Gateway API will not charge you for unauthenticated requests, however, you will be charged with Lambda for a call to the authorizer.
The Gateway API offers the goal of mitigating this problem in the form of an authentication authentication expression on the authorizer, which is just a regular expression that maps to the header of the incoming authentication source.
In addition, you can simply implement some kind of negative cache or check yourself in the Authorizer function to minimize milliseconds with an invoice.
source
share