PHP AMAZON API GATEWAY : The request signature we calculated does not match the signature you provided

Question

I want to get response from website content.geappliances.io using AWS API Gateway but always get error :

{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'GET\n/search/b2b/results\n\ncontent-type:\nhost:content.geappliances.io\nx-amz-date:20170401T041050Z\n\ncontent-type;host;x-amz-date\ne3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20170401T041050Z\n20170401/us-east-1/execute-api/aws4_request\na8aec6a82c0f9a2471bd17faa5f2ce5cd810a16f129fca9b04347ceed54fdc61'\n"}

please somebody help me, what's wrong with my code. Here's the code :

function signRequest(){

    $method ='GET';
    $uri = '/search/b2b/results?N=0&Ntk=SKU&Ntt=GTX33EASKWW';

    $access_key         = 'my-access-key';
    $secretKey          = 'my-secret-key';
    $region             = 'us-east-1';
    $kService           = 'execute-api';
    $service            = 'execute-api';

    $options = array(); 
    $headers = array();
    $host    = "content.geappliances.io";
    $alg = 'sha256';

    $date = new DateTime( 'UTC' );

    $dd = $date->format( 'Ymd\THis\Z' );

    $amzdate2 = new DateTime( 'UTC' );
    $amzdate2 = $amzdate2->format( 'Ymd' );
    $amzdate = $dd;

    $algorithm = 'AWS4-HMAC-SHA256';

    $requestPayload = "UNSIGNED_PAYLOAD";
    $hashedPayload = hash($alg, $requestPayload);

    $canonical_uri = $uri;
    $canonical_querystring = '';

    $canonical_headers = "content-type:"."application/json"."\n"."host:".$host."\n"."x-amz-date:".$amzdate."\n";
    $signed_headers = 'content-type;host;x-amz-date';
    $canonical_request = "".$method."\n".$canonical_uri."\n".$canonical_querystring."\n".$canonical_headers."\n".$signed_headers."\n".$hashedPayload;

    $credential_scope = $amzdate2 . '/' . $region . '/' . $service . '/' . 'aws4_request';
    $string_to_sign  = "".$algorithm."\n".$amzdate ."\n".$credential_scope."\n".hash('sha256', $canonical_request)."";

    $kSecret = 'AWS4' . $secretKey;
    $kDate = hash_hmac( $alg, $amzdate2, $kSecret, true );
    $kRegion = hash_hmac( $alg, $region, $kDate, true );
    $kService = hash_hmac( $alg, $service, $kRegion, true );
    $kSigning = hash_hmac( $alg, 'aws4_request', $kService, true );     
    $signature = hash_hmac( $alg, $string_to_sign, $kSigning ); 
    $authorization_header = $algorithm . ' ' . 'Credential=' . $access_key . '/' . $credential_scope . ', ' .  'SignedHeaders=' . $signed_headers . ', ' . 'Signature=' . $signature;

    $headers = array(
                'content-typeapplication/json', 
                "cache-control: no-cache",
                "host: content.geappliances.io",
                'x-amz-date: '.$amzdate.'', 
                'Authorization: '.$authorization_header.''
            );
    return $headers;

}

$curl = curl_init();

curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);

curl_setopt_array($curl, array(
  CURLOPT_URL => "https://content.geappliances.io/search/b2b/results?N=0&Ntk=SKU&Ntt=GTX33EASKWW",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "GET",
  CURLOPT_HTTPHEADER => signRequest(),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}

in the postman, I generate my access key and secret key then it works nicely.

postman result

Did you ever get this figured out? Can you please let us know what you did to fix the issue? — chapeljuice, Oct 30 '17 at 16:10

score -2 · Answer 1 · answered Apr 01 '17 at 04:32

-2

Take a look at your code

$access_key         = 'my-access-key';
$secretKey          = 'my-secret-key';

You have to enter your values for access key and secret key there. I assume Amazon provided them for you?

Because your error message says

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method.

answered Apr 01 '17 at 04:32

Alexio

1
1
4

thanks @alexio for the response, I have access_key and secretkey but I'm sorry I can't show it. If I use rest api like postman it's work nicely. I hope you can show me what's wrong with my code. Thank you.. – Marketing Calysta Apr 01 '17 at 04:37
I was just suggesting to enter your code API keys there and thought maybe you haven't done it yet? Because the error message implies that. – Alexio Apr 01 '17 at 04:40
No, you don't have to show it to me. Please remove it again. I think you misunderstood me. However, do you get another message now? – Alexio Apr 01 '17 at 05:08
Okay @alexio, I got same message error, it always get The request signature error but I try in postman it works. I'm very confused.. do you have an idea ? – Marketing Calysta Apr 01 '17 at 05:15
Can you show some code of postman? Where did you get the PHP code? From the Amazon docs? – Alexio Apr 01 '17 at 05:40
I get the PHP code from this link : http://stackoverflow.com/questions/39822768/signature-version-4-signing-process-in-php-to-access-api-gateway-endpoint?rq=1. the postman result is in my main post @alexio, please have a look. – Marketing Calysta Apr 01 '17 at 06:00

PHP AMAZON API GATEWAY : The request signature we calculated does not match the signature you provided

1 Answers1