Skip to content
Advertisement

Newest version Postman creating different signature for AWS access compared to my java algorithm

So I’ve created the java algorithm for AWS signature creation, following the guidelines of AWS >https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-header-based-auth.html

The algorithm is available on my github >https://github.com/marcodag/aws_signature_creation/blob/main/SignatureCreation.java

These are the steps that I take:

  1. retrieve secret key, access key and token from AWS account
  2. create call on Postman (for Linux) v8.12.5, by using AWS Signature auth
  3. the call goes OK.
  4. I retrieve the signature that it created and the X-AMZ-DATE used
  5. I run my java algorithm and check if the signature is the same as postman produced
  6. they’re the same.

So a colleague tries the same steps, but with latest postman version (9+). Postman call goes OK, but it generates a different signature from the java one. Also, he created a js algorithm based on the java one and the js and java make the same signature. Just, my postman matches the signature, his not.
The number and type of headers generated are the same. What could be the problem?

Advertisement

Answer

SOLVED

Well, my postman was calling an url like

https://s3.eu-west-1.amazonaws.com/a_bucket/a_key

with the dot between s3 and eu. And my colleague was calling

https://s3-eu-west-1.amazonaws.com/a_bucket/a_key

with the dash between s3 and eu. AWS is accepting both. Of course the host is used to create the signature, hence the differences.

User contributions licensed under: CC BY-SA
10 People found this is helpful
Advertisement