Amazon Flexible Payments Service
Advanced Quick Start (API Version 2010-08-28)
AWS Documentation » Amazon Flexible Payments Service » Advanced Quick Start » Introduction to Amazon FPS Advanced Quick Start » Key Concepts » Request Security
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Did this page help you?  Yes | No |  Tell us about it...

Request Security

Amazon FPS applications enable payments between buyers and sellers. Web service requests are sent over the Internet using SSL (HTTPS).

HTTPS does not establish the identity of the requester. To establish the identity of the requester, Amazon FPS uses a signature.

A signature is an encrypted value that you generate and include as a parameter value in every request using the signature parameter as in the following example.

Signature=K2ryWe7s/0AHI0/PbuAveuUPksTefhmNCzDTold2VYA=

With signature version 2, you have the option of using either SHA256 or SHA1 for signature authentication in inbound requests. For outbound notifications, the RSA-SHA1 algorithm is supported.

Important

The previous method for signing (signature version 1) was deprecated on November 3rd, 2009, and as of 10 February, 2011 it is no longer supported. Whenever you sign a request with your access keys, you must now use signature version 2.

Signing is required for all Amazon FPS API requests, and optional but recommended for Co-Branded service requests. If you do not sign a Co-Branded service request, you must manually determine whether the request has been tampered. For detailed information about generating a signature, see Working with Signatures.

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...