When working with a REST endpoint, you may need to set request headers for authorization purposes. This is done by passing a `custom_header` function into the configuration: ```javascript Amplify.configure({ API: { endpoints: [ { name: 'sampleCloudApi', endpoint: 'https://xyz.execute-api.us-east-1.amazonaws.com/Development', custom_header: async () => { return { Authorization: 'token' }; // Alternatively, with Cognito User Pools use this: // return { Authorization: `Bearer ${(await Auth.currentSession()).getAccessToken().getJwtToken()}` } // return { Authorization: `Bearer ${(await Auth.currentSession()).getIdToken().getJwtToken()}` } } } ] } }); ``` ## Note related to use Access Token or ID Token The ID Token contains claims about the identity of the authenticated user such as name, email, and phone_number. It could have custom claims as well, for example using [Amplify CLI](https://docs.amplify.aws/cli/usage/lambda-triggers#override-id-token-claims). On the Amplify Authentication category you can retrieve the Id Token using: ```javascript (await Auth.currentSession()).getIdToken().getJwtToken(); ``` The Access Token contains scopes and groups and is used to grant access to authorized resources. [This is a tutorial for enabling custom scopes.](https://aws.amazon.com/premiumsupport/knowledge-center/cognito-custom-scopes-api-gateway/). You can retrieve the Access Token using ```javascript (await Auth.currentSession()).getAccessToken().getJwtToken(); ``` ## Customizing HTTP request headers To use custom headers on your HTTP request, you need to add these to Amazon API Gateway first. For more info about configuring headers, please visit [Amazon API Gateway Developer Guide](http://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-cors.html) If you have used Amplify CLI to create your API, you can enable custom headers by following above steps: 1. Visit [Amazon API Gateway console](https://aws.amazon.com/api-gateway/). 2. On Amazon API Gateway console, click on the path you want to configure (e.g. /{proxy+}) 3. Then click the _Actions_ dropdown menu and select **Enable CORS** 4. Add your custom header (e.g. my-custom-header) on the text field Access-Control-Allow-Headers, separated by commas, like: 'Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token,my-custom-header'. 5. Click on 'Enable CORS and replace existing CORS headers' and confirm. 6. Finally, similar to step 3, click the Actions drop-down menu and then select **Deploy API**. Select **Development** on deployment stage and then **Deploy**. (Deployment could take a couple of minutes). ## Unauthenticated Requests You can use the API category to access API Gateway endpoints that don't require authentication. In this case, you need to allow unauthenticated identities in your Amazon Cognito Identity Pool settings. For more information, please visit [Amazon Cognito Developer Documentation](https://docs.aws.amazon.com/cognito/latest/developerguide/identity-pools.html#enable-or-disable-unauthenticated-identities). ## Cognito User Pools Authorization You can use the JWT token provided by the Authentication API to authenticate against API Gateway directly when using a [custom authorizer](https://docs.aws.amazon.com/apigateway/latest/developerguide/apigateway-integrate-with-cognito.html). ```javascript async function postData() { const apiName = 'MyApiName'; const path = '/path'; const myInit = { headers: { Authorization: `Bearer ${(await Auth.currentSession()) .getIdToken() .getJwtToken()}` } }; return await API.post(apiName, path, myInit); } postData(); ``` > Note that the header name, in the above example 'Authorization', is dependent on what you choose during your API Gateway configuration.