Native support for JSON Web Tokens (JWTs)

You can now control access to APIs you deploy to API gateways using JSON Web Tokens (JWTs), without having to write a custom authorizer function.

You can configure the API gateway to retrieve public verification keys from an identity provider at runtime.

Alternatively, you can configure the API gateway in advance with public verification keys already issued by an identity provider (referred to as 'static keys'), enabling the API gateway to verify JWTs locally at runtime without having to contact the identity provider.

For more information, see Using JSON Web Tokens (JWTs) to Add Authentication and Authorization to API Deployments.