Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Testing AWS API Gateway with cURL

Tags:

linux

curl

aws-api-gateway

I do have a simple AWS API Gateway implementation protected by an AWS_IAM Authorization.

I just want to test from command line via cURL :

curl --location --request GET 'https://<API_ID>.execute-api.eu-west-1.amazonaws.com/stage?type=type&category=category&lc=lc&passprhase=passprhase&product=product'
--header 'Authorization: AWS4-HMAC-SHA256 Credential=<AWS_ACCESS_KEY>/20200127/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<AWS_SECRET_ACCESS_KEY>' --header 'Content-Type: application/json' \
--data-raw '{"query":"","variables":{}}'

but keep getting the follow error :

Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header.

Can someone advice what am I doing wrong ?

like image 709
user1611183 Avatar asked Feb 17 '26 00:02

user1611183

2 Answers

AWS V4 signature authentication is supported in curl starting from version 7.75, so you should be able to call your AWS resource this way:

curl --location --request GET 'https://$API-ID.execute-api.eu-west-1.amazonaws.com/stage?type=type&category=category&lc=lc&passprhase=passprhase&product=product' \
--header 'Content-Type: application/json' \
--user $ACCESS_KEY:$SECRET_KEY \
--aws-sigv4 "aws:amz" \
--data-raw '{"query":"","variables":{}}'

Note that you may need to add in the --aws-sigv4 value your region and service. For example: --aws-sigv4 "aws:amz:eu-west-2:execute-api"

You can find more documentation here: https://curl.se/libcurl/c/CURLOPT_AWS_SIGV4.html

And the documentation for the CLI option here: https://curl.se/docs/manpage.html#--aws-sigv4

like image 125
Matthias Gatto Avatar answered Feb 19 '26 19:02

Matthias Gatto

AWS_IAM authorization uses Sigv4 and its calculation process requires values certain headers - Date being one of them. You are passing x-amz-date as a part of the "SignedHeaders" field, but not actually passing it with the other headers.

One way to create the right curl command to invoke an API with AWS_IAM would be to use Postman application. Add in the API URL and select "AWS Signature" under Authorization tab. You can then select the "Code" option and get the full curl command which would look something like this -

curl -X POST \
  https://$API-ID.execute-api.$AWS_REGION.amazonaws.com/$STAGE/$RESOURCE \
  -H 'authorization: AWS4-HMAC-SHA256 Credential=$ACCESS_KEY/20200128/$AWS_REGION/execute-api/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature=$SIGNATURE_VALUE' \
  -H 'cache-control: no-cache' \
  -H 'content-type: application/x-www-form-urlencoded' \
  -H 'host: API-ID.execute-api.$AWS_REGION.amazonaws.com' \
  -H 'postman-token: 15f9498e-95b7-f22b-eed9-016cdea07424' \
  -H 'x-amz-date: $DATE_STAMP'

Create a Canonical Request for Signature Version 4

like image 43
Suraj Bhatia Avatar answered Feb 19 '26 20:02

Suraj Bhatia
Sign in to Comment

Related questions

How do I update my prompt to show current git branch on linux?
compare columns from different files and print those that DO NOT match
Create a bash alias for typing out part of a command
Is it possible to have variable substitution in a nested heredoc?
Linux: Difference between forking twice and daemon(ise)
Setting group for all files and folders with rsync
What does this kernel code mean?
C++ Boost Library Undefined Reference On shm_open: DSO Missing From Command Line
How to allocate percentage of system resources to Docker?
How to recursively copy files under a folder and its subfolders as symbolic links
Programmatically Streaming with ffmpeg library using linux system video device

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!