I have an api gateway with custom domain names set up, it works fine if I visit the custom domain name but if I visit the API Gateway domain name (https://xxxxx.execute-api.us-west-2.amazonaws.com) directly I just got:
{"message":"Forbidden"}
My understanding is that custom domain name here is just like an alias to the original API Gateway domain name and is just a prettier name for it so I should be invoking the api gateway by either of them?
API Gateway REST can be invoked in two different ways.
Example: https://ab11cde222.execute-api.us-east-1.amazonaws.com/dev , where ab11cde222 is api id and dev is stage name.
Since we can point the domain directly to a stage in api mappings, we don't have to suffix stage name when we use direct domain name.
There are many reasons why {"message":"Forbidden"} can occur as listed here, every reason either points to a call of an invalid/non-existent api or missing/invalid keys. Since the direct domain name is working fine, it seems like missing stage name suffix is most probable cause.
https://xxxxx.execute-api.us-west-2.amazonaws.com/qa, when we use custom domain name, it will directly point to a stage that is defined in 'API mappings' – Balu Vyamajala