Signed requests for Amazon Web Services API

Signed requests for Amazon Web Services API

Amazon AWS APIs require requests to be signed. By signing the requests now carry non-readable signature or hash. The hash is computed from the operation and timestamp so as to make each api call differentiated. The hash is computed with a secret by an algorithm that is specified upfront. Typically these are Hash Based Message Authentication Code (HMAC) and as an example the SHA256 hash function that produces a 256 bit hash can be used. Both the AccessKeyId and the secret are issued separately to each user at the time of his or her account registration for use of these APIs.  This signature, the timestamp and the AccessKeyId are all specified in the SOAP header or REST URI. These are included in the SOAP header by the message inspector. This message inspector is registered with the EndpointBehavior for the client. The EndpointBehaviour is in turn returned by the BehaviourExtensionElement. All of these are System.ServiceModel namespace types and can be specified in the configuration file itself along with the address, binding and contract. The contract can be created by the WCF service utility by pointing it to the wsdl of the service that should be available online as the API. This configuration helps in instantiating a proxy and for making direct calls to the API.

Here’s an example of REST AWS API

http://ecs.amazonaws.com/onca/xml?AWSAccessKeyId=<MyAccessKeyID>&AssociateTag=ws&Keywords=%CE%B1%CE%B2%CE%B3%CE%B4%CE%B5&Operation=ItemSearch&ResponseGroup=Small&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2013-01-10T20%3A08%3A36Z&Version=2011-08-01&Signature=5lTNSJE89RHxSw1dzeDuAQUwsDu01zUzc3bmoqRZeRc%3D