Call API in postman using AWS Signature Authorization got "The request signature we calculated does not match the signature you provided" error
Hi, I am trying to call API via Postman using AWS Signature Authorization, and I created an IAM Role with AmazonAPIGatewayInvokeFullAccess, and generated an Access Key using all options of Access key best practices & alternatives, and called API in Postman, but the below error is generated
{
"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'POST
/prod/file-upload
host:jpp6omacs5.execute-api.us-east-1.amazonaws.com
x-amz-date: 20230501T124815Z
host;x-amz-date
f3b2f1ab947b58f3a6c60046f6e44f0eaefb5e49641a843f2974aa64cdda92fc'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20230501T124815Z
20230501/us-east-1/execute-api/aws4_request
5274a97432ad890e9ee018c8c1a3ef42f37f200bb5d3da38e21ee967ae3b2ef3'
"}
When generating the access key I used all the 6 options given below because there is no API option there, but still results in the same error,
To API, I have given authorization as
I have followed this tutorial to implement IAM authentication for API, https://youtu.be/KXyATZctkmQ
- Newest
- Most votes
- Most comments
The following document is from AWS CLI troubleshooting, but I think it is close to your error.
That error may occur if the access key or secret access key contains special characters.
The workaround is as described in the documentation, but please re-issue the access key and secret access key and make sure they do not contain any special characters.
https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html#tshoot-signature-does-not-match
Possible cause: Your operating system is mishandling AWS keys that contain certain special characters If your AWS keys include certain special characters, such as -, +, /, or %, some operating system variants process the string improperly and cause the key string to be interpreted incorrectly.
If you process your keys using other tools or scripts, such as tools that build the credentials file on a new instance as part of its creation, those tools and scripts might have their own handling of special characters that causes them to be transformed into something that AWS no longer recognizes.
We suggest regenerating the secret key to get one that does not include the special character causing issues.
You can also find this information in the Issues section of GitHub.
https://github.com/aws/aws-cli/issues/602
Please check the following points.
- Incorrect AWS Access Key or Secret Key - Double-check that you have copied the correct access key and secret key into Postman. Make sure that there are no extra spaces or characters.
- Incorrect AWS Region - Check that you have specified the correct AWS Region in Postman. The region should match the region of the API Gateway that you are trying to call.
- Incorrect Date/Time - Make sure that the date and time in the x-amz-date header of your request matches the current date and time in the correct format (YYYYMMDDTHHMMSSZ).
- Incorrect Authorization Header - Verify that the Authorization header in your request contains the correct AWS signature. The header should start with "AWS4-HMAC-SHA256" and include the credential scope, signed headers, and the signature.
- Incorrect Request Parameters - Ensure that the request parameters are correct, including the HTTP method, path, and query string. The Canonical Request and String-to-Sign should match the actual request you are sending.
Hi, I have tried all the steps you provided but still results in the same error.
Did anyone find a solution to this issue? I am also facing the same.
Relevant content
- asked 2 years ago
AWS OFFICIALUpdated a year ago
Hi, I have generated an access key without special characters, and gone through links provided, but still results in the same error.