuse the same role, manually create a role, and pass it into defaults.function.

Use managedPolicies and inlinePolicies to grant IAM permissions for the role.

import * as iam from "aws-cdk-lib/aws-iam";

const role = new iam.Role(this, "ApiRole", {
assumedBy: new iam.ServicePrincipal("lambda.amazonaws.com"),
managedPolicies: [
{
managedPolicyArn: "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
},
// optionally add more managed policies
],
inlinePolicies: {
// optionally add more inline policies
},
});

new Api(stack, "Api", {
defaults: {
function: {
role,
},
},
routes: {
"GET /notes": "src/list.main",
"POST /notes": "src/create.main",
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
},
});

ApiProps‚Äč

accessLog?‚Äč

Type : string | boolean | ApiAccessLogProps

Default : true

Enable CloudWatch access logs for this API

new Api(stack, "Api", {
accessLog: true
});
new Api(stack, "Api", {
accessLog: {
retention: "one_week",
},
});

authorizers?‚Äč

Type : Record<string, ApiUserPoolAuthorizer | ApiJwtAuthorizer | ApiLambdaAuthorizer>

Define the authorizers for the API. Can be a user pool, JWT, or Lambda authorizers.

new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
},
},
},
});

cors?‚Äč

Type : boolean | ApiCorsProps

Default : true

CORS support applied to all endpoints in this API

new Api(stack, "Api", {
cors: {
allowMethods: ["GET"],
},
});

customDomain?‚Äč

Type : string | ApiDomainProps

Specify a custom domain to use in addition to the automatically generated one. SST currently supports domains that are configured using Route 53

new Api(stack, "Api", {
customDomain: "api.example.com"
})
new Api(stack, "Api", {
customDomain: {
domainName: "api.example.com",
hostedZone: "domain.com",
path: "v1"
}
})

defaults.authorizationScopes?‚Äč

Type : Array<string>

Default : []

An array of scopes to include in the authorization when using user_pool or jwt authorizers. These will be merged with the scopes from the attached authorizer.

defaults.authorizer?‚Äč

Type : "iam" | "none" | string

The default authorizer for all the routes in the API.

new Api(stack, "Api", {
defaults: {
authorizer: "iam",
}
});
new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
},
},
},
defaults: {
authorizer: "Authorizer",
}
});

defaults.function?‚Äč

Type : FunctionProps

The default function props to be applied to all the Lambda functions in the API. The environment, permissions and layers properties will be merged with per route definitions if they are defined.

new Api(stack, "Api", {
defaults: {
function: {
timeout: 20,
environment: { tableName: table.tableName },
permissions: [table],
}
}
});

defaults.payloadFormatVersion?‚Äč

Type : "1.0" | "2.0"

Default : "2.0"

The payload format version for all the endpoints in the API.

defaults.throttle.burst?‚Äč

Type : number

The burst rate of the number of concurrent request for all the routes in the API.

new Api(stack, "Api", {
defaults: {
throttle: {
burst: 100
}
}
})

defaults.throttle.rate?‚Äč

Type : number

The steady-state rate of the number of concurrent request for all the routes in the API.

new Api(stack, "Api", {
defaults: {
throttle: {
rate: 10
}
}
})

routes?‚Äč

Type : Record<string, string | Function | ApiFunctionRouteProps | ApiHttpRouteProps | ApiAlbRouteProps | ApiPothosRouteProps>

Define the routes for the API. Can be a function, proxy to another API, or point to an ALB

new Api(stack, "api", {
routes: {
"GET /notes" : "src/list.main",
"GET /notes/{id}" : "src/get.main",
"$default": "src/default.main"
}
})

cdk.httpApi?‚Äč

Type : IHttpApi | HttpApiProps

Import the underlying HTTP API or override the default configuration

import { HttpApi } from "@aws-cdk/aws-apigatewayv2-alpha";

new Api(stack, "Api", {
cdk: {
httpApi: HttpApi.fromHttpApiAttributes(stack, "MyHttpApi", {
httpApiId,
}),
}
});

cdk.httpStages?‚Äč

Type : Array<Omit<HttpStageProps, "httpApi">>

Configures the stages to create for the HTTP API. Note that, a default stage is automatically created, unless the cdk.httpApi.createDefaultStage is set to `false.

import { HttpApi } from "@aws-cdk/aws-apigatewayv2-alpha";

new Api(stack, "Api", {
cdk: {
httpStages: [{
stageName: "dev",
autoDeploy: false,
}],
}
});

Properties‚Äč

An instance of Api has the following properties.

customDomainUrl‚Äč

Type : undefined | string

If custom domain is enabled, this is the custom domain URL of the Api.

note

If you are setting the base mapping for the custom domain, you need to include the trailing slash while using the custom domain URL. For example, if the domainName is set to api.domain.com and the path is v1, the custom domain URL of the API will be https://api.domain.com/v1/.

httpApiArn‚Äč

Type : string

The ARN of the internally created API Gateway HTTP API

httpApiId‚Äč

Type : string

The id of the internally created API Gateway HTTP API

routes‚Äč

Type : Array<string>

The routes for the Api

url‚Äč

Type : string

The AWS generated URL of the Api.

cdk.accessLogGroup?‚Äč

Type : LogGroup

If access logs are enabled, this is the internally created CDK LogGroup instance.

cdk.certificate?‚Äč

Type : Certificate

If custom domain is enabled, this is the internally created CDK Certificate instance.

cdk.domainName?‚Äč

Type : DomainName

If custom domain is enabled, this is the internally created CDK DomainName instance.

cdk.httpApi‚Äč

Type : HttpApi

The internally created CDK HttpApi instance.

Methods‚Äč

An instance of Api has the following methods.

addRoutes‚Äč

addRoutes(scope, routes)

Parameters

Adds routes to the Api after it has been created.

api.addRoutes(stack, {
"GET /notes/{id}": "src/get.main",
"PUT /notes/{id}": "src/update.main",
"DELETE /notes/{id}": "src/delete.main",
});

attachPermissions‚Äč

attachPermissions(permissions)

Parameters

Attaches the given list of permissions to all the routes. This allows the functions to access other AWS resources.

api.attachPermissions(["s3"]);

attachPermissionsToRoute‚Äč

attachPermissionsToRoute(routeKey, permissions)

Parameters

Attaches the given list of permissions to a specific route. This allows that function to access other AWS resources.

const api = new Api(stack, "Api", {
routes: {
"GET /notes": "src/list.main",
},
});

api.attachPermissionsToRoute("GET /notes", ["s3"]);

getFunction‚Äč

getFunction(routeKey)

Parameters

  • routeKey string

Get the instance of the internally created Function, for a given route key where the routeKey is the key used to define a route. For example, GET /notes.

const api = new Api(stack, "Api", {
routes: {
"GET /notes": "src/list.main",
},
});

const listFunction = api.getFunction("GET /notes");

ApiCorsProps‚Äč

allowCredentials?‚Äč

Type : boolean

Specifies whether credentials are included in the CORS request.

allowHeaders?‚Äč

Type : Array<string>

The collection of allowed headers.

allowMethods?‚Äč

Type : Array<"ANY" | "DELETE" | "GET" | "HEAD" | "OPTIONS" | "PATCH" | "POST" | "PUT">

The collection of allowed HTTP methods.

allowOrigins?‚Äč

Type : Array<string>

The collection of allowed origins.

// Allow all origins
allowOrigins: ["*"]

// Allow specific origins. Note that the url protocol, ie. "https://", is required.
allowOrigins: ["https://domain.com"]

exposeHeaders?‚Äč

Type : Array<string>

The collection of exposed headers.

maxAge?‚Äč

Type : ${number} second | ${number} seconds | ${number} minute | ${number} minutes | ${number} hour | ${number} hours | ${number} day | ${number} days

Specify how long the results of a preflight response can be cached

ApiDomainProps‚Äč

domainName?‚Äč

Type : string

The domain to be assigned to the API endpoint (ie. api.domain.com)

hostedZone?‚Äč

Type : string

The hosted zone in Route 53 that contains the domain. By default, SST will look for a hosted zone by stripping out the first part of the domainName that's passed in. So, if your domainName is api.domain.com. SST will default the hostedZone to domain.com.

isExternalDomain?‚Äč

Type : boolean

Set this option if the domain is not hosted on Amazon Route 53.

path?‚Äč

Type : string

The base mapping for the custom domain. For example, by setting the domainName to api.domain.com and the path to v1, the custom domain URL of the API will become https://api.domain.com/v1/. If the path is not set, the custom domain URL will be https://api.domain.com. Note the additional trailing slash in the former case.

cdk.certificate?‚Äč

Type : ICertificate

Override the internally created certificate

cdk.domainName?‚Äč

Type : IDomainName

Override the internally created domain name

cdk.hostedZone?‚Äč

Type : IHostedZone

Override the internally created hosted zone

ApiAlbRouteProps‚Äč

Specify a route handler that forwards to an ALB

api.addRoutes(stack, {
"GET /notes/{id}": {
type: "alb",
cdk: {
albListener: listener,
}
}
});

authorizationScopes?‚Äč

Type : Array<string>

authorizer?‚Äč

Type : "iam" | "none" | string

type‚Äč

Type : "alb"

cdk.albListener‚Äč

Type : IApplicationListener

The listener to the application load balancer used for the integration.

cdk.integration?‚Äč

Type : HttpAlbIntegrationProps

ApiJwtAuthorizer‚Äč

Specify a JWT authorizer and configure additional options.

new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "jwt",
userPool: {
issuer: "https://abc.us.auth0.com",
audience: ["123"],
},
},
},
});

identitySource?‚Äč

Type : Array<string>

Default : ["$request.header.Authorization"]

The identity source for which authorization is requested.

jwt.audience‚Äč

Type : Array<string>

A list of the intended recipients of the JWT.

jwt.issuer‚Äč

Type : string

The base domain of the identity provider that issues JWT.

name?‚Äč

Type : string

The name of the authorizer.

type‚Äč

Type : "jwt"

String literal to signify that the authorizer is JWT authorizer.

cdk.authorizer‚Äč

Type : HttpJwtAuthorizer

This allows you to override the default settings this construct uses internally to create the authorizer.

ApiAccessLogProps‚Äč

destinationArn?‚Äč

Type : string

format?‚Äč

Type : string

retention?‚Äč

Type : "one_day" | "three_days" | "five_days" | "one_week" | "two_weeks" | "one_month" | "two_months" | "three_months" | "four_months" | "five_months" | "six_months" | "one_year" | "thirteen_months" | "eighteen_months" | "two_years" | "five_years" | "ten_years" | "infinite"

ApiHttpRouteProps‚Äč

Specify a route handler that forwards to another URL

api.addRoutes(stack, {
"GET /notes/{id}": {
type: "url",
url: "https://example.com/notes/{id}",
}
});

authorizationScopes?‚Äč

Type : Array<string>

authorizer?‚Äč

Type : "iam" | "none" | string

type‚Äč

Type : "url"

This is a constant

url‚Äč

Type : string

The URL to forward to

cdk.integration‚Äč

Type : HttpUrlIntegrationProps

Override the underlying CDK integration

ApiLambdaAuthorizer‚Äč

Specify a Lambda authorizer and configure additional options.

new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "lambda",
function: new Function(stack, "Authorizer", {
handler: "test/lambda.handler",
}),
},
},
});

function?‚Äč

Type : Function

Used to create the authorizer function

identitySource?‚Äč

Type : Array<string>

Default : ["$request.header.Authorization"]

The identity source for which authorization is requested.

name?‚Äč

Type : string

The name of the authorizer.

responseTypes?‚Äč

Type : Array<"simple" | "iam">

The types of responses the lambda can return. If simple is included then response format 2.0 will be used.

resultsCacheTtl?‚Äč

Type : ${number} second | ${number} seconds | ${number} minute | ${number} minutes | ${number} hour | ${number} hours | ${number} day | ${number} days

Default : Not cached

The amount of time the results are cached.

type‚Äč

Type : "lambda"

String literal to signify that the authorizer is Lambda authorizer.

cdk.authorizer‚Äč

Type : HttpLambdaAuthorizer

This allows you to override the default settings this construct uses internally to create the authorizer.

ApiPothosRouteProps‚Äč

Specify a route handler that handles GraphQL queries using Pothos

api.addRoutes(stack, {
"POST /graphql": {
type: "pothos",
schema: "backend/functions/graphql/schema.ts",
output: "graphql/schema.graphql",
function: {
handler: "functions/graphql/graphql.ts",
},
commands: [
"./genql graphql/graphql.schema graphql/
]
}
})

authorizationScopes?‚Äč

Type : Array<string>

authorizer?‚Äč

Type : "iam" | "none" | string

commands?‚Äč

Type : Array<string>

Commands to run after generating schema. Useful for code generation steps

function‚Äč

Type : string | Function | FunctionProps

The function definition used to create the function for this route. Must be a graphql handler

output?‚Äč

Type : string

File to write graphql schema to

schema?‚Äč

Type : string

Path to pothos schema

type‚Äč

Type : "pothos"

ApiFunctionRouteProps‚Äč

Specify a function route handler and configure additional options

api.addRoutes(stack, {
"GET /notes/{id}": {
type: "function",
function: "src/get.main",
payloadFormatVersion: "1.0",
}
});

authorizationScopes?‚Äč

Type : Array<string>

authorizer?‚Äč

Type : "iam" | "none" | string

function‚Äč

Type : string | Function | FunctionProps

The function definition used to create the function for this route.

payloadFormatVersion?‚Äč

Type : "1.0" | "2.0"

Default : "2.0"

The payload format version for the route.

type?‚Äč

Type : "function"

ApiUserPoolAuthorizer‚Äč

Specify a user pool authorizer and configure additional options.

new Api(stack, "Api", {
authorizers: {
Authorizer: {
type: "user_pool",
userPool: {
id: userPool.userPoolId,
clientIds: [userPoolClient.userPoolClientId],
},
},
},
});

identitySource?‚Äč

Type : Array<string>

Default : ["$request.header.Authorization"]

The identity source for which authorization is requested.

name?‚Äč

Type : string

The name of the authorizer.

type‚Äč

Type : "user_pool"

String li any shot and having even a miniscule shotteral to signify that the authorizer is user pool authorizer.

userPool.clientIds?‚Äč

Type : Array<string>

The ids of the user pool clients to use for authorization.

userPool.id‚Äč

Type : string

The id of the user pool to use for authorization.

userPool.region?‚Äč

Type : string

The AWS region of the user pool.

cdk.authorizer‚Äč

Type : HttpUserPoolAuthorizer

This allows you to override the default settings this construct uses internally to create the authorizer.