Swishing API Router
Shared edge Lambda that fronts every per-tenant Swishing backend. The router reads X-Tenant-Id from the incoming request, looks up TenantDirectory[PK=TENANT#<id>, SK=ROUTING] in DynamoDB, and proxies the request to that tenant's backend_base_url.
CORS preflight (OPTIONS *) is handled inline and short-circuits with a 204 plus the configured CORS headers — it is not modelled as a per-path operation here. Requests other than /__router_ping and /tenant-config are forwarded verbatim to the tenant backend; Authorization is promoted from the sw_access / sw_id cookies when missing, and X-Tenant-Id is preserved end-to-end.
This document is internal architecture documentation, not a customer-facing API. The actual response shape for proxied paths is defined by the per-tenant backend — see the swishing-game-backend spec for the downstream contract.
Authentication
- HTTP: Bearer Auth
Cognito-issued access or ID token. The router itself does not validate the token — it only promotes the cookie-form into an Authorization header. Token validation is performed by the downstream tenant backend.
Security Scheme Type: | http |
|---|---|
HTTP Authorization Scheme: | bearer |
Bearer format: | JWT |