Amazon uses a RFC 2104 HMAC signature to authorize most API requests. The full details are available inĀ Amazon AWS docs.


Then when sending the request to AWS need to pass an extra header “X-Amzn-Authorization”. Full working example:

3 Comments » for Generating AWS HMAC in Nodejs
  1. Robert Griffin says:

    Isn’t this a bad idea, because your secret key will be visible in a debug console?
    If you can suitably obfuscate or encrypt the secret key then this might be acceptable, but there is a bit of calculation to be done by the client.
    If not can you tell me why it would be a good idea to do this instead of a back-end call to calculate the same value.
    Not trying to be a jerk. I am new to web development and am curious.

    • Robert says:

      The code sample is NodeJS code (Javascript on the server), so the details are never available to the client. Generally speaking, if you see require() statement, it is NodeJS code.

  2. upendra79 says:

    Thanks for sharing this- good stuff! Keep up the great work, we look forward to reading more from you in the future!

Leave a Reply

Your email address will not be published. Required fields are marked *