search

postmanlabs / postman-app-support

Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
https://www.postman.com
5.81k stars 839 forks source link

AWS Signature invalid with createRestrictedDataToken operation (Selling Partner API) #11075

Open kmcconnell opened 2 years ago

kmcconnell commented 2 years ago

Is there an existing issue for this?

Describe the Issue

We're getting successful calls to the Amazon Selling Partner API operations with the AWS Signature authorization in Postman until we try the createRestrictedDataToken operation. In this case, we get an invalid signature error. Amazon support has confirmed that the signature compiled by Postman is not correct.

Authorization header for createRestrictedDataToken formed by Postman: AWS4-HMAC-SHA256 Credential=AKIAQEA[redacted]/20220711/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-content-sha256;x-amz-date, Signature=9713af81b5000ed076c7ab3137426[redacted]

The error response from Tokens API:

{
    "errors": [
        {
            "message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'POST
/tokens/2021-03-01/restrictedDataToken

host:sellingpartnerapi-eu.amazon.com
x-amz-access-token:Atza|IwEBIN_HW[redacted]
x-amz-content-sha256:ce07724ef77dd54b13[redacted]
x-amz-date: 20220711T145539Z

host;x-amz-access-token;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996f[redacted]'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20220711T145539Z
20220711/eu-west-1/execute-api/aws4_request
ddaba891962ac46a8873d129[redacted]'
",
     "code": "InvalidSignature"
        }
    ]
}

Note the DateTime 20220711T145539Z in the string to sign rather than the Credential=.....

Steps To Reproduce

Variables shown below are set in the Environment.

  1. Select AWS Signature Authorization (in our case, on the Collection) image

  2. Create createRestrictedDataToken Request image

  3. Set a body with the restrictedResources array image

  4. Submit the request with a valid access key, secret key, and access token - results in an invalid signature error (example above)

Screenshots or Videos

No response

Operating System

Windows

Postman Version

9.241.

Postman Platform

Postman App

Additional Context?

No response

NA-Dev commented 2 years ago

Same issue for me. I am a vendor finding it impossible to get reports endpoints working. It doesn't help that the documentation provided postman tests don't work either.