22

I am trying to call a Lambda Function through AWS API Gateway.

I've been getting this error when I tried IAM authentication, API Key Authentication and also with no authentication. enter image description here

{"message":"Missing Authentication Token"}

Some people had the same problem due to non existing endpoint. However, I've taken my endpoint directly from the Lambda Function AWS Console. enter image description here

I've been trying to open the URL in the Browser and also on the Postman (with and without a header authentication: x-api-key: *****************). enter image description here

Both responded with above stated error.

Improve this question
2
  • Does this work if you set up the API first in API Gateway and then add the Lambda function to the API? Commented May 9, 2016 at 18:06
  • AWS has a strange, inconsistent vocabulary. Sometimes when AWS says "authentication" it means "resource" and sometimes when AWS says "token" they mean "path". So you have to translate "Missing authentication token" to "Missing resource path". Commented Aug 18, 2023 at 16:12

5 Answers 5

Reset to default
19

One more step: in Postman, you need to set the Authorization to AWS Signature, and then enter your AccessKey and SecretKey from your IAM user:

Postman screenshot Postman screenshot

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It works! While testing in Postman ensure Request body is set to Raw (application/json). I had forgotten about it. :p
Why would you need to set AccessKey/SecretKey if OP specific Authorization as NONE?
8

I'll write up a detailed FAQ here for any viewers. Ordered by most common cause.

  1. Incorrect resource path and/or HTTP method.
    • If you have the right resource path and the wrong HTTP method, you'll still see this message
    • You can use Postman or some other client to sign a request to the same resource/method and if you get a 404 then you definitely have the wrong resource/method.
  2. Missing signature on protected resource/method. By default, your API will be open. If you have explicitly required AWS Auth then the error indicates that the request wasn't signed.
  3. If you're using the Lambda console to create an 'API Endpoint' it may be an issue on the Lambda end, or a delay in the propagation of the new API. In this case go to the API Gateway console and you should see the same API that Lambda created for you. Make sure it has been deployed and you have the right stage, resource path, and method.
Improve this answer

Comments

4

Just wanted to mention that if you set your API gateway's authentication to be NONE, make sure you need to Deploy API first before the no authentication setting is in effect.

Improve this answer

2 Comments

Thank you, this saved my day. I take the chance to express my frustration on how horrible the AWS API Gateway DX is
I only wish this had worked :( How would you ensure this in a cfn template or cdk?
-2

You need to set Api Key Required to true. See more here: http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-api-keys.html

Improve this answer

1 Comment

The behavior for Api Key Required = false is not to throw a 403 error. The other answers are correct, this is more to do with either a) wrong resource/method b) missing creds on protected resource/method
-2

You have to Enable CORS from the actions for the API. This will create a new OPTIONS method. CORS is for cross domain requests

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.