0 votes
1 view
in AWS by (19.2k points)

I couldn't find any documentation that showed how to do this so I tried my best to figure it out (is this not a common use case)? I've set up my resource to use IAM authentication, set up CORS, etc. Then I deployed it and downloaded the generated the SDK. 

On the client-side, I'm using the credentials from AWS.CognitoIdentityCredentials with apigClientFactory.newClient. When I try to post to my resource, I get a 403 error response with nobody. 

The response headers contain: x-amz-ErrorType: UnrecognizedClientException 

Could this error possibly be coming from some other AWS service (do they bubble up like that)? If so, how can I tell which one? What else might be causing the error?

The code I'm using test client-side looks like this: 

function onFacebookLogin(fbtoken) {

  // get cognito credentials

  AWS.config.credentials = new AWS.CognitoIdentityCredentials({

    IdentityPoolId: 'us-east-1:abcd6789-1234-567a-b123-12ab34cd56ef',

    Logins: {'graph.facebook.com': fbtoken}


  AWS.config.credentials.get(function(err) {

    if (err) {return console.error('Credentials error: ', err);}


    /* I'm assuming that this is what I use for accessKey and secretKey */

    var credentials = AWS.config.credentials;

    apigClient = apigClientFactory.newClient({

      accessKey: credentials.accessKeyId,

      secretKey: credentials.secretAccessKey




1 Answer

0 votes
by (44.6k points)

You should set the sessionToken field with access key and secret key. Try this example:

var client = apigClientFactory.newClient({ 

    accessKey: ACCESS_KEY, 

    secretKey: SECRET_KEY, 

    sessionToken: SESSION_TOKEN 


Welcome to Intellipaat Community. Get your technical queries answered by top developers !