101 lines
2.9 KiB
YAML
101 lines
2.9 KiB
YAML
AWS4-HMAC-SHA256:
|
|
type: apiKey
|
|
description: |
|
|
AWS Signature Version 4 authentication for S3 API endpoints.
|
|
|
|
## Authentication Process
|
|
1. Create a canonical request
|
|
2. Create a string to sign
|
|
3. Calculate the signature using HMAC-SHA256
|
|
4. Add the authorization header or query parameters
|
|
|
|
## Authorization Header Format
|
|
```
|
|
Authorization: AWS4-HMAC-SHA256 Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request,SignedHeaders=<SignedHeaders>,Signature=<Signature>
|
|
```
|
|
|
|
## Query String Format (for presigned URLs)
|
|
```
|
|
?X-Amz-Algorithm=AWS4-HMAC-SHA256
|
|
&X-Amz-Credential=<AccessKey>/<Date>/<Region>/s3/aws4_request
|
|
&X-Amz-Date=<Timestamp>
|
|
&X-Amz-Expires=<ExpirationTime>
|
|
&X-Amz-SignedHeaders=<SignedHeaders>
|
|
&X-Amz-Signature=<Signature>
|
|
```
|
|
|
|
## Required Headers
|
|
- `Authorization`: The calculated authorization value
|
|
- `x-amz-date`: Timestamp in ISO 8601 format (YYYYMMDDTHHMMSSZ)
|
|
- `x-amz-content-sha256`: SHA256 hash of the request payload
|
|
|
|
## Example
|
|
```
|
|
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20230115/us-east-1/s3/aws4_request,SignedHeaders=host;x-amz-date,Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024
|
|
x-amz-date: 20230115T103000Z
|
|
x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
|
|
```
|
|
name: Authorization
|
|
in: header
|
|
|
|
ApiKey:
|
|
type: apiKey
|
|
description: |
|
|
API key authentication for management console endpoints.
|
|
|
|
## Usage
|
|
Include your API key in the `X-API-Key` header for all management API requests.
|
|
|
|
## Example
|
|
```
|
|
X-API-Key: your-api-key-here
|
|
```
|
|
|
|
## Obtaining an API Key
|
|
API keys can be generated through the management console or by contacting your administrator.
|
|
|
|
## Permissions
|
|
API keys have full access to the management API and should be kept secure.
|
|
name: X-API-Key
|
|
in: header
|
|
|
|
BearerAuth:
|
|
type: http
|
|
scheme: bearer
|
|
bearerFormat: JWT
|
|
description: |
|
|
JWT Bearer token authentication (optional alternative for management API).
|
|
|
|
## Usage
|
|
Include the JWT token in the Authorization header:
|
|
```
|
|
Authorization: Bearer <jwt-token>
|
|
```
|
|
|
|
## Token Structure
|
|
The JWT token contains claims about the user's permissions and expires after a set period.
|
|
|
|
## Example
|
|
```
|
|
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
|
|
```
|
|
|
|
BasicAuth:
|
|
type: http
|
|
scheme: basic
|
|
description: |
|
|
HTTP Basic authentication (for simple setups).
|
|
|
|
## Usage
|
|
Encode username:password in Base64 and include in Authorization header:
|
|
```
|
|
Authorization: Basic <base64-encoded-credentials>
|
|
```
|
|
|
|
## Example
|
|
```
|
|
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
|
|
```
|
|
|
|
## Note
|
|
Basic auth should only be used over HTTPS in production environments. |