AWS Signature 4 API Connector

Need help APIs
1

Trying to connect to AWS Services. Via Bubble Connector I wanted first initialize a call with Headers generated with Postman (Signature is valid for a short period of time). Then I wanted to use the AWS Signature 4 Plugin to generate a signature for me dynamically. Now I cannot initialize because of 403 Error. "Raw response for the API
Status code 403
{“message”:"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/GetStream"

My secret key and access keys are super fresh and working in Postman, but not with the Bubble API Connector.

Anyone successfully set up API calls to AWS?

2

http://forum.bubble.io/t/re-new-free-plugin-aws-signature-4/173360

The canonical is sometimes touchy and needs to be url encoded in some cases.

1 Like
3

@rotari , Just realized I tried to share a private message in the previous post.

This is how I have structured calls to API gateway in the past.

bubble api
bubble api625×510 48 KB

ec2 ex
ec2 ex867×487 138 KB

4

hey there thank you! maybe the canonical request is what I get wrong. How do you put it into the Authorization header via the plugin? Could you eleborate on that please??

5

You will have to uncheck private [ ] checkbox next to each key in the API plugin to pass Values from backend workflows.

The AWS 4 plugin is for STEP 3. Signature

Neil

6

ok I did that. So the hashed payload is the canonical request in SHA265? And then you use this with the Plugin to create the signature?

7

@rotari

Canonical HASH
Canonical HASH612×792 101 KB

The string to sign goes into the AWS4 plugin after the payload hash & the canonical hash occur.

Cannonical
Cannonical1162×638 145 KB

AWS Signature docs
(Signature Calculations for the Authorization Header: Transferring Payload in a Single Chunk (AWS Signature Version 4) - Amazon Simple Storage Service)

Hope that helps.

Neil

1 Like
8

NOTE: The dates need to be the exact same in the canonical and string to sign. They don’t match in the example.

1 Like