Request Authentication

Every request must contain authentication information to establish the identify of the principal making the request. In SOAP, the authentication information is put into elements in the <Request> element, and in QUERY, the authentication information is put into HTTP parameters. The parameters needed for authentication are in the following table.

Parameter Description

AWSAccessKeyId Your AWS Access Key Id

Timestamp This must be a dateTime (http://www.w3.org/TR/xmlschema-2/#dateTime) in the Coordinated Universal Time (Greenwich Mean Time) time zone, such as 2005-01-31T23:59:59.183Z. Authorization will fail if this timestamp is more than 15 minutes away from the clock on AST servers.

Signature The RFC 2104 HMAC-SHA1 digest (http://www.ietf.org/rfc/rfc2104.txt) of the concatenation of [Action, such as 'Thumbnail'] + [Timestamp], using your AWS Secret Access Key as the key. For example, in the following sample requests, the signature element would contain the HMAC-SHA1 digest of the value "Thumbnail2005-01-31T23:59:59.183Z":

Sample QUERY Request

http://ast.amazonaws.com/Xino?Action=Thumbnail&ASTAccessKeyId=1234567890ABCDEFGHIJ&Timestamp=2005-01-31T23%3A59%3A59.183Z&Url=www.alexa.com&Signature=[UrlEncoded HMAC-SHA1 digest of "Thumbnail2005-01-31T23:59:183Z"]

Sample SOAP Request

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <m:ThumbnailRequest xmlns:m="http://ast.amazonaws.com/doc/2006-05-15/"> <m:Request> <m:Signature>[HMAC-SHA1 digest of "Thumbnail2005-01-31T23:59:183Z"]</m:Signature> <m:Timestamp>2005-01-31T23:59:183Z</m:Timestamp> <m:AWSAccessKeyId>1234567890ABCDFGHIJ</m:AWSAccessKeyId> <m:Url>www.alexa.com</m:Url> </m:Request> </m:ThumbnailRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

URL Encoding

The result of the SHA-1 hash is binary data. An encoding must be specified to include this in either a SOAP or QUERY request. Both QUERY and SOAP requests should be Base64 encoded.

However, as the results of Base64 encoding can contain characters that are not legal in a URL, such as plus signs (+),slashes (/), and equal signs (=), results for REST requests should be URL encoded, as specified in RFC 1738, section 2.2.

Parameter	Description
AWSAccessKeyId	Your AWS Access Key Id
Timestamp	This must be a dateTime (http://www.w3.org/TR/xmlschema-2/#dateTime) in the Coordinated Universal Time (Greenwich Mean Time) time zone, such as 2005-01-31T23:59:59.183Z. Authorization will fail if this timestamp is more than 15 minutes away from the clock on AST servers.
Signature	The RFC 2104 HMAC-SHA1 digest (http://www.ietf.org/rfc/rfc2104.txt) of the concatenation of [Action, such as 'Thumbnail'] + [Timestamp], using your AWS Secret Access Key as the key. For example, in the following sample requests, the signature element would contain the HMAC-SHA1 digest of the value "Thumbnail2005-01-31T23:59:59.183Z": Sample QUERY Request http://ast.amazonaws.com/Xino?Action=Thumbnail&ASTAccessKeyId=1234567890ABCDEFGHIJ&Timestamp=2005-01-31T23%3A59%3A59.183Z&Url=www.alexa.com&Signature=[UrlEncoded HMAC-SHA1 digest of "Thumbnail2005-01-31T23:59:183Z"] Sample SOAP Request <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <m:ThumbnailRequest xmlns:m="http://ast.amazonaws.com/doc/2006-05-15/"> <m:Request> <m:Signature>[HMAC-SHA1 digest of "Thumbnail2005-01-31T23:59:183Z"]</m:Signature> <m:Timestamp>2005-01-31T23:59:183Z</m:Timestamp> <m:AWSAccessKeyId>1234567890ABCDFGHIJ</m:AWSAccessKeyId> <m:Url>www.alexa.com</m:Url> </m:Request> </m:ThumbnailRequest> </SOAP-ENV:Body> </SOAP-ENV:Envelope> URL Encoding The result of the SHA-1 hash is binary data. An encoding must be specified to include this in either a SOAP or QUERY request. Both QUERY and SOAP requests should be Base64 encoded. However, as the results of Base64 encoding can contain characters that are not legal in a URL, such as plus signs (+),slashes (/), and equal signs (=), results for REST requests should be URL encoded, as specified in RFC 1738, section 2.2.

Warning:

Don't forget to UrlEncode the timestamp parameter for QUERY requests.