Proxy any request to the tenant backend

GET /:proxy

Catch-all operation. Every request other than GET /__router_ping, GET /tenant-config, and CORS preflight (OPTIONS *) is matched here, regardless of HTTP method. The router:

Reads X-Tenant-Id from the request headers (required — 400 otherwise).
Looks up TenantDirectory[PK=TENANT#<id>, SK=ROUTING] in DynamoDB and resolves the tenant's backend_base_url (cached 60s in-process).
Forwards the request to <backend_base_url><rawPath>?<rawQueryString>, preserving the method, body, X-Tenant-Id, and Authorization headers. If Authorization is absent, the router promotes the sw_access (or sw_id, when USE_ID_FOR_BACKEND=true) cookie into a Bearer header before forwarding.
Returns the upstream response status, body, and headers, with router-injected diagnostics (x-router-hit: true, x-router-tenant: <uuid>).

Response shape is determined by the downstream tenant backend — see the swishing-game-backend spec for the actual operation contracts. The schemas listed below cover only the router's own short-circuit error responses.

OpenAPI cannot model "any HTTP method on any path"; this entry uses GET /{proxy} as a representative shape. The same operation handles POST, PUT, PATCH, DELETE, etc., on arbitrarily nested paths.

Request

Responses

Upstream tenant backend response. Body and headers are passed through unchanged; see the downstream service spec for the real contract.

X-Tenant-Id header missing.

Tenant has no active ROUTING entry in TenantDirectory, or no backend_base_url is configured.

Upstream tenant backend errored or was unreachable. Body is the literal string Upstream error; the underlying error is logged to CloudWatch.

Proxy any request to the tenant backend

/:proxy

Request​

Responses​

Request

Responses