ColdStack Docs
  • Introduction
  • ColdStack FAQ
  • Binance Smart Chain Bridge
    • Release
    • Customer Support
    • FAQ
    • Step-by-Step Guide
  • Concepts
    • Bucket versioning
    • Logging actions with a bucket
  • Tools
    • Supported tools
      • CyberDuck S3 Client
      • S3 Browser
      • AWS CLI Console client
      • SDKs for different languages
        • JavaScript SDK
        • Using extended API with JavaScript
        • AWS SDK for Java
        • Python SDK (boto)
  • S3 Compatible API
    • How to use the API
    • Signing Requests
    • API Reference
      • Bucket
        • HeadBucket
        • ListObjects/ListObjectsV2
        • PutBucketVersioning
        • PutBucketLogging
        • RenameBucket
        • GetBucketLocation
        • ListBuckets
      • Object
        • PutObject
        • GetObject
        • HeadObject
        • RenameObject
        • PutObjectAcl
      • Multipart upload
        • General multipart upload order
        • CreateMultipartUpload
        • UploadPart
        • CompleteMultipartUpload
        • ListMultipartUploads
      • Analytics
        • GetStatistics
        • GetBandwidthAnalytics
        • GetStorageAnalytics
      • Common request headers
      • Common response headers
      • Responses
Powered by GitBook
On this page
  • Generating a signing key
  • Generating a signature line
  • Signing a string with a key

Was this helpful?

  1. S3 Compatible API

Signing Requests

PreviousHow to use the APINextAPI Reference

Last updated 4 years ago

Was this helpful?

Many requests to ColdStack are authenticated on the service side and the user submitting the request must sign it.

Object Storage supports AWS Signature V4.

The signing process consists of the following stages:

  1. Generating a signing key

  2. Generating a signature line

  3. Signing a string with a key

For signing, you must use the mechanism with the hashing function . Support for the corresponding methods is available in many programming languages. The examples assume that there is a function sign(KEY, STRING)that encodes an input string with a given key.

Generating a signing key

To generate a signing key, you need to have static ColdStack access keys. For information on how to get them, contact us.

Generating a signing key:

  1. Encode date using private key:

    DateKey = sign("AWS4" + "SecretKey", "yyyymmdd")

  2. Encode the region using the key obtained in the previous step DateKey:

    RegionKey = sign(DateKey, "ru-central1")

  3. Encode the service using the key obtained in the previous step RegionKey:

    ServiceKey = sign(RegionKey, "s3")

  4. Get the signing key:

    SigningKey = sign(ServiceKey, "aws4_request")

Generating a signature line

The signature line ( StringToSign) depends on the ColdStack usage scenario:

  • Accessing an Amazon S3-compatible API without the need for an SDK or specialized utilities.

  • Signing URLs using query parameters .

Signing a string with a key

To get the signature of a string, you must use a mechanism HMACwith a hashing function SHA256, and convert the resulting result to hexadecimal representation.

signature = Hex(sign(SigningKey, StringToSign))
HMAC
SHA256