What should a developer do to give customers the ability to invalidate the API cache?
Ask the customers to use AWS credentials to call the InvalidateCache API operation.
Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to send a request that contains the Cache-Control:max-age=0 HTTP header when they make an API call.
Ask the customers to use the AWS SDK API Gateway class to invoke the InvalidateCache API operation.
Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to add the INVALIDATE_CACHE query string parameter when they make an API call.
Explanations:
AWS credentials should not be given to customers to directly call AWS APIs like InvalidateCache. API Gateway does not provide direct access to customers for this operation.
Adding theCache-Control:max-age=0header is a way to invalidate the cache for specific requests. This option enables customers to refresh the cache without needing direct access to API Gateway operations.
The AWS SDK API Gateway class does not allow customers direct access to invalidate the API Gateway cache. Direct access to API operations is not intended for end-users.
There is no supported query parameterINVALIDATE_CACHEin API Gateway for cache invalidation. The method described in this option is not valid for invalidating the cache in API Gateway.
I classify that the answer is:
Attach an InvalidateCache policy to the IAM execution role that the customers use to invoke the API. Ask the customers to send a request that contains the Cache-Control:max-age=0 HTTP header when they make an API call.