1. 前提概要
1.1. 如果打算使用 SDK 的,可跳过这一章
1.2. 每个 HTTP 请求都需要将 Authorization 放在 Headers 中
2.1.1.2. Authorization
官方文档
Python 版本完整案例(亲儿子吗?居然单独拎出来。)
Examples of the complete Signature Version 4 signing process (Python).
你有两种方式可以添加 Authorization(具体内容查询官方文档)
Authorization header
Query string
2.1.1.2.1. Credential
| Dimension | Description | Example |
|---|---|---|
| Date | An eight-digit string representing the year (YYYY), month (MM), and day (DD) of the request.日期相关格式问题:处理签名版本 4 中的日期 | 20190430 |
| AWS region | The region you are sending the request to. See Selling Partner API endpoints. | us-east-1 |
| Service | The service you are requesting. You can find this value in the endpoint. See Selling Partner API endpoints. | execute-api |
| Termination string | A special termination string. For AWS Signature Version 4, the value is aws4_request | aws4_request |
example
20201022/us-east-1/https://sellingpartnerapi-na.amazon.com/aws4_request
简而言之,这几个货都是小写的。
2.1.1.2.2. Signature
官方文档
https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
各版本的签名代码(Java, C#, Python, Ruby, and JavaScript)
Examples of how to derive a signing key for Signature Version 4.
常见签名异常
https://docs.aws.amazon.com/general/latest/gr/signature-v4-troubleshooting.html
Task 1: Create a canonical request for Signature Version 4
Task 2: Create a string to sign for Signature Version 4
Task 3: Calculate the signature for AWS Signature Version 4
Task 4: Add the signature to the HTTP request
2.1.1.2.3. Authorization
| Component | Description |
|---|---|
| The algorithm used for signing | The hash algorithm used throughout the signing process. The Selling Partner API requires SHA-256. You specify this in Step 4. Create and sign your request. 固定 AWS4-HMAC-SHA256 |
| Credential | Your AWS access key ID plus the Credential scope. You get your AWS access key ID in Step 2. Create an IAM user. 用户的 access key ID + 2.1.1.2.1. Credential |
| SignedHeaders | A list of all the HTTP headers that you included with the signed request. For an example, see Step 3. Add headers to the URI. |
| Signature | The signature calculated in Step 4. Create and sign your request. 2.1.1.2.2. Signature |
example
Authorization: AWS4-HMAC-SHA256 Credential={USER_IAM}/{Credential}, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date, Signature={Signature}
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIHV6HIXXXXXXX/20201022/us-east-1/https://sellingpartnerapi-na.amazon.com/aws4_request, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date, Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924aEXAMPLE