AWS API Gateway - error 403 on resource not found - aws-api-gateway

It seems an HTTP response of 403 is accepted as the norm and correct handling of any calls made to a resource or endpoint that does not exist on an API Gateway setup (this post).
Example: a call to a non-existing endpoint on my Gateway would be;
GET -- https://{{MyGatewayDomain}}/api/v1/blah
This would return a 403 forbidden. Which can be rather confusing and misleading.
I'd like to know if anyone has managed to configure their API Gateway so that any call to a non-existing endpoint / resource, returns what I would have thought is a correct response of a 404?
Thanks in advance.
EDIT
As per bejos-aws's suggestion, I am able to override the default behaviour of the 403 Missing Authentication Token however, this will not solve my issue as then all the valid 403 errors would return a 404 response which is incorrect.
Also, my issue is regarding a 403 forbidden which doesn't exist in the default responses in the AWS Gateway Response's list (and even if it did, that wouldn't help).
Seems this is just not possible?

This is not currently a feature of API Gateway. However, there is a workaround. Using Gateway Responses, you can override the 403 Missing Authentication Token response with a 404 and supply whatever message you want as a response.
Note, this only works when the API stage is valid:
So if your API is deployed to a stage named v1
https://{MyGatewayDomain}/api/v1/somepath
And the caller supplies the wrong stage
https://{MyGatewayDomain}/api/invalidStage/somepath
Then the API will still respond with 403 Forbidden

Related

migrating to sharefile V3. Recieving statusCode: 401 after authentication

Seattle 10
Chilkat
migrating sharefile api from V1 to V3.
Registered for API key and received credentials.
Code is successful in receiving authorization code and immediately after when sending a get request with header containing authorization code to receive list of items in a file using
GET','/sf/v3/Items('folderid)?$expand=Children&$select=Id,Name,Children,Children/Id,Children/Name',sbResponseBody)
I get a 401 error unauthorized. cannot find any help on the sharefile site.
response: Response Status Code = 401Response Header:Response Body:{"code":"Unauthorized","message":{"lang":"en-US","value":"[AUTH] Invalid Authentication"},"reason":"NotAuthenticated"}
response3:
Sorry for being verbose. Any help will be appreciated.
I'm posting the answer to my question in case somebody has a similar issue as mine.
My issue was that I was adding the word "Bearer" to the auth id which is returned by the http request while using that auth id to download my item from sharefile.
Unlike with some others I did not have to add the word bearer to the Oauthid as the http header did it for me.

Unable Auhorize Access to REST API end service with Azure Data Factory with Token Error status code 401 Unauthorized

I have configured our Azure Data Factory with a REST Link Service. I have obtained a valid token from the end service.
The token successfully works when using the token with POSTMAN, but the token returns Error status code 401 Unauthorized with Azure Data Factory.
As you can see with POSTMAN when I send a GET request with the Token I get data back:
However, with Azure Data Factory I get the error:
{
"errorCode": "2200",
"message": "Failure happened on 'Source' side. ErrorCode=RestCallFailedWithClientError,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,Message=Rest call failed with client error, status code 401 Unauthorized, please check your activity settings.\nRequest URL: https://pm2.preqinsolutions.com/apiCore/api/countries.\nResponse: ,Source=Microsoft.DataTransfer.ClientLibrary,'",
"failureType": "UserError",
"target": "Copy data1",
"details": []
}
The ADF Link Service is a follows:
Can someone see something obvioius that would prevent access due 401 Unauthorized status with ADF?
I have also tried the following ADF configuration. However, I'm getting the same error:
Please try changing the authHeader name to Authorization and the value to Bearer <your API key>. I suspect from the screenshot of Postman that is what it’s doing. If that does not work then please provide a link to the documentation. This explains Bearer tokens.
You might also check the lifetime of your access token and make sure it doesn’t expire after an hour, for example.
I did a quick test against a REST API I know (Power BI REST API). The linked service looks like this and the value for the Authorization header was Bearer MY_ACCESS_TOKEN_HERE.
The dataset looks like:
The source of the Copy activity looks like:
This succeeded.
I would suggest you contact pm2.preqinsolutions.com support to see if they can provide more information on your access token / API key and have them confirm that the API isn't restricted to be accessed from only certain allowed API addresses. (ADF will not be accessing it from an on-premises IP address like your laptop.) You might also change the REST API linked service to use a self-hosted integration runtime instead of an Azure integration runtime to validate the IP address the API is called from isn't the issue.

AWS Websocket API return error "Output mapping refers to an invalid method response: 200" when testing to connect from wscat

I am trying to build realtime chat and notification using AWS Websocket API. i have setup the $connect route to integrate to http endpoint. when testing the websocket URL using wscat, request successfully received on my endpoint, but wscat got "Unexpected server response: 500". inspecting associated log on CloudWatch, i found an error said "Output mapping refers to an invalid method response: 200". anyone can please help me to figure out what am i doing wrong here?
This stems from a missing Method Response on the method.
Select the API Gateway Method
Select Method Response
Ensure that a mapping exists for a 200 response (either 200 or 2**)
For me the problem was that despite having configured the response routes correctly with a $default response (as a catchall), the deployment did not contain these integration responses.
This was due to the deployment resource being created before the actual routes. I solved it by adding making the stage DependsOn the route, and the deployment DependsOn the stage (this I did by using an implicit dependsOn via a StageResource.ref for the stageName attribute on the deployment).
You can check out my answer here for more details.

amazon api gateway returns 403

I am calling a serverless api(apigateway+lambda) from lambda from another aws account with axios, returns 403 http status with payload { message: "Forbidden" }. the get http call returns data when used in chrome
looking at the comments which say that the headers included "x-amzn-errortype: ForbiddenException", that happened for me when I had not deployed the api yet. After deploying the api, that error went away

Cannot reach Keycloak Admin REST endpoints as described by the documentation

In the Keycloak documentation the base path is defined as: localhost:8080/auth
But if we try to reach the documented endpoints we always get a Not Found response.
We get a 404 if we try to access the endpoint to get the top-level representation of the master realm: GET /{realm} like:
http://localhost:8080/auth/master
But if we try it like:
http://localhost:8080/auth/admin/realms/master
we receive a successful response.
Are we overlooking something or is this an error in the documentation?