You can now define and require OAuth2 scopes as part of the method-level authorization when using an Amazon Cognito Authorizer in Amazon API Gateway. This simplifies building APIs that support Cognito Oauth2 scopes by removing the need to create an AWS Lambda function that performs the authorization. A scope defines the level of access to a resource that an application has permission to. For example, if you have a resource server for storing photos, you could define two scopes: one for read access to the photos and one for write/delete access. You can require applications to request access to your APIs by including a token with one or more scopes embedded inside it. API Gateway will then use it to determine whether the API caller is authorized to access the API.