Request Headers

HTTP request headers

The headers are a part of the data passed from the client to the server. We have some standard HTTP headers, and we can have custom headers that go with our request. API Gateway allows us to play with these values as we map the data during API integration. For example, we can add headers based on the values in the path/query parameters or from the payload body, or we can also hardcode the value for new headers.

Custom headers

This pattern is handy when we want to pass metadata with an API without tampering with the request body. Sometimes, custom headers are required by a third-party API that we want to invoke from our API. Most often, this is used for authentication.

Suppose we want to build a web application that tracks the score of a soccer game. We can get the soccer score API on an API aggregator like RapidAPI. An API key provided by RapidAPI must authenticate all requests to such an API. We can’t have such an API key in our client code. It’s not secure. A hacker can easily track the API calls from the browser and identify the RapidAPI key.

Instead, we can integrate the soccer API from RapidAPI with a custom API that we develop. Our API can be guarded by custom authentication that we define. Once authenticated at the API Gateway, we can forward the request to RapidAPI, along with the API key added to the custom header by the API Gateway integration.