AnsweredAssumed Answered

Adapter/connector from CA API GW to AWS (with AWS SignV4)

Question asked by APIMGTEtudes18000094 on May 17, 2017
Latest reply on May 17, 2017 by Stephen_Hughes



We need consume directly the Web Service of AWS from the CA API Gateway

Example of AWS Services :

- Kinesis Stream

- Dynamodb

- ... 


Has anyone ever done it? If yes, how ?


I precise that we don't want consume this services by "AWS API Gateway".


In order to achieve this, Amazon requires an "AWS Sign V4"


Amazon explains how to do in the page in Signing AWS Requests with Signature Version 4 - Amazon Web Services 

Amazon give us a implementation example with Python Language on page : Examples of the Complete Version 4 Signing Process (Python) - Amazon Web Services 


We have coded the equivalent in API Gateway but it is unsuccess.

- The canonical request is OK

- The string to sign is OK 

- The signature is KO


The function of Signature use HMAC-256 algorithm hash and "digest" function.

We use "Generate Hash Security" for HMAC-256.

We block on the  "digest" function.  There is base64 decode in format binary.


Has anyone can help us ?


the extract of code Python, give by Amazon :

def sign(key, msg): return, msg.encode("utf-8"), hashlib.sha256).digest()


def getSignatureKey(key, date_stamp, regionName, serviceName):

kDate = sign(('AWS4' + key).encode('utf-8'), date_stamp)

kRegion = sign(kDate, regionName)

kService = sign(kRegion, serviceName)

kSigning = sign(kService, 'aws4_request')

return kSigning