Amazon Simple Pay
Advanced User Guide (API Version 2010-08-28)
AWS Documentation » Amazon Simple Pay » Advanced Guide » Appendix: Moving your Application to Signature Version 2 » Differences Between Signing Versions
Print this pageEmail this pageGo to the ForumsView the PDFShare this page on TwitterShare this page on FacebookBookmark this page on DeliciousSubmit this page to RedditSubmit this page to DiggDid this page help you?  Yes  No   Tell us about it...

Differences Between Signing Versions

Amazon deprecated Signature version 1 on November 3rd, 2009, and as of 10 February, 2011 it is no longer supported. You must use signature version 2 for signing inbound and outbound requests. Although the security benefits of the new version are significant, there are a few implementation differences between the two:

  • You create the concatenated URL string differently:

    Include additional components, including null parameters

    Include the query string control characters '=' and '&'

    Sort the query string parameters using byte ordering

    URL-encode the concatenated URL string before signing


  • You can now use HMAC-256 for signing inbound requests. Although we prefer HMAC-256, HMAC-SHA1 is also supported. For outbound notifications, we support the RSA-SHA1 algorithm.

  • You use the new signatureMethod parameter to indicate the signing algorithm (valid values are HmacSHA256 or HmacSHA1).

  • You include the new signatureVersion parameter, which must be set to 2.

For examples of using signature version 2, see Appendix: Sample Code

Document Conventions
Terms of Use		Did this page help you?  Yes  No   Tell us about it...