Have you ever experienced random 403 responses from API Gateway while using authorizers, but your CloudWatch logs don’t even show the authorizer running?
I experienced this exact same scenario while building an API on AWS and it’s quite frustrating since there is very little indication as to what the underlying problem is. If you are actively developing an authorizer, chances are it may take a few tries to get it right. By default, API Gateway will cache the results of an authorizer for 5 minutes to avoid having to constantly run the underlying function.
One potential solution to resolve this issue is to disable caching while actively developing the API.
How to disable authorizer caching
Luckily it is very easy to disable authorizer caching.
In the dashboard, access your authorizer by heading to API Gateway > Authorizers. Then click Edit to change the settings. Simply toggle off “Authorizer caching” and click Save changes. You may need to re-deploy your API if you are using stages.
If you using AWS SAM like I am, you can set the ReauthorizeEvery configuration in the YAML like so:
What are the downsides of disabling caching?
There are some downsides when it comes to disabling caching of any kind. Here are just a few things to keep in mind:
- Increased latency since the authorizer Lambda needs to run on every request
- Higher costs due to the same reason above
- Cold starts can also be delayed while waiting for various functions to run if they are not frequently used.
For these reasons, it’s best to only disable caching in development environments and to thoroughly test your authorizers before using them in a production environment.
Top comments (0)