diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts
index 2e60cbdd7b547..8b5b5c6d3fc43 100644
--- a/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts
+++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers/lib/websocket/lambda.ts
@@ -28,7 +28,11 @@ export interface WebSocketLambdaAuthorizerProps {
   /**
    * The identity source for which authorization is requested.
    *
-   * @default ['$request.header.Authorization']
+   * Request parameter match `'route.request.querystring|header.[a-zA-z0-9._-]+'`.
+   * Staged variable match `'stageVariables.[a-zA-Z0-9._-]+'`.
+   * Context parameter match `'context.[a-zA-Z0-9._-]+'`.
+   *
+   * @default ['route.request.header.Authorization']
    */
   readonly identitySource?: string[];
 }
@@ -56,7 +60,7 @@ export class WebSocketLambdaAuthorizer implements IWebSocketRouteAuthorizer {
       this.authorizer = new WebSocketAuthorizer(options.scope, this.id, {
         webSocketApi: options.route.webSocketApi,
         identitySource: this.props.identitySource ?? [
-          '$request.header.Authorization',
+          'route.request.header.Authorization',
         ],
         type: WebSocketAuthorizerType.LAMBDA,
         authorizerName: this.props.authorizerName ?? this.id,
diff --git a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts
index c171247801911..8a62d5731ac58 100644
--- a/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts
+++ b/packages/@aws-cdk/aws-apigatewayv2-authorizers/test/websocket/lambda.test.ts
@@ -35,7 +35,7 @@ describe('WebSocketLambdaAuthorizer', () => {
       Name: 'default-authorizer',
       AuthorizerType: 'REQUEST',
       IdentitySource: [
-        '$request.header.Authorization',
+        'route.request.header.Authorization',
       ],
     });