Amazon Cognito Workshop > Lab 1 - User Pools API Authentication > Restricting API access > Attach Authorizer to the API

Attach Authorizer to the API

We now have all the parts to add authentication to the API. In this section we will restrict access to the /pets end point.

To confirm this is all working as expected return to Postman and open a new tab, take the API URL ( you should still have this in a browser tab, if not navigate back to API Gateway, click Stages in the left menu and copy the URL from the highlighted section at the top next to Invoke URL ) and paste this in, click send to see the result.

Return to the AWS Console, Navigate to API Gateway and select your API. In the left hand menu click Resources, in the Resources column, click/expand /pets then click on GET we will add authentication to only this resource which is the http GET verb on the sample API resource. Note: You may have to refresh the webpage for this new resource to appear.

Click on the Authorization combo box

select Builder-class (You may have refresh the page if you do not see it)

then click the little tick to save.

This will deploy a new option OAuth Scopes, click next to the default value which is NONE and type in petstore/read this is the OAuth scope we defined in Cognito earlier. Click the small tick to save.

You screen should look like below:

The settings are now ready but we have to deploy our API changes, click on Actions then Deploy API for the deployment stage select Prod and click deploy