API Gateway responds with 403 instead of 404

Question

I have Lambda-Proxy integration in API Gateway; Lambda has 2 GET APIs and 1 POST API.
GET is defined for /drive/service/lookup/v1/codes and /drive/service/lookup/v1/codes/{code}

POST is defined for

/v1/admin/apply

I called POST for one of the GET APIs /drive/service/lookup/v1/codes, which is not implemented; ExpressJs gives 404 on my local system. When I call POST using API Gateway, I get 403 with the following message

{ "message": "'JWT-Token' not a valid key=value pair (missing equal-sign) in Authorization header: 'Bearer JWT-Token'." }

I have no settings for request and response at API Gateway (I have Lambda-Proxy, not Lambda integration)

I would like to get 404 which is a valid response. I have big JWT token and this message becomes unreadable.

mjarosie mjarosie · Accepted Answer · 2019-08-07T20:27:28

What you're trying to implement is usually handled with "405 Method Not Allowed" response. AWS responds with 403 for anything which is not defined and accessible due to security reasons (see this forum thread for instance). You need to explicitly define all methods that you want to handle in API Gateway. In your case you want to add "ANY" method (see below) to /drive/service/lookup/v1/codes resource and handle all these methods apart from GET explicitly. One way could be to redirect to a Lambda created exactly for this purpose and responding with 404 (or 405, or any code you want to respond with). You could also redirect to a piece of code in your app that does it. Remember to deploy API Gateway after introducing changes so that they take effect!

API Gateway responds with 403 instead of 404

2 Answers