table of contents
- bookworm 7.88.1-10+deb12u8
- bookworm-backports 8.10.1-1~bpo12+1
- testing 8.10.1-2
- unstable 8.11.0-1
CURLOPT_AWS_SIGV4(3) | curl_easy_setopt options | CURLOPT_AWS_SIGV4(3) |
NAME¶
CURLOPT_AWS_SIGV4 - V4 signature
SYNOPSIS¶
#include <curl/curl.h> CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param);
DESCRIPTION¶
Provides AWS V4 signature authentication on HTTP(S) header.
Pass a char * that is the collection of specific arguments are used for creating outgoing authentication headers. The format of the param option is:
- provider1[:provider2[:region[:service]]]
- provider1, provider2
- The providers arguments are used for generating some authentication parameters such as "Algorithm", "date", "request type" and "signed headers".
- region
- The argument is a geographic area of a resources collection. It is extracted from the host name specified in the URL if omitted.
- service
- The argument is a function provided by a cloud. It is extracted from the host name specified in the URL if omitted.
NOTE: This call set CURLOPT_HTTPAUTH(3) to CURLAUTH_AWS_SIGV4. Calling CURLOPT_HTTPAUTH(3) with CURLAUTH_AWS_SIGV4 is the same as calling this with "aws:amz" in parameter.
Example with "Test:Try", when curl will do the algorithm, it will generate "TEST-HMAC-SHA256" for "Algorithm", "x-try-date" and "X-Try-Date" for "date", "test4_request" for "request type", "SignedHeaders=content-type;host;x-try-date" for "signed headers"
If you use just "test", instead of "test:try", test will be use for every strings generated
DEFAULT¶
By default, the value of this parameter is NULL. Calling CURLOPT_HTTPAUTH(3) with CURLAUTH_AWS_SIGV4 is the same as calling this with "aws:amz" in parameter.
PROTOCOLS¶
HTTP
EXAMPLE¶
CURL *curl = curl_easy_init(); struct curl_slist *list = NULL; if(curl) {
curl_easy_setopt(curl, CURLOPT_URL,
"https://service.region.example.com/uri");
curl_easy_setopt(c, CURLOPT_AWS_SIGV4, "provider1:provider2");
/* service and region also could be set in CURLOPT_AWS_SIGV4 */
/*
curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/uri");
curl_easy_setopt(c, CURLOPT_AWS_SIGV4,
"provider1:provider2:region:service");
*/
curl_easy_setopt(c, CURLOPT_USERPWD, "MY_ACCESS_KEY:MY_SECRET_KEY");
curl_easy_perform(curl); }
AVAILABILITY¶
Added in 7.75.0
RETURN VALUE¶
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
NOTES¶
This option overrides the other auth types you might have set in CURLOPT_HTTPAUTH(3) which should be highlighted as this makes this auth method special. This method cannot be combined with other auth types.
A sha256 checksum of the request payload is used as input to the signature calculation. For POST requests, this is a checksum of the provided CURLOPT_POSTFIELDS(3). Otherwise, it's the checksum of an empty buffer. For requests like PUT, you can provide your own checksum in a HTTP header named x-provider2-content-sha256.
SEE ALSO¶
January 2, 2023 | libcurl 7.88.1 |