API Gateway: Token Authorizer vs Request Authorizer (in 20 seconds)

This is a Quick & Simple post on the difference between the TokenAuthorizer and RequestAuthorizer with regards to API Gateway.

Both require a Lambda to do the actual authorization.

The difference?

Token Authorizer looks at a specific header. Typically, it’ll be the Api-Key header that your Lambda will care about.

Request Authorizer looks at the whole request. With this, you can look at all the headers and other properties as requestContext.souurceIp and everything else in the request object.

That’s it.

If you want to read about the various authorizers in depth, check out this post from the interwebz: https://www.alexdebrie.com/posts/lambda-custom-authorizers/