CODEWITHSUNDEEP
amazon-web-serviceshttprequestsignature
woodpav
woodpav

Reputation: 2027

Invalid signature when requesting AWS with colon (:) in the URL

I am making a request to AWS: POST https://myapi.com/users/us-west-2:123

It works fine if I drop the us-west-2: but including that generates 

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method.

It seems the cause of this is the : because it needs to be URL encoded. Generating the signature with the encoded uri generates the same error! 

POST https://myapi.com/users/us-west-2%3A123

What is happening? My signature generator uses

{
  "path": "/users/us-west-2%3A123",
  "headers": {
    "X-Amz-Date": timestamp,
    "host": "myapi.com",
  },
  "body": "",
}

I use this generated to make a POST request to https://myapi.com/users/us-west-2%3A123 with no body.

Upvotes: 2

Views: 2075

Answers (2)

Måns Dahlström
Måns Dahlström

Reputation: 1290

Im also stuck with this problem. In our application we want to be able to send the id as a pathParamter like this

/admin/eu-west-1:xxxx-xxxx-xxxx-xxx
error Msg: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method.

If i remove the colon (:) and replace it with any any other character like % or any number/char my request goes trough.

I know there is possible solutions to refactor the API to take in 2 seperate parameters like region and id.

/users/{region}/{id}
Example: /users/eu-west-1/xxxx-xxxx-xxxx-xxx

But wince we want to follow a strict pattern for our API this is not the best solution for us.

Our Pattern: 

/someObject
GET - get a list
POST - Create
PUT - Update ALL
/{id}
    GET - Get one
    PUT - Update one
    Delete - Delete one

Upvotes: 0

woodpav
woodpav

Reputation: 2027

Wow. I got it.

Here's what's happening:

I am generating am requesting /users/us-west-2%3A123 and when I generate the signature the package I was using (react-native-aws-signature) encoded the % as a percent so it turned the % into %25!

The fix was to switch to aws4 or rather the fork aws4-react-native and use the doNotEncodePath: true option in the signing request. I am also making the fetch request (node) to /users/us-west-2:123.

I'd like to thank Amazon Support, GitHub, and luck.

Upvotes: 1

Related Questions