Amazon API Gateway REST API Reference

Signing Requests

Amazon API Gateway requires that you authenticate every request you send by signing the request. To sign a request, you calculate a digital signature using a cryptographic hash function, which returns a hash value based on the input. The input includes the text of your request and your secret access key. The hash function returns a hash value that you include in the request as your signature. The signature is part of the Authorization header of your request.

After receiving your request, Amazon API Gateway recalculates the signature using the same hash function and input that you used to sign the request. If the resulting signature matches the signature in the request, Amazon API Gateway processes the request. Otherwise, the request is rejected.

Amazon API Gateway supports authentication using AWS Signature Version 4. The process for calculating a signature can be broken into three tasks:

For example: