Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Fullstack TypeScript

Write your app's data model, auth, storage, and functions in TypeScript; Amplify will do the rest.

Built with the AWS CDK

Use any cloud resource your app needs. Never worry about scale.

Back to Gen 1 DocsLearn more

Choose your framework/language

Edit on GitHub

Page updated May 2, 2024

Public data access

The public authorization strategy grants everyone access to the API, which is protected behind the scenes with an API key. You can also override the authorization provider to use an unauthenticated IAM role from Cognito instead of an API key for public access.

Add public authorization rule using API key-based authentication

To grant everyone access, use the .public() authorization strategy. Behind the scenes, the API will be protected with an API key.

amplify/data/resource.ts
const schema = a.schema({
  Todo: a
    .model({
      content: a.string(),
    })
    .authorization(allow => [allow.publicApiKey()]),
});

In your application, you can perform CRUD operations against the model using client.models.<model-name> by specifying the apiKey auth mode.

import { generateClient } from 'aws-amplify/data';
import type { Schema } from '../amplify/data/resource'; // Path to your backend resource definition


const client = generateClient<Schema>();


const { errors, data: newTodo } = await client.models.Todo.create(
  {
    content: 'My new todo',
  },
);

Add public authorization rule using Amazon Cognito identity pool's unauthenticated role

You can also override the authorization provider. In the example below, identityPool is specified as the provider which allows you to use an "Unauthenticated Role" from the Cognito identity pool for public access instead of an API key. Your Auth resources defined in amplify/auth/resource.ts generates scoped down IAM policies for the "Unauthenticated role" in the Cognito identity pool automatically.

amplify/data/resource.ts
const schema = a.schema({
  Todo: a
    .model({
      content: a.string(),
    })
    .authorization(allow => [allow.guest()]),
});

In your application, you can perform CRUD operations against the model using client.models.<model-name> with the identityPool auth mode.

If you're not using the auto-generated amplify_outputs.json file, then you must set the Amplify Library resource configuration's allowGuestAccess flag to true. This lets the Amplify Library use the unauthenticated role from your Cognito identity pool when your user isn't logged in.

Amplify configuration
src/App.tsx
import { Amplify } from "aws-amplify";
import outputs from "../amplify_outputs.json";


Amplify.configure(
  {
    ...outputs,
    Auth: {
      Cognito: {
        identityPoolId: config.aws_cognito_identity_pool_id,
        userPoolClientId: config.aws_user_pools_web_client_id,
        userPoolId: config.aws_user_pools_id,
        allowGuestAccess: true,
      },
    },
  }
);
src/App.tsx
import { generateClient } from 'aws-amplify/data';
import type { Schema } from '../amplify/data/resource'; // Path to your backend resource definition


const client = generateClient<Schema>();


const { errors, data: newTodo } = await client.models.Todo.create(
  {
    content: 'My new todo',
  },
);
NEXT
Per-user/per-owner data access
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2024, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.