Generating AWS signature but got an error as ""The request signature we calculated does not match

ceg · ‎05-09-2023

I am working servicenow and amazon outbound integration. While hitting the amazon reporting API, It asked for signature. I showhow generated the AWS signature by using community help. But Generating AWS signature but got an error as

"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method.

Can anyone help on this ?

Ratnakar7 · ‎05-09-2023

Hi @ceg ,

The error message you received typically indicates that the signature you provided does not match the signature that the Amazon Web Services (AWS) server calculated based on the request parameters you sent.

To troubleshoot this issue, you can try the following steps:

Double-check that you are using the correct AWS access key ID and secret access key. These credentials should match the ones you set up in your AWS account, and they should have the necessary permissions to access the requested AWS service.
Check that you are using the correct endpoint URL for the AWS service you are trying to access. The endpoint URL should be specific to the AWS region you are using and should match the URL format specified in the AWS documentation.
Verify that you are using the correct HTTP method (e.g., GET or POST) and that you are sending the correct request parameters. The parameters should be in the correct format and order, as specified by the AWS documentation for the specific service you are using.
Double-check that you are using the correct version of the AWS signature algorithm (e.g., AWS Signature Version 4). The version should match the one specified in the AWS documentation for the service you are using.
Check that the system clock on the machine generating the signature is set to the correct time. If the clock is off by even a few minutes, it can cause the signature to fail.

Thanks,

Ratnakar

ceg · ‎05-30-2023

Hi @Ratnakar7

Thank you for your response.

As you mentioned below, I have checked it and it look fin but still I am getting error. I also have a question on AWS signature algorithm. How can we implement it in servicenow? I have used digest() function to convert it into AWS signature algorithm. Is that a correct method to convert AWS signature algorithm?

Ratnakar7 · ‎05-30-2023

Hi @ceg ,

Using the digest() function alone may not be sufficient to generate the correct AWS signature.

Here's a general approach to implement the AWS signature algorithm in ServiceNow:

Determine the service-specific information required for the AWS signature algorithm. This includes the AWS access key ID, secret access key, service endpoint URL, HTTP method, request parameters, and timestamp.
Construct the canonical request. The canonical request is a formatted string that represents the HTTP request you are sending to AWS. It includes the HTTP method, URI, query parameters, headers, and payload.
Generate the string to sign. The string to sign is constructed by combining the required components of the canonical request, including the algorithm name, request timestamp, credential scope, and hashed canonical request.
Derive the signing key. Using the secret access key and the timestamp, derive the signing key using a series of HMAC-SHA256 operations.
Generate the signature. Use the signing key to sign the string to sign using HMAC-SHA256.
Include the generated signature in your request headers, typically as the value of the "Authorization" header.

ServiceNow provides various cryptographic functions and methods that can help in generating the AWS signature, such as USING KMF FOR HMAC VERIFICATION . You can use these functions to perform the required hashing and signing operations.

Thanks,

Ratnakar