Skip to content
A Paw Extension to compute authentication signatures for AWS API access.
JavaScript Makefile
Branch: master
Clone or download
This branch is 25 commits ahead of luckymarmot:master.

Latest commit

Fetching latest commit…
Cannot retrieve the latest commit at this time.


Type Name Latest commit message Commit time
Failed to load latest commit information.

AWS Signature 4 Auth Dynamic Value (Paw Extension)

A Paw Extension to compute AWS Signature version 4 authentication signatures for the accessing the main AWS services including REST APIs build using AWS API Gateway that are protected using IAM.



To support AWS Signature 4 authentication please follow these steps:

  • Install this extension. For now, you should install by using the Makefile (see Development section below).
  • Add a header Authorization and set the value to this extension (start typing "AWS" and select AWS Signature 4).
  • Enter your credentials by clicking on the dynamic value extension. The AWS Access and Secret keys are required. If you leave the other fields blank they will use defaults.
  • Add a second header X-Amz-Date. Set the value to custom timestamp (start typing "timestamp" and select any of the timestamp options).
  • Enter a custom timestamp format by clicking on the dynamic value extension, and selecting Custom formatting from the format. Enter the value %G%m%dT%H%M%SZ for the format. Make sure Now is checked, delta is 0, and local time is unchecked. AWS requires the time be within a few seconds of server time in UTC (not local time).

If you don't have something to test against, follow the Getting Started guide for the API Gateway service to create a basic "hello world" API. Make sure that the API is protected by IAM security by choosing "authorization type" of AWS IAM in the console when configuring the method.

This extension is being developed primarily to test in-house API Gateway REST APIs. However, AWS Signature 4 is used to protect all of the standard AWS service endpoints. By ensuring you have the correct aws service setting for the extension you can manually call any of the AWS service endpoints using Paw.

Note: if you are a user of STS temporary credentials, you will also need a header X-Amz-Security-Token with your session token.


  • Freeze dynamic values to obtain X-Amz-Date as generated and sent to client
  • Need binary version of HMAC SHA256 crypto function. Currently using CryptJS which is fairly slow.


Edit source javascript file and run the following to install in Paw.

make install


This Paw Extension is released under the MIT License. Feel free to fork, and modify!


See Contributors.

You can’t perform that action at this time.