Signed URL with AWS ApiGateway
Question
I'm using AWS signV4 to sign requests for calling AWS API Gateway. Using Requests with headers are not suited for my use case hence the initiative to work with signed urls and query strings.
I had used AWS Sample Python sample that works great for IAM user creation.
the same Access Key and Secret are used in both cases (IAM Creation , API Gateway call) so its definitely not an issue of wrong access key / secret.
The main issue i see is that the signature i get is different than the one the API Gateway thinks i should send.
I've added all the documented query string but still get the below error.
What am i missing here?
Here is the request URL:
https://*******.execute-api.us-east-1.amazonaws.com/******?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=**********%2F20170424%2Fus-east-1%2Fexecute-api%2Faws4_request&X-Amz-Date=20170424T124521Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host&X-Amz-Signature=**********821742cee7661ef3a0ab1e5c
While using it with the execute-api service i had received the following error :
{
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'GET\n/*******\nX-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=*********%2F20170424%2Fus-east-1%2Fexecute-api%2Faws4_request&X-Amz-Date=20170424T124521Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host\nhost:*******.execute-api.us-east-1.amazonaws.com\n\nhost\n*********'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20170424T124521Z\n20170424/us-east-1/execute-api/aws4_request\n**********'\n"
}
I've Checked also the java implementation using the samples from : AWS Signer Java but the results were the same.
1 answers
solution1
0 ACCPTED 2017-04-24 17:20:26
SigV4 signing and this error message isn't anything specific to API Gateway itself. The signing algorithm and the verification at the AWS end is common for all AWS services.
Can you compare the canonical string that is in the error message and the one that you are generating while sending the request? That should help you identify the issue.
Also, go through the step-by-step explanation to see if you are doing everything right. One of the common issues is case-sensitivity of header names and the sorting order of parameters.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.