The request signature we calculated does not match AMAZON AWS PHP

Question

I have looked at most samples of code based on this issue on stack overflow but I still cant get the request to work. I keep getting this error:

<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

Here is my code:

$access_key = "ACCESS_KEY";
$associateTag = "AOSSOCIATE_TAG";
$secretkey = "SECRET_KEY";
$keywords = "harry%20potter";
$timestamp = gmdate("Y-m-d\TH:i:s\Z");
$operation = "AWSECommerceService";

function createSignature($operation,$timestamp,$secretkey){
    $the_string=$operation.$timestamp;  
    return base64_encode(hash_hmac("sha256",$the_string,$secretkey,true));
}

$signature = createSignature ($operation,$timestamp,$secretkey);

$APIcall = 
"http://ecs.amazonaws.com/onca/xml?".
"AWSAccessKeyId=$access_key&".
"AssociateTag=$associateTag&".
"BrowseNode=1000&".
"ItemPage=1&".
"Keywords=$keywords&".
"Operation=ItemSearch&".
"ResponseGroup=Medium&".
"SearchIndex=Books&".
"Service=AWSECommerceService&".
"Timestamp=$timestamp&".
"Version=2011-08-01&".
"Signature=$signature";

$response = simplexml_load_file($APIcall);

Can anyone help?

Answer 1

When I typed in my credentials by hand, I got the same error a couple of times.

Then I tried Console for Windows so I could copy/paste my credentials. This removed the error message. Either I sucked at typing, or sucked at reading.

Long story short: Don't type by hand, copy and past credentials to avoid typos.

EDIT: My problem was when trying to add my credentials via EB CLIx3.

Answer 2

I had this issue long time and it worked for me with this code :

require_once 'Crypt/HMAC.php';
require_once 'HTTP/Request.php';

$keyId = "adasdasd";
$secretKey = "asdasdasdasdasd+";

function hex2b64($str) {
    $raw = '';
    for ($i=0; $i < strlen($str); $i+=2) {
    $raw .= chr(hexdec(substr($str, $i, 2)));
    }
    return base64_encode($raw);
}

function constructSig($str) {
    global $secretKey;
    $str = utf8_encode($str);   
    $secretKey = utf8_encode($secretKey);   
    $hasher =& new Crypt_HMAC($secretKey, "sha1");
    $signature = hex2b64($hasher->hash($str));      
    return ($signature);
} 


 $expire = time()+1000;
 $resource = "/demo/files/clouds.jpg";
 $date = gmdate("D, d M Y G:i:s T");
 $mime = "image/jpeg";

 $stringToSign = "PUT\n";
 $stringToSign .= "\n";
 $stringToSign .= "$mime\n"; 
 $stringToSign .= "$date\n";
 $stringToSign .= $resource;
 $req =& new HTTP_Request("http://nameofmine.s3.amazonaws.com/files/clouds.jpg");
 $req->setMethod("PUT"); 
 $req->addHeader("Date",$date);
 $req->addHeader("Authorization", "AWS " . $keyId . ":" . constructSig($stringToSign));
 $req->addHeader("Content-Type",$mime);  
 $req->setBody(file_get_contents($file_path));
 $req->sendRequest();
 $responseCode = $req->getResponseCode();
 $responseString = $req->getResponseBody();
 echo $responseCode;

As you see you have to use Crypto, HTTP pear plugins

Answer 3

The function seems ok (it is the same as the one used in amazon AWS SDK) so make sure that there is no whitespace in front or after the copied key.