AWS Signature 4 API Connector

rotari · September 18, 2021, 3:56pm

Trying to connect to AWS Services. Via Bubble Connector I wanted first initialize a call with Headers generated with Postman (Signature is valid for a short period of time). Then I wanted to use the AWS Signature 4 Plugin to generate a signature for me dynamically. Now I cannot initialize because of 403 Error. "Raw response for the API
Status code 403
{“message”:"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/GetStream"

My secret key and access keys are super fresh and working in Postman, but not with the Bubble API Connector.

Anyone successfully set up API calls to AWS?

FlipList · October 11, 2021, 11:40pm

http://forum.bubble.io/t/re-new-free-plugin-aws-signature-4/173360

The canonical is sometimes touchy and needs to be url encoded in some cases.

FlipList · October 14, 2021, 10:12pm

@rotari , Just realized I tried to share a private message in the previous post.

This is how I have structured calls to API gateway in the past.

rotari · November 3, 2021, 6:49pm

hey there thank you! maybe the canonical request is what I get wrong. How do you put it into the Authorization header via the plugin? Could you eleborate on that please??

FlipList · November 5, 2021, 2:30pm

You will have to uncheck private [ ] checkbox next to each key in the API plugin to pass Values from backend workflows.

The AWS 4 plugin is for STEP 3. Signature

Neil

rotari · November 8, 2021, 8:57pm

ok I did that. So the hashed payload is the canonical request in SHA265? And then you use this with the Plugin to create the signature?

FlipList · November 8, 2021, 10:00pm

@rotari

The string to sign goes into the AWS4 plugin after the payload hash & the canonical hash occur.

AWS Signature docs
(Signature Calculations for the Authorization Header: Transferring Payload in a Single Chunk (AWS Signature Version 4) - Amazon Simple Storage Service)

Hope that helps.

Neil

FlipList · November 8, 2021, 10:05pm

NOTE: The dates need to be the exact same in the canonical and string to sign. They don’t match in the example.