Skip to content
/ amazon-api-gateway-pinpoint-otp-demo Public

This application demonstrates how you can leverage Amazon Pinpoint's One Time Password (OTP) feature, to authenticate Amazon API Gateway requests.

License

MIT-0 license
4 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aws-samples/amazon-api-gateway-pinpoint-otp-demo

BranchesTags

Repository files navigation

Amazon API Gateway Pinpoint OTP Demo

This application demonstrates how you can leverage Amazon Pinpoint's One Time Password (OTP) feature, to authenticate Amazon API Gateway requests. It uses a Lambda Authorizer to authenticate incoming requests, and calls the SendOTPMessage and VerifyOTPMessage APIs in Amazon Pinpoint to validate OTPs and exchange the verification for an API key.

Architecture Diagram

NOTE: This application is a demo, intended to help you validate ideas and perform a proof-of-concept. It is not meant for production deployments as is.

Requirements

  • AWS Serverless Application Model (AWS SAM) Command Line Interface (CLI) to deploy to your account. Instructions for installing and setting up SAM CLI can be found here.
  • Amazon Pinpoint project to send SMS OTP messages. Follow the instructions to configure your project.
  • If the SMS channel on Amazon Pinpoint is not enabled for your SenderID, leverage the SMS sandbox.
  • Replace the PINPOINT_APPLICATION_ID variables in the template file before deployment. This identifier is displayed as the Project ID on the Amazon Pinpoint console.
  • Optionally, replace the BRAND_NAME variable with a name of your choosing.

Deployment

  • Once the above requirements are met, deploy the application using sam deploy --guided
  • Optionally you can browse to the AWS CloudFormation console to view the resources in more detail
  • Note down the Amazon API Gateway endpoint - it will be used to invoke the APIs in the next step.

Demo

  • Make a GET /call without passing any headers. It should return with a 403 forbidden error.
  • Next call the POST /login API and pass the Phone header with the recepient phone number. You should receive the OTP code as SMS.
  • Next call the POST /verify API and pass the Phone and Otp headers. In the API response you should receive an API token.
  • Lastly, call the GET / API again, and pass the Authorization header with the API token from previous step. You API call should return with a 200 response.

Cleanup

  • Use sam delete to delete the application from your AWS account, and avoid incurring additional charges.
  • Note: The above command does not delete any components that you create manually.

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

About

This application demonstrates how you can leverage Amazon Pinpoint's One Time Password (OTP) feature, to authenticate Amazon API Gateway requests.

Topics

aws otp aws-lambda api-gateway sms http-api otp-verification lambda-authorizer amazon-pinpoint

Resources

Readme

License

MIT-0 license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

4 stars

Watchers

6 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages