With AWS API Gateway one can secure the in multiple ways.
Private APIs
Private APIs are using the API Keys and Usage Plan. This is typically used when you don't have a direct user who is interacting with the APIs and instead it is meant for programmatic access.