AWS API Gateway provides us to develop our own RESTful APIs and trigger AWS Lambda functions upon HTTP requests. I often use this architecture in my serverless applications and developed many APIs for my clients. With the help of API Keys and Usage Plans, we can define maximum request quotas and manage request rates while sharing our API with others.
Although API keys can never be considered as a full security measure as we often store these keys in client applications calling the API, usage plans can provide us to limit the API access and be sure that usage does not exceed tresholds we define. Read more at Controlling API Usage with API Keys and Usage Plans on AWS API Gateway post.