I would like to secure AWS API Gateway endpoint with an API Key. However the API key must be sent as part of the query parameter. There is no way to instruct the service that uses this endpoint to send the key (x-api-key) in the header.
So I would like this request: https://api_id.execute-api.us-east-1.amazonaws.com/dev/?x-api-key=KEY
to automatically consider x-api-key as the API key when a request is made. Is there a straight way to achieve this in AWS API Gateway?
I think the solution is to use an API Gateway Custom Authorizer
But then the question is how to use enforce usage plans...
You can use API Gateway Lambda Authorizers.
An Amazon API Gateway Lambda authorizer (formerly known as a custom authorizer) is a Lambda function that you provide to control access to your API methods. A Lambda authorizer uses bearer token authentication strategies, such as OAuth or SAML. It can also use information described by headers, paths, query strings, stage variables, or context variables request parameters.
https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-use-lambda-authorizer.html
