Hi, 

We want to create an S3 bucket API (upload file using multipart-form-data) with an AWS signature in IBM API Connect v10. The direct AWS endpoint is working fine in Postman by providing the following details:

Method: PUT, AWS Endpoint, AccessKey, SecretKey, AWS Region, Service Name

Anyone know how to achieve this in API Connect?

Hi, 

We want to create an S3 bucket API (upload file using multipart-form-data) with an AWS signature in IBM API Connect v10. The direct AWS endpoint is working fine in Postman by providing the following details:

Method: PUT, AWS Endpoint, AccessKey, SecretKey, AWS Region, Service Name

Anyone know how to achieve this in API Connect?

Hi Suraj,

AWS uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication. In Postman, when you select AWS Signature, Postman behind the scenes tries to construct this HMAC token from the provided variables (AccessKey, SecretKey, AWS Region, Service Name). You can read more about how HMAC authentication works here. There are two methods to send this token to AWS:

1. Using Query parameter as documented here.
2. Using Authorization header as documented here.

The main complication with preparing this query param or header is computing the request signature. This is mandatory by AWS S3 to ensure the authenticity of the request. I could not find a way to skip this.

The Authorization header is represented like this:

Authorization: AWS4-HMAC-SHA256 Credential=<your-access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request, SignedHeaders=host;range;x-amz-date, Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024

Here, AWS4-HMAC-SHA256 is the algorithm used for signature calculation and fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024 is the signature. IBM has a guide on how to construct this signature here: IBM Cloud: Constructing an HMAC signature

So, in short, you will have to manually create this Authorization header for API Connect through a script. I hope this helps.

Hi, 

We want to create an S3 bucket API (upload file using multipart-form-data) with an AWS signature in IBM API Connect v10. The direct AWS endpoint is working fine in Postman by providing the following details:

Method: PUT, AWS Endpoint, AccessKey, SecretKey, AWS Region, Service Name

Anyone know how to achieve this in API Connect?

Hi Suraj,

AWS uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication. In Postman, when you select AWS Signature, Postman behind the scenes tries to construct this HMAC token from the provided variables (AccessKey, SecretKey, AWS Region, Service Name). You can read more about how HMAC authentication works here. There are two methods to send this token to AWS:

1. Using Query parameter as documented here.
2. Using Authorization header as documented here.

The main complication with preparing this query param or header is computing the request signature. This is mandatory by AWS S3 to ensure the authenticity of the request. I could not find a way to skip this.

The Authorization header is represented like this:

Authorization: AWS4-HMAC-SHA256 Credential=<your-access-key-id>/<date>/<aws-region>/<aws-service>/aws4_request, SignedHeaders=host;range;x-amz-date, Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024

Here, AWS4-HMAC-SHA256 is the algorithm used for signature calculation and fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024 is the signature. IBM has a guide on how to construct this signature here: IBM Cloud: Constructing an HMAC signature

So, in short, you will have to manually create this Authorization header for API Connect through a script. I hope this helps.

Hi, 

We want to create an S3 bucket API (upload file using multipart-form-data) with an AWS signature in IBM API Connect v10. The direct AWS endpoint is working fine in Postman by providing the following details:

Method: PUT, AWS Endpoint, AccessKey, SecretKey, AWS Region, Service Name

Anyone know how to achieve this in API Connect?