Authenticating Query Requests

Every request must contain authentication information to establish the identify of the principal making the request. In Query, the authentication information is put into HTTP parameters. The parameters needed for authentication are in the following table.

Parameter	Description
AWSAccessKeyId	Your AWS Access Key Id
Timestamp	This must be a dateTime (http://www.w3.org/TR/xmlschema-2/#dateTime) in the Coordinated Universal Time (Greenwich Mean Time) time zone, such as 2005-01-31T23:59:59.183Z. Authorization will fail if this timestamp is more than 15 minutes away from the clock on Top Sites servers.
Signature	The RFC 2104 HMAC-SHA1 digest (http://www.ietf.org/rfc/rfc2104.txt) of the concatenation of [Action, such as 'TopSites'] + [Timestamp], using your AWS Secret Access Key as the key. For example, in the following sample requests, the signature element would contain the HMAC-SHA1 digest of the value "TopSites2005-01-31T23:59:59.183Z": Sample Query Request http://ats.amazonaws.com?Action=TopSites&AWSAccessKeyId=1234567890ABCDEFGHIJ&Timestamp=2005-01-31T23%3A59%3A59.183Z&ResponseGroup=Country&CountryCode=CN&Signature=[UrlEncoded HMAC-SHA1 digest of "TopSites2005-01-31T23:59:183Z"] URL Encoding The result of the SHA-1 hash is binary data. An encoding must be specified to include this in a Query request. Query requests should be Base64 encoded. However, as the results of Base64 encoding can contain characters that are not legal in a URL, such as plus signs (+),slashes (/), and equal signs (=), results for Query requests should be URL encoded, as specified in RFC 1738, section 2.2.

Parameter

Description

AWSAccessKeyId

Your AWS Access Key Id

Timestamp

This must be a dateTime (http://www.w3.org/TR/xmlschema-2/#dateTime) in the Coordinated Universal Time (Greenwich Mean Time) time zone, such as 2005-01-31T23:59:59.183Z. Authorization will fail if this timestamp is more than 15 minutes away from the clock on Top Sites servers.

Signature

The RFC 2104 HMAC-SHA1 digest (http://www.ietf.org/rfc/rfc2104.txt) of the concatenation of [Action, such as 'TopSites'] + [Timestamp], using your AWS Secret Access Key as the key. For example, in the following sample requests, the signature element would contain the HMAC-SHA1 digest of the value "TopSites2005-01-31T23:59:59.183Z":

Sample Query Request

http://ats.amazonaws.com?Action=TopSites&AWSAccessKeyId=1234567890ABCDEFGHIJ&Timestamp=2005-01-31T23%3A59%3A59.183Z&ResponseGroup=Country&CountryCode=CN&Signature=[UrlEncoded HMAC-SHA1
digest of "TopSites2005-01-31T23:59:183Z"]

URL Encoding

The result of the SHA-1 hash is binary data. An encoding must be specified to include this in a Query request. Query requests should be Base64 encoded.

However, as the results of Base64 encoding can contain characters that are not legal in a URL, such as plus signs (+),slashes (/), and equal signs (=), results for Query requests should be URL encoded, as specified in RFC 1738, section 2.2.

Warning:

Don't forget to UrlEncode the timestamp parameter for Query requests.