api.openapi.yml

openapi: '3.0.1'
info:
  version: '1'
  title: !Ref AWS::StackName

x-default-request: &request
  security:
    Fn::If:
      - HasAuthorizer
      - [basic: []]
      - []
  responses:
    200:
      description: "200 response"
      content: {}
  x-amazon-apigateway-integration:
    responses:
      default:
        statusCode: 200
    uri: !Sub arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${ApiFunction.Arn}/invocations
    passthroughBehavior: when_no_match
    httpMethod: POST
    type: aws_proxy

x-amazon-apigateway-gateway-responses:
  UNAUTHORIZED:
    statusCode: 401
    responseParameters:
      gatewayresponse.header.WWW-Authenticate: "'Basic'"
    responseTemplates:
      application/json:
        Fn::Stringify:
          errors:
            - code: UNAUTHORIZED

paths:
  /:
    get:
      <<: *request
      x-amazon-apigateway-integration:
        responses:
          default:
            statusCode: 200
        passthroughBehavior: when_no_match
        requestTemplates:
          application/json: "{\"statusCode\": 200}"
        type: mock

  /{proxy+}:
    get:
      <<: *request
    head:
      <<: *request

components:
  securitySchemes:
    Fn::If:
      - HasAuthorizer
      - basic:
          type: apiKey
          name: Authorization
          in: header
          x-amazon-apigateway-authtype: custom
          x-amazon-apigateway-authorizer:
            authorizerUri:
              Fn::Sub:
                - arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${AuthorizerLambdaArn}/invocations
                - AuthorizerLambdaArn: !If [ HasCustomAuthorizer, !Ref AuthCustomLambdaArn, !GetAtt AuthorizerFunction.Arn ]
            authorizerResultTtlInSeconds: 300
            type: token
      - !Ref AWS::NoValue