Specify the HTTP request method (
POST) following this syntax (where \n is a newline character):
Add the canonical URI following this syntax (where \n is a newline character):
- The canonical URI is the URI-encoded version of the URI absolute path. This corresponds to everything between the HTTP host and the question mark character ("?") which begins the query string parameters.
- You must normalize URI paths according to the RFC 3986. Therefore, you must remove all redundant and relative path components.
If the absolute path is empty, use a slash (/):
Add the canonical query string following this syntax (where \n is a newline character):
To build this canonical query string:
- Sort the names of the parameters by character code point, in ascending order.
- URI-encode each parameter name and value according to the following rules:
- Do not URI-encode the authorized characters defined in the RFC 3986: a-z, A-Z, 0-9 et -_.~
- Percent-encode all the other characters: %XY, where X and Y are hexadecimal characters (0 to 9 and A to F). For example, the space character must be encoded %20.
- Build the canonical query string starting with the name of the first parameter in the sorted list.
- For each parameter, append the URI-encoded parameter name, followed by the equal sign (=), followed by the value of the URI-encoded parameter. For parameters with no value, use an empty string.
- Append the ampersand character (&) after each parameter value, except for the last value of the list.
If the request does not contain a query string, use an empty string.
Add the canonical headers following this syntax (where \n is a newline character):
The canonical headers correspond to the list of all the HTTP headers contained in the signed request.
hostheader is mandatory. Other standard headers such as
To build the list of canonical headers, refer to the following pseudocode:
Lowercasefunction converts all characters to lowercase. The
Trimallfunction removes extra spaces before and after values, and converts sequential spaces into single spaces.
Build the list of canonical headers by sorting the headers by character code, and then by iterating through their names.
Build each header according to the following rules:
- Append the header name in lowercase, followed by a colon (":")
- Append the list of values separated by semicolons (";") for that header. Do not sort values in the headers that have several values.
- Append a new line character (\n)
Add the signed headers following this syntax (where \n is a newline character):
Signed headers correspond to the list of headers you included in the canonical headers.
hostheader is a mandatory signed header. If you want to add a date or an
x-amz-dateheader, you must also include this header in the list of signed headers.
To build the list of signed headers, refer to the following pseudocode:
Convert all header names into lowercases with the
Lowercasefunction, sort them by character code and use a semicolon (";") to separate header names.
Use a hash function to create a hash value from the payload in the body of the HTTP request.
- The hashed payload must be a lowercase hexadecimal string.
- If the payload is empty, use an empty string for the hash function. In our example, the payload is empty.
The payload is hashed.
To build the canonical request, combine all the elements from the previous steps:
Hash the canonical request with the same algorithm you used to hash the payload.
The canonical request is hashed. You then need to add it to the string to sign that you create in Creating a String to Sign.
Skip to end of banner Go to start of banner Skip to end of metadata Go to start of metadata