AWS Cloudfront returning Missing Key-Pair-Id query parameter or cookie value

Question

I have the code that returns the Cloud Front Signed Cookie Values.

CookiesForCustomPolicy signedCookiesUrl = AmazonCloudFrontCookieSigner.GetCookiesForCustomPolicy("https://example.cloudfront.net/movies/nature.mp4", new StreamReader(File.OpenRead(Path.Combine(AppContext.BaseDirectory, "pk-2.pem"))),"APKEXAMPLEKEYID", DateTime.Now.AddDays(10), DateTime.Now, null);

I use the returned values to request the object, however returns the

<Error>
<Code>MissingKey</Code>
<Message>
Missing Key-Pair-Id query parameter or cookie value
</Message>
</Error>. 

I test this through the PostMan tool putting the headers and direct request through Chrome browser and still getting the same error.

I have use the correct Cloudfront Key Pair and correct resource URL. My objects are private and cloudfront have access to it. Is there any thing else that i need to work on to get this working?

Answer 1

When we use PUBLIC_KEY and PRIVATE_KEY then we get Key-Pair-Id missing. We should use Access Key Id instead of PUBLIC_KEY then it will work perfectly.

Answer 2

Add Header Key Pair

These aren't raw headers, they're cookies. Although I don't use postman, it sounds like this is your issue:

Based on what you've said, you wouldn't add them like this:

[CloudFront-Key-Pair-Id, APKEXAMPLEQQ]

Instead it should look more like this:

[Cookie, CloudFront-Key-Pair-Id=APKEXAMPLEQQ]

Answer 3

Here is the example for Signed URL in C#.

http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CreateSignatureInCSharp.html

When you return the signed keys, you can return with query string parameter or Cookies.

You can return cookies to API Gateway in two ways, Do with ANY Integration and return the headers as it is.

If you do any other method, you need to return json data and map json data to headers in API Gateway.

http://docs.aws.amazon.com/apigateway/latest/developerguide/request-response-data-mappings.html#mapping-response-parameters

Hope it helps.