|« PreviousNext »|
|Did this page help you? Yes | No | Tell us about it...|
This section describes how to authenticate SOAP requests without using WS-Security. The topics describe the basic requirements, the required authentication information, and where to place the information in the SOAP request.
If you plan to use SOAP without WS-Security:
You can use either SOAP 1.1 or SOAP 1.2
You must use HTTPS with your requests
Authentication of SOAP requests without WS-Security uses your AWS identifiers and an HMAC-SHA256 signature. The request must include the parameters listed in the following table.
Your AWS Access Key ID. For more information, see Your AWS Identifiers.
This is a required parameter if you include the Signature parameter. Otherwise it is optional. There is no default value. The time stamp you use in the request must be a
If you are using .NET you must not send overly specific time stamps, due to
different interpretations of how extra time precision should be dropped. To avoid
overly specific time stamps, manually construct
The HMAC-SHA256 signature calculated from the concatenation of the
To calculate the signature
Concatenate the values of the
request parameters, in that order.
The string you've just created is the string you'll use when generating the signature.
Calculate an RFC 2104-compliant HMAC-SHA256 signature, using the string you just created and your Secret Access Key as the key.
Convert the resulting value to base64.
Pass this final value in the
Signature parameter of the SOAP
With version 2011-08-01, you must provide the authentication information as elements in the SOAP header (using the namespace http://security.amazonaws.com/doc/2007-01-01/), as in the following example.
<?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope" soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding"> <soap:Header xmlns:aws="http://security.amazonaws.com/doc/2007-01-01/"> <aws:AWSAccessKeyId>AKIAIOSFODNN7EXAMPLE</aws:AWSAccessKeyId> <aws:Timestamp>2008-02-10T23:59:59Z</aws:Timestamp> <aws:Signature>SZf1CHmQnrZbsrC13hCZS061ywsEXAMPLE</aws:Signature> </soap:Header> ... </soap:Envelope>