我正在尝试签署 AWS API 请求,然后使用 cURL。
目的是将跟踪号码提交给服务提供商的 API,并使用响应。
我对 AWS API 完全是个菜鸟,经过多次测试后找不到我的错误。
我尝试了很多方法,但都导致{"message":"Forbidden"}
.
这是我当前的脚本:
<?php
$accessKeyId = "AKIA55D**********";
$secretAccessKey = "NQ0xcl**********";
$method ='GET';
$uri = '/tracking/shipments';
$secretKey = $secretAccessKey;
$access_key = $accessKeyId;
$region = 'af-south-1';
$service = 'execute-api';
$host = "https://api.shiplogic.com";
$alg = 'sha256';
$date = new DateTime('Africa/Johannesburg');
$dd = $date->format( 'Ymd\THis\Z' );
$amzdate2 = new DateTime( 'Africa/Johannesburg' );
$amzdate2 = $amzdate2->format( 'Ymd' );
$amzdate = $dd;
$algorithm = 'AWS4-HMAC-SHA256';
$canonical_uri = $uri;
$canonical_querystring = '';
$canonical_headers = "host:".$host."\n"."x-amz-date:".$amzdate."\n";
$signed_headers = 'host;x-amz-date';
$canonical_request = "".$method."\n".$canonical_uri."\n".$canonical_querystring."\n".$canonical_headers."\n".$signed_headers;
$credential_scope = $amzdate2 . '/' . $region . '/' . $service . '/' . 'aws4_request';
$string_to_sign = "".$algorithm."\n".$amzdate ."\n".$credential_scope."\n".hash('sha256', $canonical_request)."";
//string_to_sign is the answer..hash('sha256', $canonical_request)//
$kSecret = 'AWS4' . $secretKey;
$kDate = hash_hmac( $alg, $amzdate2, $kSecret, true );
$kRegion = hash_hmac( $alg, $region, $kDate, true );
$kService = hash_hmac( $alg, $service, $kRegion, true );
$kSigning = hash_hmac( $alg, 'aws4_request', $kService, true );
$signature = hash_hmac( $alg, $string_to_sign, $kSigning );
$authorization_header = $algorithm . ' ' . 'Credential=' . $access_key . '/' . $credential_scope . ', ' . 'SignedHeaders=' . $signed_headers . ', ' . 'Signature=' . $signature;
$headers = [
'content-type'=>'application/json',
'x-amz-date'=>$amzdate,
'Authorization'=>$authorization_header];
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => 'https://api.shiplogic.com/tracking/shipments?tracking_reference=M3RPH',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'GET',
CURLOPT_HTTPHEADER => array(
'X-Amz-Date: '.$amzdate.'',
'Authorization: ' . $authorization_header . ''
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
我收到的回复是{"message":"Forbidden"}
我究竟做错了什么?