I have not had time to implement it yet, but when I do this, I will also post the code here. It is a pity that I lost 50 reps for generosity :(
If I implement AWS Cognito authentication on my api, do I still need an API key? Or should I use both? API for authenticating my mobile phone as a valid user for the system and AWS Cognito for authenticating my user? Or am I getting some kind of token?
Using Cognito Federated Identities will generate IAM credentials (access key, secret key, session token) that are tied to the IAM role, so this means you have to use IAM Auth on API Gateway.
You cannot use more than one Auth type in the same API method.
I assume AWS authentication comes from the AWS SDK, can I still use facebook authentication? For example, I can get custom images / albums / like / etc. Or do I need to use the Facebook SDK for this, if so I use the facebook SDK interface at the API level or mobile application (xamarin)
Yes, you can still use Facebook authentication. You will need to use the SDK for Facebook. The AWS SDK and Cognito just use Facebook to make sure the user is right. As for where you will use the SDK for Facebook, it will depend on your own architecture of your application. Although, as it seems to me, it is most often used at the client (mobile) level.
To actually use and encode Cognito, you must first create an identity pool. While you are creating the pool, depending on your use case, you can leave the checkbox next to “Enable access to unauthenticated identities”. This is only if you want guest users in your application to be able to use your APIs. But if you just want users who are logged in via Facebook to be disconnected.
Then, in the "Authentication Providers" section, add your Facebook ID on the Facebook tab. Here is the documentation on how to create a pool for more information: http://docs.aws.amazon.com/cognito/latest/developerguide/getting-started-with-identity-pools.html#create-identity-pool
Then, to encode this in your application, these two pieces of documentation are used together.
1) First you need to set up the credential object, and then, after logging in via Facebook and receiving the token, you add addLogin to add the token to Cognito.
2) Then you use the credential object to pass the credentials to the API gateway.
http://docs.aws.amazon.com/cognito/latest/developerguide/getting-credentials.html#getting-credentials-1.xamarin http://docs.aws.amazon.com/cognito/latest/developerguide/facebook .html
To use IAM Auth with the Gateway API, you will need to do something known as SigV4.
Since the Gateway API does not have a generated SDK for dotNet / C #, you will have to do this manually.
This documentation discusses examples of signature requests. Examples in Python, unfortunately, we have no examples in C #, but it gives you the logic needed to complete.
http://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html