# Secure AWS API Gateway Routes using Auth0

Amazon API Gateway is a fully managed AWS service that helps developers to create HTTP and Rest APIs. The APIs will be at the front door before the request goes into our backend business services. It is very critical to secure our APIs.

In this blog post, we will see how to add authorization of JWT(JSON Web Tokens) type to the API Gateway Routes using  [auth0](https://auth0.com/) as an Identity Provider.

## Create API in auth0

We need to login into the **auth0** tenant dashboard and register an API. 

Go to Dashboard > Applications > APIs, and select + Create API. 

![register-api-auth0.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628184224324/mvmlvg6X8.png)

Give a name for the API **Profile Authorizer**, a unique identifier for the API **https://profileauthorizer.com**, and the algorithm to sign the tokens **RS256 ** as shown above.

## Create AWS API Gateway Endpoint

Login to AWS console and go to AWS APIGateway service and create an HTTP API with a name **hashigate-aws-api** and create a Route with **/profile** as Resource and **GET ** method. We will integrate the Gateway with the Lambda function so that, whenever the request comes to Gateway, it goes into lambda and gives us the random profiles as output.

![gateway-without-authorizer.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628185520604/AR30Jp1jr.png)

Now, go to the postman and send the request, we see the below output.

![gateway-output-without-authorization.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628185729917/oZIOLcbrN.png)

## Add Authorizer to the Route

Now, let us add the JWT authorization to the Route. Go to the **Authorization** and click on **Create and Attach an authorizer** and select the JWT as Authorizer Type and give the name as **profile_auth**

![create-authorizer.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628186024652/xSyW-VTL2.png)

We need an Issuer URL of the Identity Provider (In this case **auth0**) and the audience which is the client ID that is registered to the Identity Provider.

To get the value, head over to the API **Profile Authorizer** which was created in the auth0 dashboard. In **Quick Start**, you will find a nodejs code and we can see the value for issuer and audience.

![audience-issuer.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628186361085/lnO2rXDu5.png)

Now, once the authorizer is created, we can attach the authorizer to our Route **/profile** and deploy.

![attach authorizer.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628186587139/sVC0dYrac.png)

Now, go to the postman and send the request. Now, we see the message **Unauthorized**

![unauthorized.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628186720364/f3zRmOfMN.png)

To get to the bearer token, head over to the API **Profile Authorizer** which was created in the auth0 dashboard. In **Test**, you will find the bearer token.

![bearer-token.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628186849443/6X2MXVPiu.png)

Now add the bearer token into the postman request and we see the request is authorized and we get a proper response.

![bearer-token-proper-response.png](https://cdn.hashnode.com/res/hashnode/image/upload/v1628186980258/H7Oi7KY2V.png)

## Conclusion

In this blog post, we looked at how to use the **auth0** API as an Issuer of Identity provider and audience. We have seen, how to create secure AWS API Gateway routes using JWT authorizer.







