A sample use case of sending a message to an API protected by AWS Cognito.

cognito-auth.js

function ajax(method, url, data, callback) {
    var req = new XMLHttpRequest();
    req.open(method, url);

    req.addEventListener("load", function () {
        if (req.status >= 200 && req.status < 400) {
            callback();
        } else {
            console.error(req.status + " " + req.statusText + " " + url);
        }
    });

    req.addEventListener("error", function () {
        console.error("URL " + url + " unreachable.");
    });

    req.setRequestHeader("Content-Type", "application/json");
    data = JSON.stringify(data);
    req.send(data);
}

function apiClient(httpMethod){
    var formData = new FormData(form);

    var authData = {
        Username : formData.get('username'),
        Password : formData.get('password'),
    };
    var authDetails = new AWSCognito.CognitoIdentityServiceProvider.AuthenticationDetails(authData);

    var poolData = {
        UserPoolId : 'us-east-1_rXXXXX',
        ClientId : 'YYtuXXXXdkhc85XXXXXXX'
    };
    var userPool = new AWSCognito.CognitoIdentityServiceProvider.CognitoUserPool(poolData);

    var userData = {
        Username : formData.get('username'),
        Pool : userPool,
    };
    var cognitoUser = new AWSCognito.CognitoIdentityServiceProvider.CognitoUser(userData);

    cognitoUser.authenticateUser(authDetails, {
        onSuccess: function(result) {

            var idToken = result.getIdToken().getJwtToken();

            var data = {
             'Username': formData.get('username'),
             'Message': formData.get('message'),
             'Id-token': idToken,
             };

            AWS.config.credentials = new AWS.CognitoIdentityCredentials({
                IdentityPoolId : 'us-east-1_XXXX',
                Logins : {
                    'cognito-idp.us-east-1.amazonaws.com/us-east-1_XXXX' : idToken
                }
            });
            
            ajax(
                httpMethod,
                "https://XXXXX-XXXXX.execute-api.us-east-1.amazonaws.com/prod",
                data,
                function(){
                    alert("Message sent!");
                }
            )

        },

        onFailure: function(err) {
            alert(err);
        },

        newPasswordRequired: function(userAttributes, requiredAttributes) {
            cognitoUser.completeNewPasswordChallenge(
                prompt("First connexion. Please, choose new password: "))
        }
    }); 
} 

var form = document.querySelector("form");

form.addEventListener("submit", function(e){
    e.preventDefault();

    apiClient('POST');
})

cognito.html

<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>Test Cognito</title>
</head>
<body>
  <form>
    <h1>Message form</h1>
    <p>
      <label for="username">Username</label> :
      <input type="text" name="username" id="username" required>
    </p>
    <p>
      <label for="password">Password</label> :
      <input type="password" name="password" id="password" required>
    </p>
    <p>
      <label for="message">Message</label> :
      <textarea type="textarea" name="message" id="message" required></textarea>
    </p>
    <input type="submit" value="Send new">
    <input type="button" id="button-edit" value="Edit existing">
    <input type="reset" value="Reset">
  </form>

  <script src="[PATH]/aws-cognito-sdk.min.js"></script>
  <script src="[PATH]/amazon-cognito-identity.min.js"></script>
  <script src="[PATH]/aws-sdk.min.js"></script>
  <script src="[PATH]/cognito-auth.js"></script>
</body>
</html>