Forum Academy Marketplace Showcase Pricing Features

AWS Signature 4 API Connector

Trying to connect to AWS Services. Via Bubble Connector I wanted first initialize a call with Headers generated with Postman (Signature is valid for a short period of time). Then I wanted to use the AWS Signature 4 Plugin to generate a signature for me dynamically. Now I cannot initialize because of 403 Error. "Raw response for the API
Status code 403
{“message”:"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been

My secret key and access keys are super fresh and working in Postman, but not with the Bubble API Connector.

Anyone successfully set up API calls to AWS?

The canonical is sometimes touchy and needs to be url encoded in some cases.

1 Like

@rotari , Just realized I tried to share a private message in the previous post.

This is how I have structured calls to API gateway in the past.

hey there thank you! maybe the canonical request is what I get wrong. How do you put it into the Authorization header via the plugin? Could you eleborate on that please??

You will have to uncheck private [ ] checkbox next to each key in the API plugin to pass Values from backend workflows.

The AWS 4 plugin is for STEP 3. Signature


ok I did that. So the hashed payload is the canonical request in SHA265? And then you use this with the Plugin to create the signature?


The string to sign goes into the AWS4 plugin after the payload hash & the canonical hash occur.

AWS Signature docs
(Signature Calculations for the Authorization Header: Transferring Payload in a Single Chunk (AWS Signature Version 4) - Amazon Simple Storage Service)

Hope that helps.


1 Like

NOTE: The dates need to be the exact same in the canonical and string to sign. They don’t match in the example.

1 Like