How can I disable the API Gateway default endpoint for REST or HTTP APIs?

Last updated: 2022-08-26

I want to allow clients to invoke my APIs only using the custom domain name. How can I deactivate the default API execute-api endpoint URL for Amazon API Gateway REST or HTTP APIs?

Short description

API Gateway REST APIs and HTTP APIs use a default API endpoint in the following format: "https://{api_id}.execute-api.{region}.amazonaws.com". If you use a custom domain name for your API Gateway REST or HTTP APIs, you can deactivate the default endpoint. This allows all traffic to route to your APIs through the custom domain name.

Resolution

Follow these steps to disable the default endpoint using the API Gateway console, AWS Command Line Interface (AWS CLI), or AWS CloudFormation.

Note:

API Gateway console

REST API

  1. Open the API Gateway console.
  2. In the navigation pane, choose APIs, and then choose your REST API.
  3. In the navigation pane, choose Settings.
  4. For the Default Endpoint, choose Disabled, and then choose Save Changes.
  5. In the navigation pane, choose Resources, Actions, and then choose Deploy API.

HTTP API

  1. Open the API Gateway console.
  2. In the navigation pane, choose APIs, and then choose your HTTP API.
  3. In the navigation pane, choose Settings.
  4. For the Default Endpoint, choose Disabled, and then choose Save Changes.
  5. In the navigation pane, choose Resources, Actions, and then choose Deploy API.

AWS CLI

REST API

Run the AWS CLI command update-rest-api similar to the following:

aws apigateway update-rest-api --rest-api-id abcdef123 --patch-operations op=replace,path=/disableExecuteApiEndpoint,value='True'

To deploy the updated API, run the AWS CLI command create-deployment similar to the following

aws apigateway create-deployment --rest-api-id abcdef123 --stage-name dev

Note: Replace api_id abcdef123 and stage_name dev with your REST API ID and respective stage.

HTTP API

Run the AWS CLI command update-api similar to the following:
aws apigatewayv2 update-api --api-id abcdef123 --disable-execute-api-endpoint

To deploy the updated API, run the AWS CLI command create-deployment similar to the following:

aws apigatewayv2 create-deployment --api-id abcdef123 --stage-name dev

Note: Replace api_id abcdef123 and stage_name dev with your HTTP API ID and respective stage.

CloudFormation template

To disable the default endpoint from a CloudFormation template, you can set the DisableExecuteApiEndpoint parameter to True. Update the CloudFormation template for REST API or HTTP API.

Important: Disabling the default endpoint results in HTTP 403 Forbidden errors if the API is invoked using the default endpoint URL.


Did this article help?


Do you need billing or technical support?