Authenticate with AWS Signature authentication workflow in Postman
AWS Signature is the authorization workflow for Amazon Web Services requests. AWS uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication.
The official AWS Signature documentation provides more detail:
To use AWS Signature, do the following:
-
In the Authorization tab for a request, select AWS Signature from the Auth Type dropdown list.
-
Select the location where Postman will append your AWS auth details using the Add authorization data to dropdown list. Select Request Headers or Request URL.
- If you select Request Headers, Postman adds
AuthorizationandX-Amz-prefixed fields in the Headers tab. - If you select Request URL, Postman adds the auth details in Params with keys prefixed
X-Amz-.
- If you select Request Headers, Postman adds
-
Enter your AccessKey and SecretKey values. For extra security, use your Postman Vault to store sensitive data as vault secrets.
-
You can optionally set advanced fields in the Advanced configuration section, but Postman generates these automatically if necessary.
The AWS Signature parameters are as follows:
- AWS Region - The region receiving the request (defaults to
us-east-1). - Service Name - The service receiving the request.
- Session Token - Required only when using temporary security credentials.