Impossible to verify signature v2 with AWS API Gateway
lösung
Hi,
Unfortnatly API gateway normalises the URL before it hits the lamba function, so the query params are in the wrong order. This makes it impossible to match against the actual URL.
Is there a specific ordering of the URL that we can rely on? I don't mind hard coding, just need to make sure it doesn't change otherwise everything will break.
For example, if you order alphabetically the params before sending, it would at least allow us to deterministically re-construct the URL 😞
Impossible to verify signature v2 with AWS API Gateway
lösung
Hi,
Just wondering if we've had any updates on this? It really isn't ideal to not verify, and we also can't even compute all permuations because we have to replicate the parsing and encoding logic on our side, which is constatly breaking our customers integrations when we run into edge cases.