This is a Bug Report

Description

Creating API Keys and marking endpoints as private does not actually enable those API keys to be used against any endpoints in API Gateway. Instead those endpoints just return 403 Forbidden, whether you provide an API key or not.

In order for API keys to work, you need to:

1. Create a usage plan (it does not have to have any throttling or quota)
2. Add your API and stage to the usage plan
3. Add your API key to the usage plan

I haven't got a proposal at present for how serverless could support usage plans, just informing that API keys do not currently work as specified in serverless documentation without extra manual work setting up the usage plan.

Similar or dependent issues:

• API Keys not working as expected #2058