We have a security requirement when using AWS API Gateway that requires any incoming POST requests to include a custom header and a secure key.
The use-case is for when Adobe Launch sends POSTs for Callbacks whenever a rule is created for example.
See Creating Adobe Launch Callbacks docs here:
We might not get off the ground without the requirement met. I'm open to other ideas on how we could secure the exposed endpoint. Whitelisting Adobe's IP is part of that requirement as well.