Skip to content
This repository was archived by the owner on Mar 6, 2026. It is now read-only.

aws-samples/amazon-api-gateway-pinpoint-otp-demo

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
img
img
 
 
src
src
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
CODE_OF_CONDUCT.md
CODE_OF_CONDUCT.md
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
template.yaml
template.yaml
 
 

Repository files navigation

Amazon API Gateway Pinpoint OTP Demo

This application demonstrates how you can leverage Amazon Pinpoint's One Time Password (OTP) feature, to authenticate Amazon API Gateway requests. It uses a Lambda Authorizer to authenticate incoming requests, and calls the SendOTPMessage and VerifyOTPMessage APIs in Amazon Pinpoint to validate OTPs and exchange the verification for an API key.

Architecture Diagram

NOTE: This application is a demo, intended to help you validate ideas and perform a proof-of-concept. It is not meant for production deployments as is.

Requirements

  • AWS Serverless Application Model (AWS SAM) Command Line Interface (CLI) to deploy to your account. Instructions for installing and setting up SAM CLI can be found here.
  • Amazon Pinpoint project to send SMS OTP messages. Follow the instructions to configure your project.
  • If the SMS channel on Amazon Pinpoint is not enabled for your SenderID, leverage the SMS sandbox.
  • Replace the PINPOINT_APPLICATION_ID variables in the template file before deployment. This identifier is displayed as the Project ID on the Amazon Pinpoint console.
  • Optionally, replace the BRAND_NAME variable with a name of your choosing.

Deployment

  • Once the above requirements are met, deploy the application using sam deploy --guided
  • Optionally you can browse to the AWS CloudFormation console to view the resources in more detail
  • Note down the Amazon API Gateway endpoint - it will be used to invoke the APIs in the next step.

Demo

  • Make a GET /call without passing any headers. It should return with a 403 forbidden error.
  • Next call the POST /login API and pass the Phone header with the recepient phone number. You should receive the OTP code as SMS.
  • Next call the POST /verify API and pass the Phone and Otp headers. In the API response you should receive an API token.
  • Lastly, call the GET / API again, and pass the Authorization header with the API token from previous step. You API call should return with a 200 response.

Cleanup

  • Use sam delete to delete the application from your AWS account, and avoid incurring additional charges.
  • Note: The above command does not delete any components that you create manually.

Security

See CONTRIBUTING for more information.

License

This library is licensed under the MIT-0 License. See the LICENSE file.

About

This application demonstrates how you can leverage Amazon Pinpoint's One Time Password (OTP) feature, to authenticate Amazon API Gateway requests.

Topics

aws otp aws-lambda api-gateway sms http-api otp-verification lambda-authorizer amazon-pinpoint

Resources

Readme

License

MIT-0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

3 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

Generated from amazon-archives/__template_MIT-0