ApiGatewayWebSocket

Reference doc for the `sst.aws.ApiGatewayWebSocket` component.

The ApiGatewayWebSocket component lets you add an Amazon API Gateway WebSocket API to your app.

Create the API

const api = new sst.aws.ApiGatewayWebSocket("MyApi");

Add a custom domain

new sst.aws.ApiGatewayWebSocket("MyApi", {
  domain: "api.example.com"
});

Add routes

api.route("$connect", "src/connect.handler");
api.route("$disconnect", "src/disconnect.handler");
api.route("$default", "src/default.handler");
api.route("sendMessage", "src/sendMessage.handler");

Constructor

new ApiGatewayWebSocket(name, args?, opts?)

Parameters

name string
args? ApiGatewayWebSocketArgs
opts? ComponentResourceOptions

ApiGatewayWebSocketArgs

accessLog?

Type Input<Object>

retention?

Default {retention: “1 month”}

Configure the API Gateway logs in CloudWatch. By default, access logs are enabled and kept for 1 month.

{
  accessLog: {
    retention: "forever"
  }
}

Default 1 month

The duration the API Gateway logs are kept in CloudWatch.

domain?

Type Input<string | Object>

cert?
dns?
name?
nameId?
path?

Set a custom domain for your WebSocket API.

Automatically manages domains hosted on AWS Route 53, Cloudflare, and Vercel. For other providers, you’ll need to pass in a cert that validates domain ownership and add the DNS records.

By default this assumes the domain is hosted on Route 53.

{
  domain: "example.com"
}

For domains hosted on Cloudflare.

{
  domain: {
    name: "example.com",
    dns: sst.cloudflare.dns()
  }
}

domain.cert?

Type Input<string>

The ARN of an ACM (AWS Certificate Manager) certificate that proves ownership of the domain. By default, a certificate is created and validated automatically.

To manually set up a domain on an unsupported provider, you’ll need to:

Validate that you own the domain by creating an ACM certificate. You can either validate it by setting a DNS record or by verifying an email sent to the domain owner.
Once validated, set the certificate ARN as the cert and set dns to false.
Add the DNS records in your provider to point to the API Gateway URL.

{
  domain: {
    name: "example.com",
    dns: false,
    cert: "arn:aws:acm:us-east-1:112233445566:certificate/3a958790-8878-4cdc-a396-06d95064cf63"
  }
}

domain.dns?

Type Input<false | sst.aws.dns | sst.cloudflare.dns | sst.vercel.dns>

Default sst.aws.dns

The DNS provider to use for the domain. Defaults to the AWS.

Takes an adapter that can create the DNS records on the provider. This can automate validating the domain and setting up the DNS routing.

Supports Route 53, Cloudflare, and Vercel adapters. For other providers, you’ll need to set dns to false and pass in a certificate validating ownership via cert.

Specify the hosted zone ID for the Route 53 domain.

{
  domain: {
    name: "example.com",
    dns: sst.aws.dns({
      zone: "Z2FDTNDATAQYW2"
    })
  }
}

Use a domain hosted on Cloudflare, needs the Cloudflare provider.

{
  domain: {
    name: "example.com",
    dns: sst.cloudflare.dns()
  }
}

Use a domain hosted on Vercel, needs the Vercel provider.

{
  domain: {
    name: "example.com",
    dns: sst.vercel.dns()
  }
}

domain.name?

Type Input<string>

The custom domain you want to use.

{
  domain: {
    name: "example.com"
  }
}

Can also include subdomains based on the current stage.

{
  domain: {
    name: `${$app.stage}.example.com`
  }
}

domain.nameId?

Type Input<string>

Use an existing API Gateway domain name.

By default, a new API Gateway domain name is created. If you’d like to use an existing domain name, set the nameId to the ID of the domain name and do not pass in name.

{
  domain: {
    nameId: "example.com"
  }
}

domain.path?

Type Input<string>

The base mapping for the custom domain. This adds a suffix to the URL of the API.

Given the following base path and domain name.

{
  domain: {
    name: "api.example.com",
    path: "v1"
  }
}

The full URL of the API will be https://api.example.com/v1/.

By default there is no base path, so if the name is api.example.com, the full URL will be https://api.example.com.

transform?

Type Object

accessLog?
api?
domainName?
route? Object
- args?
- handler?
stage?

Transform how this component creates its underlying resources.

transform.accessLog?

Type LogGroupArgs | (args: LogGroupArgs, opts: ComponentResourceOptions, name: string) => void

Transform the CloudWatch LogGroup resource used for access logs.

transform.api?

Type ApiArgs | (args: ApiArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway WebSocket API resource.

transform.domainName?

Type DomainNameArgs | (args: DomainNameArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway WebSocket API domain name resource.

transform.route?

Type Object

Transform the routes. This can be used to customize the handler function and the arguments for each route.

{
  transform: {
    route: {
      handler: {
        link: [bucket, stripeKey]
      },
      args: {
        auth: { iam: true }
      }
    }
  }
}

transform.route.args?

Type ApiGatewayWebSocketRouteArgs | (args: ApiGatewayWebSocketRouteArgs, opts: ComponentResourceOptions, name: string) => void

Transform the arguments for the route.

transform.route.handler?

Type FunctionArgs | (args: FunctionArgs, opts: ComponentResourceOptions, name: string) => void

Transform the handler function for the route.

transform.stage?

Type StageArgs | (args: StageArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway WebSocket API stage resource.

Properties

managementEndpoint

Type Output<string>

The management endpoint for the API used by the API Gateway Management API client. This is useful for sending messages to connected clients.

nodes

Type Object

api
logGroup
domainName

The underlying resources this component creates.

nodes.api

Type Api

The Amazon API Gateway V2 API.

nodes.logGroup

Type LogGroup

The CloudWatch LogGroup for the access logs.

nodes.domainName

Type Output<DomainName>

The API Gateway HTTP API domain name.

url

Type Output<string>

The URL of the API.

If the domain is set, this is the URL with the custom domain. Otherwise, it’s the autogenerated API Gateway URL.

SDK

Use the SDK in your runtime to interact with your infrastructure.

Methods

addAuthorizer

addAuthorizer(name, args)

Parameters

name string
The name of the authorizer.
args ApiGatewayWebSocketAuthorizerArgs
Configure the authorizer.

Returns ApiGatewayV2Authorizer

Add an authorizer to the API Gateway WebSocket API.

Add a Lambda authorizer.

api.addAuthorizer({
  name: "myAuthorizer",
  lambda: {
    function: "src/authorizer.index"
  }
});

Add a JWT authorizer.

const authorizer = api.addAuthorizer({
  name: "myAuthorizer",
  jwt: {
    issuer: "https://issuer.com/",
    audiences: ["https://api.example.com"],
    identitySource: "$request.header.AccessToken"
  }
});

Add a Cognito UserPool as a JWT authorizer.

const pool = new sst.aws.CognitoUserPool("MyUserPool");
const poolClient = userPool.addClient("Web");

const authorizer = api.addAuthorizer({
  name: "myCognitoAuthorizer",
  jwt: {
    issuer: $interpolate`https://cognito-idp.${aws.getRegionOutput().name}.amazonaws.com/${pool.id}`,
    audiences: [poolClient.id]
  }
});

Now you can use the authorizer in your routes.

api.route("GET /", "src/get.handler", {
  auth: {
    jwt: {
      authorizer: authorizer.id
    }
  }
});

route

route(route, handler, args?)

Parameters

route string
The path for the route.
handler Input<string | FunctionArgs | “arn:aws:lambda:${string}”>
The function that’ll be invoked.
args? ApiGatewayWebSocketRouteArgs
Configure the route.

Returns ApiGatewayWebSocketRoute

Add a route to the API Gateway WebSocket API.

There are three predefined routes:

$connect: When the client connects to the API.
$disconnect: When the client or the server disconnects from the API.
$default: The default or catch-all route.

In addition, you can create custom routes. When a request comes in, the API Gateway will look for the specific route defined by the user. If no route matches, the $default route will be invoked.

Add a simple route.

api.route("sendMessage", "src/sendMessage.handler");

Add a predefined route.

api.route("$default", "src/default.handler");

Enable auth for a route.

api.route("sendMessage", "src/sendMessage.handler", {
  auth: {
    iam: true
  }
});

Customize the route handler.

api.route("sendMessage", {
  handler: "src/sendMessage.handler",
  memory: "2048 MB"
});

Or pass in the ARN of an existing Lambda function.

api.route("sendMessage", "arn:aws:lambda:us-east-1:123456789012:function:my-function");

ApiGatewayWebSocketAuthorizerArgs

jwt?

Type Input<Object>

audiences
identitySource?
issuer

Create a JWT or JSON Web Token authorizer that can be used by the routes.

Configure JWT auth.

{
  jwt: {
    issuer: "https://issuer.com/",
    audiences: ["https://api.example.com"],
    identitySource: "$request.header.AccessToken"
  }
}

You can also use Cognito as the identity provider.

{
  jwt: {
    audiences: [userPoolClient.id],
    issuer: $interpolate`https://cognito-idp.${aws.getArnOutput(userPool).region}.amazonaws.com/${userPool.id}`,
  }
}

Where userPool and userPoolClient are:

const userPool = new aws.cognito.UserPool();
const userPoolClient = new aws.cognito.UserPoolClient();

jwt.audiences

Type Input<Input<string>[]>

List of the intended recipients of the JWT. A valid JWT must provide an aud that matches at least one entry in this list.

jwt.identitySource?

Type Input<string>

Default “route.request.header.Authorization”

Specifies where to extract the JWT from the request.

jwt.issuer

Type Input<string>

Base domain of the identity provider that issues JSON Web Tokens.

{
  issuer: "https://issuer.com/"
}

lambda?

Type Input<Object>

function
identitySources?
payload?
response?

Create a Lambda authorizer that can be used by the routes.

Configure Lambda auth.

{
  lambda: {
    function: "src/authorizer.index"
  }
}

lambda.function

Type Input<string | FunctionArgs>

The Lambda authorizer function. Takes the handler path or the function args.

Add a simple authorizer.

{
  function: "src/authorizer.index"
}

Customize the authorizer handler.

{
  function: {
    handler: "src/authorizer.index",
    memory: "2048 MB"
  }
}

lambda.identitySources?

Type Input<Input<string>[]>

Default [“route.request.header.Authorization”]

Specifies where to extract the identity from.

{
  identitySources: ["$request.header.RequestToken"]
}

lambda.payload?

Type Input<“1.0” | “2.0”>

Default “2.0”

The JWT payload version.

{
  payload: "2.0"
}

lambda.response?

Type Input<“simple” | “iam”>

Default “simple”

The response type.

{
  response: "iam"
}

transform?

Type Object

authorizer?

Transform how this component creates its underlying resources.

transform.authorizer?

Type AuthorizerArgs | (args: AuthorizerArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway authorizer resource.

ApiGatewayWebSocketRouteArgs

auth?

Type Input<false | Object>

iam?
jwt? Input<Object>
- authorizer
- scopes?
lambda?

Enable auth for your WebSocket API. By default, auth is disabled.

{
  auth: {
    iam: true
  }
}

auth.iam?

Type Input<boolean>

Enable IAM authorization for a given API route. When IAM auth is enabled, clients need to use Signature Version 4 to sign their requests with their AWS credentials.

auth.jwt?

Type Input<Object>

Enable JWT or JSON Web Token authorization for a given API route. When JWT auth is enabled, clients need to include a valid JWT in their requests.

You can configure JWT auth.

{
  auth: {
    jwt: {
      authorizer: myAuthorizer.id,
      scopes: ["read:profile", "write:profile"]
    }
  }
}

Where myAuthorizer is created by calling the addAuthorizer method.

{
  auth: {
    lambda: myAuthorizer.id
  }
}

Where myAuthorizer is created by calling the addAuthorizer method.

transform?

Type Object

integration?
route?

Transform how this component creates its underlying resources.

transform.integration?

Type IntegrationArgs | (args: IntegrationArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway WebSocket API integration resource.

transform.route?

Type RouteArgs | (args: RouteArgs, opts: ComponentResourceOptions, name: string) => void

Transform the API Gateway WebSocket API route resource.