Whether an unauthenticated user may access the API. Must be "true" to enable ANONYMOUS route authorization.
The maximum expected time difference between the system clocks of the token issuer and the API Gateway. Note: Numbers greater than Number.MAX_SAFE_INTEGER will result in rounding issues.
The authentication scheme that is to be used when authenticating the token. This must to be provided if "tokenHeader" is specified.
The name of the header containing the authentication token.
The name of the query parameter containing the authentication token.
Validate a token present in the header or query parameter. A valid policy must specify either tokenHeader or tokenQueryParam.