Signing Amazon Web Services API Requests in Python
I wanted to ping the “Amazon Product Advertising API” which now requires an HMAC signature, and the pyAWS library doesn’t sign requests and is no longer maintained. Here is some Python code to create a signed request:
# pyAWS no longer works with the AWS signed request requirement # Sign an AWS REST request using the method described here # http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/index.html?RequestAuthenticationArticle.html #_______________________________________________________________________________ def getSignedUrl(accessKey, secretKey, params): #Step 0: add accessKey, Service, Timestamp, and Version to params params['AWSAccessKeyId'] = accessKey params['Service'] = 'AWSECommerceService' #Amazon adds hundredths of a second to the timestamp (always .000), so we do too. #(see http://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html) params['Timestamp'] = time.strftime("%Y-%m-%dT%H:%M:%S.000Z", time.gmtime()) params['Version'] = '2009-03-31' #Step 1a: sort params paramsList = params.items() paramsList.sort() #Step 1b-d: create canonicalizedQueryString # This code comes from http://blog.umlungu.co.uk/blog/2009/jul/12/pyaws-adding-request-authentication/ # and the resulting discussion canonicalizedQueryString = '&'.join(['%s=%s' % (k,urllib.quote(str(v))) for (k,v) in paramsList if v]) #Step 2: create string to sign host = 'ecs.amazonaws.com' requestUri = '/onca/xml' stringToSign = 'GET\n' stringToSign += host +'\n' stringToSign += requestUri+'\n' stringToSign += canonicalizedQueryString.encode('utf-8') #Step 3: create HMAC digest = hmac.new(secretKey, stringToSign, hashlib.sha256).digest() #Step 4: base64 the hmac sig = base64.b64encode(digest) #Step 5: append signature to query url = 'http://' + host + requestUri + '?' url += canonicalizedQueryString + "&Signature=" + urllib.quote(sig) return url
Filed under: amazon, api, archive, books, code code, python · 0 Comments