API Connect

API Connect

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

SignatureDoesNotMatch error for PUT method when calling Amazon S3 service from the API Connect Gateway service.

  • 1.  SignatureDoesNotMatch error for PUT method when calling Amazon S3 service from the API Connect Gateway service.

    Posted Wed September 27, 2023 11:05 AM

    We are getting the following error for PUT method when calling Amazon S3 service from the API Connect Gateway service. Does anyone have experience working on integration with Amazon S3 

    <?xml version="1.0" encoding="UTF-8"?>
    <Error>
        <Code>SignatureDoesNotMatch</Code>
        <Message>The request signature we calculated does not match the signature you provided. Check your key and signing method.</Message>
        <AWSAccessKeyId>AKIAWWXCTALIFR7EZEXY</AWSAccessKeyId>
        <StringToSign>AWS4-HMAC-SHA256
    20230926T101844Z
    20230926/eu-west-1/s3/aws4_request
    5a29403c532781709dbc9a2fed47f08eae213b25dde3ce3281c035fe6b8c6469</StringToSign>
        <SignatureProvided>346fe27bd21da406b5cd35db5145ff02a6d4c1c06e4e64363779f4c939e0b7ed</SignatureProvided>
        <StringToSignBytes>41 57 53 34 2d 48 4d 41 43 2d 53 48 41 32 35 36 0a 32 30 32 33 30 39 32 36 54 31 30 31 38 34 34 5a 0a 32 30 32 33 30 39 32 36 2f 65 75 2d 77 65 73 74 2d 31 2f 73 33 2f 61 77 73 34 5f 72 65 71 75 65 73 74 0a 35 61 32 39 34 30 33 63 35 33 32 37 38 31 37 30 39 64 62 63 39 61 32 66 65 64 34 37 66 30 38 65 61 65 32 31 33 62 32 35 64 64 65 33 63 65 33 32 38 31 63 30 33 35 66 65 36 62 38 63 36 34 36 39</StringToSignBytes>
        <CanonicalRequest>PUT
    /dsv/Test/test03.txt

    content-length:
    content-type:null
    host:warehousing-csv.s3.eu-west-1.amazonaws.com
    x-amz-content-sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
    x-amz-date:20230926T101844Z

    content-length;content-type;host;x-amz-content-sha256;x-amz-date
    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855</CanonicalRequest>
        <CanonicalRequestBytes>50 55 54 0a 2f 64 73 76 2f 54 65 73 74 2f 74 65 73 74 30 33 2e 74 78 74 0a 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3a 0a 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3a 6e 75 6c 6c 0a 68 6f 73 74 3a 77 61 72 65 68 6f 75 73 69 6e 67 2d 63 73 76 2e 73 33 2e 65 75 2d 77 65 73 74 2d 31 2e 61 6d 61 7a 6f 6e 61 77 73 2e 63 6f 6d 0a 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35 0a 78 2d 61 6d 7a 2d 64 61 74 65 3a 32 30 32 33 30 39 32 36 54 31 30 31 38 34 34 5a 0a 0a 63 6f 6e 74 65 6e 74 2d 6c 65 6e 67 74 68 3b 63 6f 6e 74 65 6e 74 2d 74 79 70 65 3b 68 6f 73 74 3b 78 2d 61 6d 7a 2d 63 6f 6e 74 65 6e 74 2d 73 68 61 32 35 36 3b 78 2d 61 6d 7a 2d 64 61 74 65 0a 65 33 62 30 63 34 34 32 39 38 66 63 31 63 31 34 39 61 66 62 66 34 63 38 39 39 36 66 62 39 32 34 32 37 61 65 34 31 65 34 36 34 39 62 39 33 34 63 61 34 39 35 39 39 31 62 37 38 35 32 62 38 35 35</CanonicalRequestBytes>
        <RequestId>F67APJ60JNPGWFAA</RequestId>
        <HostId>tfLOd7AlKA573NBdLwT1gQuTsVHtXHHcr0ZCWx0KF40Pd2zwAWMP5w7xyZRYW2Wxqq3UrEBYaVE=</HostId>
    </Error>



    ------------------------------
    Devendra Karande
    ------------------------------



  • 2.  RE: SignatureDoesNotMatch error for PUT method when calling Amazon S3 service from the API Connect Gateway service.

    Posted Tue November 14, 2023 12:34 PM

    Hi @Devendra Karande

    SignatureDoesNotMatch error usually indicates a mismatch between the signature that your request calculated and the one that Amazon S3 expects.

    Here are some general steps that I can think of, to resolve this issue:

    1. Ensure that the AWS access keys you are using are correct. Sometimes keys can be rotated or might have been entered incorrectly.

    2. Make sure that the signing method you are using conforms to what S3 expects. This is usually AWS4-HMAC-SHA256.

    3. It seems from your logs that content-type is set to null in your request. You should provide a proper MIME type for the file you are uploading.

    4. Ensure that the 'String to Sign' and 'Canonical Request' are formatted correctly as per AWS documentation. Every line and space matters for the signature calculation.

    5. The timestamp in your request must be in sync with AWS servers. Ensure your server's clock is accurate and consider clock skew in your calculation.

    6. Special Characters: If your object keys include characters not typically allowed in URLs, they need to be URL-encoded in the canonical request.


    I hope this helps.



    ------------------------------
    Ruchi Yadav
    ------------------------------

    Original Message


Related Content