Request authentication is the process by which AWS verifies that a request came from a registered developer and identifies the account to for billing.
To access Amazon web services, you must create an AWS account. AWS accounts are associated with Amazon.com accounts. To sign in to an AWS account, you can use your Amazon.com account e-mail and password.
Note:
Note: After you have an AWS account you must still sign up individually for each web service you consume. To sign up for an Alexa web service, go to http://aws.amazon.com/alexa, click on the link for the service you are interested in, and then click on the "Sign up for Web Service" button on the service detail page.
Upon creation an AWS account is assigned an Access Key ID and a Secret Access Key. The Access Key ID is passed into a request in the AWSAccessKeyId parameter to identify the account responsible for the request. To protect from impersonation, the request sender signs the request using a hash calculated using the Secret Access Key. The Secret Access Key should never be shared with anyone.
A request signature is calculated by concatenating the values of the Action parameter and the Timestamp and then calculating an RFC 2104-compliant HMAC-SHA1 hash, using the Secret Access Key as the key. The computed HMAC-SHA1 hash is passed in the Signature request parameter.
When a request is received, AWS verifies that the request signature is valid by computing an HMAC-SHA1 hash for the request, and then comparing the value of that hash with the value in the included in the request. If the values match, the identity of the sender is verified and the request is accepted. If the values do not match, the request is rejected.
Note:
Note: Please see the code samples in the Resource Center for examples on how to sign requests using Java, C#, php, perl and ruby.
The following steps describe how to calculate the signature: