Skip to main content

4. Setting Up API Gateway & CORS

1) Create Proxy path for Auth APIs#

  • In your API Gateway, create a base path /auth and then create a proxy path /auth/{proxy+}.
  • When creating the proxy path, enable both Enable API Gateway CORS and Configure as proxy resource.
Creating a proxy path in AWS API gateway

2) Configure Auth APIs Lambda with API Gateway#

  • Create a POST method for the proxy route and associate the Auth APIs lambda function created in this step
Creating a POST method in AWS API gateway

When associating the lambda function, enable the Lambda Proxy integration option if available to chose. This is important because this will tell API Gateway not to modify or transform the incoming request when forwarding it to the lambda function.

3) Enable CORS for proxy path#

Your app's name:*
Information about the question
This is the name of your application
API Domain:*
Information about the question
This is the URL of your app's API server.
API Base Path:
Information about the question
SuperTokens will expose it's APIs scoped by this base API path.
Website Domain:*
Information about the question
This is the URL of your website.
Website Base Path:
Information about the question
The path where the login UI will be rendered
Submit form
  • When enabling CORS for the proxy path, make sure to do the following:
    • Add rid,fdi-version,anti-csrf,st-auth-mode to the existing Access-Control-Allow-Headers
    • Set Access-Control-Allow-Origin to '<YOUR_WEBSITE_DOMAIN>'
    • Set Access-Control-Allow-Credentials to 'true'. Don't miss out on those quotes else it won't get configured correctly.
Enabling CORS for the proxy path in AWS API Gateway