Authenticate with AWS Signature authentication workflow in Postman

AWS Signature is the authorization workflow for Amazon Web Services requests. AWS uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication.

The official AWS Signature documentation provides more detail:

• Signing and Authenticating REST Requests
• Use Postman to Call an API

To use AWS Signature, do the following:

1. In the Authorization tab for a request, select AWS Signature from the Type dropdown list.

2. Select the location where Postman will append your AWS auth details using the Add authorization data to dropdown list, choosing the request headers or URL.

   • If you select Request Headers, Postman will add Authorization and X-Amz- prefixed fields in the Headers tab.
   • If you select Request URL, Postman will add the auth details in Params with keys prefixed X-Amz-.

3. Enter your access key and secret values directly in the fields. For extra security, you can use secret variables for these values.

4. You can optionally set advanced fields, but Postman will autogenerate these if necessary.

The AWS Signature parameters are as follows:

• AWS Region - The region receiving the request (defaults to us-east-1).
• Service Name - The service receiving the request.
• Session Token - Required only when using temporary security credentials.