I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty

A security researcher found they could bypass AWS API Gateway authentication simply by adding a trailing slash to the URL, earning a $12,000 bug bounty. The vulnerability exploited how API Gateway handled route matching differently when a slash was appended, allowing unauthorized access to protected endpoints.