search

Signing requests

Calculate the Authorization signature for API requests.

Once you have obtained temporary credentials, you will use them to compute the Authorization signature for all additional requests to the API.

hashtag
Sample temporary credentials

{
    "accessKey": "***********",
    "secretKey": "***************************",
    "sessionToken": "FQoDYXd//////====ONCXz6OZC6FIxoWO1CGxVkwnY6WT07ZdLgGkr5ZkRCnGpa5uiF5KKbgMMWyQjKIazeyarBvXleDQmJznO4tBKq3U709cY20lVkdzHwAJQ5HXWHVop6w6cRy8uyOFPZ9fPD79PJ0L9KUkSo9uIG8DUK7PRvs4eAtIQQFdW+j2eHx6sUlF====34098qojfaof",
    "expiration": "2018-01-01T00:00:01+00:00"
}

Rightsline utilizes Amazon’s API Gatewayarrow-up-right and authenticates all calls by leveraging both STSarrow-up-right and AWS Signature V4arrow-up-right. Instructions for computing the AWS V4 signature can be found herearrow-up-right.

hashtag
Postman

Although you can construct this request by following the instruction contained above from Amazon’s documentationarrow-up-right, Rightsline recommends you utilize the instructions at https://docs.aws.amazon.com/apigateway/latest/developerguide/how-to-use-postman-to-call-api.htmlarrow-up-right, which will speed up the process quite a bit.

Postman generates the HTTP Request in the required canonical format, including the code for signing a request in various languages:

Postman code snippets for generating AWS V4 signature.

For your implementation, you will need to generate your Signing Key programmatically (Postman is doing it for you in the background). Instruction for calculating the AWS4-HMAC-SHA256 signature can be found here: https://docs.aws.amazon.com/general/latest/gr/sigv4-calculate-signature.htmlarrow-up-right There are also great examples of how to generate the signature in various programming languages located here: https://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.htmlarrow-up-right

hashtag
HTTP request example

  1. HTTP Request Method (GET, POST, PUT, etc.) + Canonical URI + HTTP Protocol (HTTP/1.1)

  2. Div API Key; unique to each Rightsline environment

  3. Requested host URL, which will change depending on the API environment ris[-staging, -int, -pm].rightsline.com

  4. Date/Time of the request in Amazon’s required format YYYYMMDD’T’HHMMSS’Z’ (https://docs.aws.amazon.com/general/latest/gr/sigv4-date-handling.htmlarrow-up-right)

  5. Authorization Header with calculated Signing Key. (https://docs.aws.amazon.com/general/latest/gr/sigv4-create-string-to-sign.htmlarrow-up-right)

PreviousRequesting temporary credentialsNextUser permissions

Last updated

Was this helpful?