TestInvokeAuthorizer - Amazon IoT
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Tests a custom authorization behavior by invoking a specified custom authorizer. Use this to test and debug the custom authorization behavior of devices that connect to the Amazon IoT device gateway.

Requires permission to access the TestInvokeAuthorizer action.

Request Syntax

POST /authorizer/authorizerName/test HTTP/1.1 Content-type: application/json { "httpContext": { "headers": { "string" : "string" }, "queryString": "string" }, "mqttContext": { "clientId": "string", "password": blob, "username": "string" }, "tlsContext": { "serverName": "string" }, "token": "string", "tokenSignature": "string" }

URI Request Parameters

The request uses the following URI parameters.


The custom authorizer name.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w=,@-]+

Required: Yes

Request Body

The request accepts the following data in JSON format.


Specifies a test HTTP authorization request.

Type: HttpContext object

Required: No


Specifies a test MQTT authorization request.

Type: MqttContext object

Required: No


Specifies a test TLS authorization request.

Type: TlsContext object

Required: No


The token returned by your custom authentication service.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 6144.

Pattern: [\s\S]*

Required: No


The signature made with the token and your custom authentication service's private key. This value must be Base-64-encoded.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2560.

Pattern: [A-Za-z0-9+/]+={0,2}

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "disconnectAfterInSeconds": number, "isAuthenticated": boolean, "policyDocuments": [ "string" ], "principalId": "string", "refreshAfterInSeconds": number }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The number of seconds after which the connection is terminated.

Type: Integer


True if the token is authenticated, otherwise false.

Type: Boolean


IAM policy documents.

Type: Array of strings

Length Constraints: Minimum length of 0. Maximum length of 404600.

Pattern: [\s\S]*


The principal ID.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [a-zA-Z0-9]+


The number of seconds after which the temporary credentials are refreshed.

Type: Integer



An unexpected error has occurred.

HTTP Status Code: 500


The request is not valid.

HTTP Status Code: 400


The response is invalid.

HTTP Status Code: 400


The specified resource does not exist.

HTTP Status Code: 404


The service is temporarily unavailable.

HTTP Status Code: 503


The rate exceeds the limit.

HTTP Status Code: 400


You are not authorized to perform this operation.

HTTP Status Code: 401

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: