This article is for those who want to fix the The Request Must Contain The Parameter Signature error that they may be experiencing as of August 15, 2009. It addresses those who use AWS REST requests within PHP files.
I originally wrote about this a couple of weeks ago in an article entitled The Request Must Contain The Parameter Signature: Amazon Web Services Error and Quick Solution which you may want to read first. This article presented a one-time fix for those who quickly needed to convert an “old-type” of AWS Rest Request into a new one. However, it did not present a solution which you can use as a permanent fixture to REST requests with PHP scripts.
That is what I will do in this article–present a permanent solution to the The Request Must Contain The Parameter Signature error that you may be receiving from your AWS Requests that reside in a PHP file.
First, let me say two things: (1) This solution worked for me in all of my PHP files that contained AWS REST requests. And (2), I provide this with no support or guarantees. I would like to…but I just don’t have the time.
So let’s get started.
To determine if this solution will work for you, let me tell you how I connected (the old way) to AWS within php files with these two steps:
Step 1: I did my initial REST request like this:
Step 2: To load the data:
$response = simplexml_load_file($request); // get the XML data
Most of you probably do your REST requests within scripts similarly. If so, this solution should work for you!
The Request Must Contain The Parameter Signature: Permanent Fix for Your AWS REST Requests Within PHP Files
I am going to present this solution in two easy steps. After you implement this, you should no longer receive the The Request Must Contain The Parameter Signature error from your php files.
Step 1: Change “$request” above to “$url” (without quotes)
Step 2: Add the following lines before your $response line:
$secret = ‘yoursecretkey’;
$host = parse_url($url,PHP_URL_HOST);
$timestamp = gmstrftime(“%Y-%m-%dT%H:%M:%S.000Z”);
$url=$url. “&Timestamp=” . $timestamp;
$paramstart = strpos($url,”?”);
$workurl = substr($url,$paramstart+1);
$workurl = str_replace(“,”,”%2C”,$workurl);
$workurl = str_replace(“:”,”%3A”,$workurl);
$params = explode(“&”,$workurl);
$signstr = “GET\n” . $host . “\n/onca/xml\n” . implode(“&”,$params);
$signstr = base64_encode(hash_hmac(‘sha256’, $signstr, $secret, true));
$signstr = urlencode($signstr);
$signedurl = $url . “&Signature=” . $signstr;
$request = $signedurl;
That’s it. There is no more. The lines above satisfy the new requirements set forth in the AWS Request Authentication parameters. With these two changes, the AWS Parameter Signature Error should be gone.
I hope this helps you correct your Request Must Contain The Parameter Signature error.
PS: Special thanks to all those on the AWS boards for their writings and recommendations to fix this problem.