The request signature we calculated does not match the signature you provided ?

[esumit]

On executing Login request, I have recieved following crendentials 👍
"credentials": {
"accessKey": "XXXXXXXXXXXXX",
"secretKey": "XXXXXXXXXXXXX/XXXXXXXXXXXXX/XXXXXXXXXXXXX",
"sessionToken": "FQoDYXdzEEUaDBzTjHqvxMWDMpGfniKuBFZQZHKgdyhTDBTfHplacB+y27s87iGuEvFO5yHbJG5AwxgPGTpxc3mpdfmW5Q2CA5w8BCIzGjXqAPB8iEMI95rZWXh73AZH4OKrPHSEyRMDscH73Yl2DdVOiPpSQGAFssaVytxIJPF2AESUohD/OdvpwQ+sRwm8/mm1/8iUgNjYch0xl80GYtoUysTkGohhtDktGcEN3ho+Dsq8Z2ei+LTH6ulq2tkPvxVSGw9KoN5OP20nCfehRSIy5WPxTuFm8ws76DjNs1xoTDdkVGW/8QOTgvutLLc1axd6HKmELLNQWUEOXNAxK+1Sf8YMPRGH1bp+ozXrGAJc/71OXhk5QISS3ikUT0RephMJY/PbG7E4DnvIGI82+InUCTT/YvFZM7xWIrwWDKJIcY5/+CI7Sos6+JiFj0doyh+sK0Muu3IZgBwmXdA6r7qWeI94+j2FUpWB7fUTCHzOQLotR2U62gxj0h8fiiqviznPcaLbnnH+e+pSOvTY4F8vgQw256O41QgxhRxHL4rLlvC5PwJ8Im1Pcgj224myQZVyK/2SX3eEfKXaQEn+vMDUTYdWhpOcPU1NVK8H1GG6/Srs2oEcaqQm7Mv6VQKSe5R7XWs3GCuwMQmkac7QoIG8VG48QvqEgBzyvS+ivUapW8h1pg9yqYNPzVwh8RTv3Tyl0wP0DIExN8AZX85CZv/k9v3QqHku5MgHh6Me6DnXKmr6F8a3XOEJJfHau+Rm/C6ENFG2aijaqKK5BQ==",
"expiration": 1462280810000

}

But when I applied to call Pets request by entering above parameters , it does the following 👍

{"message":"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/devTest/pets\n\ncontent-length:212\ncontent-type:application/x-www-form-urlencoded\nhost:XXXXXXX.execute-api.us-east-1.amazonaws.com\nx-amz-date:20160503T121516Z\nx-amz-security-token:FQoDYXdzEEUaDBzTjHqvxMWDMpGfniKuBFZQZHKgdyhTDBTfHplacB+y27s87iGuEvFO5yHbJG5AwxgPGTpxc3mpdfmW5Q2CA5w8BCIzGjXqAPB8iEMI95rZWXh73AZH4OKrPHSEyRMDscH73Yl2DdVOiPpSQGAFssaVytxIJPF2AESUohD/OdvpwQ+sRwm8/mm1/8iUgNjYch0xl80GYtoUysTkGohhtDktGcEN3ho+Dsq8Z2ei+LTH6ulq2tkPvxVSGw9KoN5OP20nCfehRSIy5WPxTuFm8ws76DjNs1xoTDdkVGW/8QOTgvutLLc1axd6HKmELLNQWUEOXNAxK+1Sf8YMPRGH1bp+ozXrGAJc/71OXhk5QISS3ikUT0RephMJY/PbG7E4DnvIGI82+InUCTT/YvFZM7xWIrwWDKJIcY5/+CI7Sos6+JiFj0doyh+sK0Muu3IZgBwmXdA6r7qWeI94+j2FUpWB7fUTCHzOQLotR2U62gxj0h8fiiqviznPcaLbnnH+e+pSOvTY4F8vgQw256O41QgxhRxHL4rLlvC5PwJ8Im1Pcgj224myQZVyK/2SX3eEfKXaQEn+vMDUTYdWhpOcPU1NVK8H1GG6/Srs2oEcaqQm7Mv6VQKSe5R7XWs3GCuwMQmkac7QoIG8VG48QvqEgBzyvS+ivUapW8h1pg9yqYNPzVwh8RTv3Tyl0wP0DIExN8AZX85CZv/k9v3QqHku5MgHh6Me6DnXKmr6F8a3XOEJJfHau+Rm/C6ENFG2aijaqKK5BQ==\n\ncontent-length;content-type;host;x-amz-date;x-amz-security-token\n82d7b00fc60e9684db97202b877091a3836e091224a5a8bf4567080e104e4459'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20160503T121516Z\n20160503/us-east-1/execute-api/aws4_request\nd6d9d29069c6575ec4510dfab1268f2ba1697a876a660c4564fe8398674f3c97'\n"}

Any comments ?

[esumit]

May you please provide any comment on this question ?, I am still stuck on this issue.

[esumit]

How I solved above problem -

Based on the documentation, you would have followed to configure an IAM Role with following stuff (Amazon Cognito Identity,Amazon DynamoDB,AWS Lambda,Amazon CloudWatch Logs).

Say you would have given the name to this 'PetRole'.

Go to the Swagger.Yaml file, and add this ARN of 'PetRole'. to credentials of x-amazon-apigateway-integration for all paths ( Its documentation says to add ARN of 'PetRole'. to credentials of only /users and /login, but I add this to others as well, e.g. for /pets and then it worked )

[ergind]

@esumit I think what you did is wrong. You supposed to use the user's identity acquired by the login call. Using PetRole in credentials simply makes all endpoints public. Anyone can access them.