Glad it was helpful!

Glad you like them!

Yes, there are quite a few small changes to v3 which make some of my older videos out of date. Unfortunately I can't update existing videos.

Thanks for pointing this out. I just ran into the issue with apiKeys as I was working through this video. For anyone who wants to see the differences in order to troubleshoot the migration from v2 to v3, they are documented at the serverless.com site: www.serverless.com/framework/docs/guides/upgrading-v3 Also, thanks Sam for putting these videos together! I have been finding them to be well done, concise and still mostly correct despite the passage of 2-3 years by this point.

@@desdemicocinaconamor Thanks Michael. With Tech moving so fast it is often hard to make content that lasts more than a year

@michael dichirico that was helpful. Thank you:)

Happy to help!

Thank you very much!

Always happy when someone enjoys a video

Thanks! Im, really glad you've found them helpful. Are there any other topics that you would like me to cover?

@@CompleteCoding redirects would be good. I'm having difficulty working this out. I want to perform a "success" redirect once a form has been sucessfully submitted.

​@@programmusicuk If you're building your application in JavaScript (react, vue or html with a JS file) then you need to wait for the response of the form submission. If it succeeds then you can render a different view or redirect the user to a new page using JS

@@CompleteCoding Hi Sam, thanks for the great tutorials! Is it possible to add tutorial how to connect websockets and REST APIs with Cognito user pools and provide authenticated and authorized access to Lambdas? Also Federated access example through Google/Facebook will be very appreciated.

Glad you liked it!

Thanks Niels! Glad you liked the video

Thank you! Cheers!

Since publishing this video I've actually moved away from the built in API keys and would use another authentication method. If you like the process of API keys then have a Dynamo Table that you store the API key and any other data you might want (remaining capacity, what they have access to). Then you can add a Lambda Authoriser to check the API exists and has the properties needed (access to the requested resources). You could also use another auth method like Cognito. This works really well when users are accessing your systems through a website. They sign up and you create them a user. You can then just use that cognito user pool as the authenitcation method for the Lambdas.

@@CompleteCoding 👍

Glad you like it!

My pleasure :)

@@CompleteCoding i am working on ses send mail its causing internal server error

There are multiple ways to debug code. You can run it locally (serverless offline), put console.logs in and see how far it gets, wrap you code in a try/catch and see the error. I've got a video on running aws locally with serverless offline

Most welcome!

Nice work! Shows that it will do what it needs to when using it for real

The next video I'm doing is on authorisers and how you can write Lambdas to validate things such as api keys. You can then store api keys in dynamo so you can easily add more customers.

@@CompleteCoding Thanks for the lessons. I will be waiting for this video.

@@CompleteCoding have u uploaded this video. i want to watch it

@@praisegodce9259 kzfaq.info/get/bejne/aL1dl8demNOZpWw.html

@@CodeWithEasyFaris kzfaq.info/get/bejne/aL1dl8demNOZpWw.html

With API keys if someone uses the app then they will be able to see the API key used (by looking at the requests in dev tools) and then use that themselves. You can pair this with CORS settings so you have a whitelist of web URLs that are able to make requests to your APIs. Even with this, if someone really wanted to then they could still access your urls but it would be a lot more effort. Making it truly secure would need something involving a login which generates a temporary access token which is needed on every request.

If I needed to do that, I would move the API keys into a database table. I would then add a task which went through that table and updated the API key for each user. This would be triggered once the deployment completed. If you do this you may also want to do something like send the new API key to the user by SES?

@@CompleteCoding thanks for the answer, that would be a great idea as well creating a topic and publishing it a new api for any amount of time

@@CompleteCoding but now I wonder I have an user pool group which contains federated entity for unauthenticated user, what is better an api key or that federated one for only GET requests?

@@andresm9051 That massively depends on the use case and the end user. If they're capable of dealing with tokens, refresh tokens and everything that comes with cognito then its less work for you and is a properly security tested solution. If they might be less technical then just giving them an API key might be easier.

@@CompleteCoding Thank you, I'm using cognito that will handle everything related to tokens as you mentioned then is not neeeded to use api keys only use IAM polixies to restrict access to resources

Yes, the api key will need to be sent as part of the headers which is viewable in dev tools.

I wouldn't use API keys for general user access. You might use it for connecting to a system that doesn't have a more advanced login mechnaism

You usually get a 401 response for unauthorised requests. 403 normally means you're either hitting an endpoint that doesn't exist, or you're doing a get request to a post endpoint

I think this video came out before http API existed :p

My mistake!@@CompleteCoding

You can create an output from the serverless file which you can then import into another serverless project. Here's an article about creating exports www.serverless.com/blog/outputs-and-secrets

Yes, the apiKeys property has apparently moved with v3 of serverless. I've not used API Keys with v3 yet so I don't know where the right place is

This video was done with Serverless Framework V2. There is a new v3 which works slightly differently

You should still be able to use http, that just creates a Rest API over a http API. This isn't related to JS at all, that is just the language I have chosen to use in these videos. The JS code still runs, it is the serverless configuration that is changing. If you'd built a Python API with Serverless, you would still have to choose between http and httpApi.

Thank you for your reply. Perhaps I did not explain clearly, or maybe there is some error in my understanding. In the video titled "Creating an API with Serverless" you mention (in reply to a commenter who has posted some updated code) that serverless v2 has introduced some breaking changes to your video. If you carry these changes forward, this video does not work with current serverless. The yaml file I start off with at the beginning of this video is already different to what you have due to this change. Here is my yaml file: gist.github.com/AbrahamSalloum/5cd3ebb6a571eb056b7031b85625619a. The error is related to an unknow keyword (I cant remember exactly, will redo later and see) Thanks for the video series.

@@AbrahamSalloum I think that I was wrong in that original comment. Using an event type of "http" still works (I just checked). Also the difference between http and httpApi should be minimal

@@CompleteCoding Thanks. I originally changed from 'http' to 'httpApi' because I was getting an 'internal server error' but I now think it was because the status/statusCode keyword changed in API_Responses.js. statusCode works for http, and status works for httpApi, so I went down the wrong rabbit hole. Incidentally, when I try to use httpApi, I get the warning: "at 'functions.getUser.events[0].httpApi': unrecognized property 'private'" I think it wants me to set up tokens instead. Thanks for your help.

@@AbrahamSalloum Great that you found a solution and figured out that response code differences :)