AWS Security ChangesHomeSearch

AWS apigateway documentation change

Service: apigateway · 2025-08-22 · Documentation low

File: apigateway/latest/developerguide/permissions.md

Summary

Added documentation for SigV4a authentication support

Security assessment

Expanded authentication documentation to include SigV4a, a security feature. Enhances clarity but doesn't address a vulnerability.

Diff

diff --git a/apigateway/latest/developerguide/permissions.md b/apigateway/latest/developerguide/permissions.md
index ca0520384..cd783b70a 100644
--- a//apigateway/latest/developerguide/permissions.md
+++ b//apigateway/latest/developerguide/permissions.md
@@ -47 +47 @@ For more information on how to use this permissions model, see [API Gateway iden
-To allow an API caller to invoke the API or refresh its caching, you must create IAM policies that permit a specified API caller to invoke the API method for which user authentication is enabled. The API developer sets the method's `authorizationType` property to `AWS_IAM` to require that the caller submit the user's credentials to be authenticated. Then, you attach the policy to a user, role, or group. 
+To allow an API caller to invoke the API or refresh its caching, you must create IAM policies that permit a specified API caller to invoke the API method for which user authentication is enabled. The API developer sets the method's `authorizationType` property to `AWS_IAM` to require that the caller submit the user's credentials to be authenticated. API Gateway supports Signature Version 4a (SigV4a) and Signature Version 4 (SigV4) to authenticate the user's credentials. For more information, see [AWS Signature Version 4](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_sigv.html). Then, you attach the policy to a user, role, or group.