Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
[X] I have searched the tracker for existing similar issues and I know that duplicates will be closed
Describe the Issue
We're getting successful calls to the Amazon Selling Partner API operations with the AWS Signature authorization in Postman until we try the createRestrictedDataToken operation. In this case, we get an invalid signature error. Amazon support has confirmed that the signature compiled by Postman is not correct.
Authorization header for createRestrictedDataToken formed by Postman:
AWS4-HMAC-SHA256 Credential=AKIAQEA[redacted]/20220711/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-content-sha256;x-amz-date, Signature=9713af81b5000ed076c7ab3137426[redacted]
The error response from Tokens API:
{
"errors": [
{
"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
The Canonical String for this request should have been
'POST
/tokens/2021-03-01/restrictedDataToken
host:sellingpartnerapi-eu.amazon.com
x-amz-access-token:Atza|IwEBIN_HW[redacted]
x-amz-content-sha256:ce07724ef77dd54b13[redacted]
x-amz-date: 20220711T145539Z
host;x-amz-access-token;x-amz-content-sha256;x-amz-date
e3b0c44298fc1c149afbf4c8996f[redacted]'
The String-to-Sign should have been
'AWS4-HMAC-SHA256
20220711T145539Z
20220711/eu-west-1/execute-api/aws4_request
ddaba891962ac46a8873d129[redacted]'
",
"code": "InvalidSignature"
}
]
}
Note the DateTime 20220711T145539Z in the string to sign rather than the Credential=.....
Steps To Reproduce
Variables shown below are set in the Environment.
Select AWS Signature Authorization (in our case, on the Collection)
Create createRestrictedDataToken Request
Set a body with the restrictedResources array
Submit the request with a valid access key, secret key, and access token - results in an invalid signature error (example above)
Same issue for me. I am a vendor finding it impossible to get reports endpoints working. It doesn't help that the documentation provided postman tests don't work either.
Is there an existing issue for this?
Describe the Issue
We're getting successful calls to the Amazon Selling Partner API operations with the AWS Signature authorization in Postman until we try the
createRestrictedDataToken
operation. In this case, we get an invalid signature error. Amazon support has confirmed that the signature compiled by Postman is not correct.Authorization header for
createRestrictedDataToken
formed by Postman:AWS4-HMAC-SHA256 Credential=AKIAQEA[redacted]/20220711/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-content-sha256;x-amz-date, Signature=9713af81b5000ed076c7ab3137426[redacted]
The error response from Tokens API:
Note the DateTime
20220711T145539Z
in the string to sign rather than theCredential=....
.Steps To Reproduce
Variables shown below are set in the Environment.
Select AWS Signature Authorization (in our case, on the Collection)
Create
createRestrictedDataToken
RequestSet a body with the
restrictedResources
arraySubmit the request with a valid access key, secret key, and access token - results in an invalid signature error (example above)
Screenshots or Videos
No response
Operating System
Windows
Postman Version
9.241.
Postman Platform
Postman App
Additional Context?
No response