API Gateway: Token Authorizer vs Request Authorizer (in 20 seconds)

This is a Quick & Simple post on the difference between the TokenAuthorizer and RequestAuthorizer with regards to API Gateway.

Both require a Lambda to do the actual authorization.

The difference?

Token Authorizer looks at a specific header. Typically, it’ll be the Api-Key header that your Lambda will care about.

Request Authorizer looks at the whole request. With this, you can look at all the headers and other properties as…