AWS Certified Developer – Associate (DVA-C02) — Question 388

A company maintains a REST service using Amazon API Gateway and the API Gateway native API key validation. The company recently launched a new registration page, which allows users to sign up for the service. The registration page creates a new API key using CreateApiKey and sends the new key to the user. When the user attempts to call the API using this key, the user receives a 403 Forbidden error. Existing users are unaffected and can still call the API.

What code updates will grant these new users access to the API?

Answer options

• A. The createDeployment method must be called so the API can be redeployed to include the newly created API key.
• B. The updateAuthorizer method must be called to update the API's authorizer to include the newly created API key.
• C. The importApiKeys method must be called to import all newly created API keys into the current stage of the API.
• D. The createUsagePlanKey method must be called to associate the newly created API key with the correct usage plan.

Correct answer: D

Explanation

In Amazon API Gateway, simply creating an API key is not sufficient to grant access; the key must also be associated with an active usage plan that is linked to an API stage. Calling the createUsagePlanKey method associates the newly created API key with the appropriate usage plan, resolving the 403 Forbidden error. Other actions, such as redeploying the API or updating authorizers, are not required for API key activation.