我正在使用AWS signV4签署调用AWS API Gateway的请求。 使用带有标头的请求不适合我的用例,因此主动使用已签名的URL和查询字符串。
我使用了AWS Sample Python样本,非常适合IAM用户创建。
在两种情况下都使用相同的访问密钥和密钥(IAM创建,API网关调用),因此它绝对不是错误访问密钥/密钥的问题。
我已添加了所有已记录的查询字符串,但仍然收到以下错误。
我在这里缺少什么?
以下是请求网址:
https://*******.execute-api.us-east-1.amazonaws.com/******?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=**********%2F20170424%2Fus-east-1%2Fexecute-api%2Faws4_request&X-Amz-Date=20170424T124521Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host&X-Amz-Signature=**********821742cee7661ef3a0ab1e5c
将它与execute-api服务一起使用时,我收到了以下错误:
{
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'GET\n/*******\nX-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=*********%2F20170424%2Fus-east-1%2Fexecute-api%2Faws4_request&X-Amz-Date=20170424T124521Z&X-Amz-Expires=60&X-Amz-SignedHeaders=host\nhost:*******.execute-api.us-east-1.amazonaws.com\n\nhost\n*********'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20170424T124521Z\n20170424/us-east-1/execute-api/aws4_request\n**********'\n"
}
我还使用以下示例检查了java实现:AWS Signer Java 但结果是一样的。
答案 0 :(得分:0)
SigV4 signing and this error message isn't anything specific to API Gateway itself. The signing algorithm and the verification at the AWS end is common for all AWS services.
Can you compare the canonical string that is in the error message and the one that you are generating while sending the request? That should help you identify the issue.
Also, go through the step-by-step explanation to see if you are doing everything right. One of the common issues is case-sensitivity of header names and the sorting order of parameters.