| « PreviousNext » | |
 | Did this page help you? Yes | No | Tell us about it... |
Signed Signature Version 4 Requests Examples
After you have completed the signing tasks, use the resulting authorization information to construct a signed request. The authorization information includes the following parameter values: the signing algorithm, the credential scope (with your access key), the list of signed headers, and the calculated signature.
The authorization information must be provided together in either the HTTP header or query string, but not both. We recommend including the date and the authorization parameters in the header so that the information isn't logged. Use the request body for the action name and the action's required and optional parameters.
The following example shows how you might construct a signed POST request. The
example is derived from the sample request in Task 1: Create A Canonical
Request and uses AKIDEXAMPLE as the access key.
Sample signed request with authorization information in the header
POST http://iam.amazonaws.com/ HTTP/1.1 Authorization: AWS4-HMAC-SHA256 Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=ced6826de92d2bdeed8f846f0bf508e8559e98e4b0199114b84c54174deb456c host: iam.amazonaws.com Content-type: application/x-www-form-urlencoded; charset=utf-8 x-amz-date: 20110909T233600Z Action=ListUsers&Version=2010-05-08
In the previous example, the authorization information is included as a header.
The Credential parameter value starts with your access key and appends
the credential scope value that you created in Task 2.
If you need the signature returned in the query string, then you can create a query string request that includes the date, the authorization info, the action name, and the action's parameters. The following example shows how you might construct a GET request by including the action and authorization information in the query string.
Sample signed request with authorization information in the query string
GET http://iam.amazonaws.com/?Action=ListUsers&Version=2010-05-08&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIDEXAMPLE/20110909/us-east-1/iam/aws4_request&X-Amz-Date=20110909T233600Z&X-Amz-SignedHeaders=content-type;host&X-Amz-Signature=525d1a96c69b5549dd78dbbec8efe264102288b83ba87b7d58d4b76b71f59fd2 HTTP/1.1 Content-type: application/json host: iam.amazonaws.com
Note
We refer to the last five parameters in the preceding request
(X-Amz-Algorithm through X-Amz-SignedHeaders) as
the authentication parameters. In some example Query requests we present in AWS
documentation, we omit the authentication parameters to make it easier to focus
on the ones relevant to the particular operation. We replace them with the
following literal string to remind you that a real request includes the
parameters: AUTHPARAMS.
