By default your API Gateway endpoints are not secured so anyone with the link can access it. In a real world scenario you would want to secure them so your users first need to authenticate and provide a token so they can be authorized.
One of the services you could use for managing your users and the sign-up/sign-in flows is Amazon Cognito. In this video I am going to show you how to set up this whole flow, creating a User Pool, signing up and signing in users, then getting the id_token and provide this to the API Gateway, in the Authorization header.
Also we’re going to setup the Cognito Authorizer in API Gateway which will handle this authorization flow.
So here’s the full step by step walkthrough: