AWS Certified Developer - Associate Exam: How to Sign API Requests with POSTMAN

Signing API Requests with POSTMAN for AWS

Prev Question Next Question

Question

You are using a custom tool known as POSTMAN to make API requests to resources in AWS.

Part of the job of sending requests is to sign the request.

Which of the following would you use to sign the API requests made to AWS?

Answers

A. Your user name and password

B. A private key file

C. KMS keys

D. Access Keys.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - D.

The AWS Documentation mentions the following.

When you send HTTP requests to AWS, you sign the requests so that AWS can identify who sent them.

You sign requests with your AWS access key, which consists of an access key ID and secret access key.

Some requests do not need to be signed, such as anonymous requests to Amazon Simple Storage Service (Amazon S3) and some API operations in AWS Security Token Service (AWS STS) such as AssumeRoleWithWebIdentity.

Option A is incorrect since this is used for console-based access.

Option B is incorrect since this is used for logging onto EC2 Instances.

Option C is incorrect since this is used for encrypting data.

For more information on signing API requests, please refer to the below URL-

https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html

When making API requests to AWS, the request must be signed with a valid AWS signature. This is necessary to authenticate the request and to ensure that the request is authorized to access the requested resources. There are several options for signing API requests made to AWS, but one of the most commonly used is to use Access Keys.

Access Keys are a set of security credentials that are used to authenticate API requests to AWS. Access Keys consist of an Access Key ID and a Secret Access Key, which are used together to sign requests. When making a request, the Access Key ID is included in the request as part of the authentication process, and the Secret Access Key is used to sign the request.

To sign the request using Access Keys, you must calculate an HMAC-SHA256 signature using the Secret Access Key and a canonical string representation of the request. The resulting signature is then included in the Authorization header of the request.

In summary, to sign API requests made to AWS using POSTMAN, you would use Access Keys as the authentication mechanism. You would then calculate the HMAC-SHA256 signature using the Secret Access Key and a canonical string representation of the request, and include the resulting signature in the Authorization header of the request.

Prev Question Next Question