Cognito and JWT Authorizer: Only Logged-In Users Can Create Links
Add real users with Amazon Cognito. Stand up a user pool that issues JWTs, attach the HTTP API's JWT authorizer to protect the create-link route while the open-link route stays public, and have the handler read the user identity from a claim in the token instead of hard-coding it. Create a real user, get a real token, call the API with and without a token to see the boundary.