{"id":5713,"library":"requests-sigv4","title":"requests-sigv4","description":"requests-sigv4 is a Python library designed to provide AWS Signature Version 4 (SigV4) authentication for the popular `requests` library. It enables users to make signed requests to AWS API endpoints, which is crucial for interacting with many AWS services. The library is currently at version 0.1.6 and was last updated in June 2022. Due to the lack of available documentation or an active source repository, its exact release cadence is unknown, but it appears to be a stable utility.","status":"maintenance","version":"0.1.6","language":"en","source_language":"en","source_url":"https://github.com/cleardataeng/requests-sigv4","tags":["aws","sigv4","authentication","requests","api-gateway","security"],"install":[{"cmd":"pip install requests-sigv4","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core HTTP library that requests-sigv4 extends for authentication.","package":"requests","optional":false}],"imports":[{"note":"This import path is inferred based on common patterns for 'requests' authentication handlers and cannot be definitively confirmed due to the lack of official documentation for this specific library.","symbol":"SigV4Auth","correct":"from requests_sigv4 import SigV4Auth"}],"quickstart":{"code":"import requests\nimport os\n# This import path is inferred, verify with actual library usage if docs become available.\nfrom requests_sigv4 import SigV4Auth\n\n# AWS credentials are typically picked up from environment variables or a Boto3 session.\n# For a real application, consider using boto3.Session() for credential management.\naws_access_key_id = os.environ.get('AWS_ACCESS_KEY_ID', 'YOUR_ACCESS_KEY_ID')\naws_secret_access_key = os.environ.get('AWS_SECRET_ACCESS_KEY', 'YOUR_SECRET_ACCESS_KEY')\naws_session_token = os.environ.get('AWS_SESSION_TOKEN', '') # Optional for temporary credentials\n\n# Replace with your AWS service and region\nSERVICE = 'execute-api'\nREGION = 'us-east-1'\nAPI_ENDPOINT = 'https://your-api-gateway-id.execute-api.us-east-1.amazonaws.com/prod/myresource'\n\n# Initialize the SigV4Auth handler\n# The constructor signature for this library is inferred and may vary.\n# Assuming a similar interface to other SigV4 auth libraries for requests.\n# You might need to pass AWS credentials explicitly or ensure they are in env vars.\nauth = SigV4Auth(\n    service=SERVICE,\n    region=REGION,\n    aws_access_key_id=aws_access_key_id,\n    aws_secret_access_key=aws_secret_access_key,\n    aws_session_token=aws_session_token\n)\n\ntry:\n    session = requests.Session()\n    session.auth = auth\n    response = session.get(API_ENDPOINT)\n    response.raise_for_status() # Raise an exception for HTTP errors\n    print(f\"Success! Status Code: {response.status_code}\")\n    print(f\"Response Body: {response.text}\")\nexcept requests.exceptions.RequestException as e:\n    print(f\"Request failed: {e}\")\n    if hasattr(e, 'response') and e.response is not None:\n        print(f\"Error Response Body: {e.response.text}\")\n","lang":"python","description":"This quickstart demonstrates how to set up `requests-sigv4` to sign an HTTP GET request to an AWS API Gateway endpoint. It assumes AWS credentials are available via environment variables or explicitly passed. The specific constructor signature for `SigV4Auth` is inferred based on common patterns in similar libraries due to a lack of direct documentation for this package. Users should adapt the `SERVICE`, `REGION`, and `API_ENDPOINT` to their specific AWS setup. Authentication details like `aws_access_key_id`, `aws_secret_access_key`, and `aws_session_token` are retrieved from environment variables for security and flexibility. The example uses a `requests.Session` for persistent configuration."},"warnings":[{"fix":"Refer to the source code if it becomes available, or consider using alternative, well-documented SigV4 libraries for 'requests' (e.g., `requests-aws4auth`, `requests-iamauth`, `aws-requests-auth`) for production environments. Thorough testing with this specific library is essential.","message":"The documentation for `requests-sigv4` (cleardataeng/requests-sigv4) is currently unavailable, with an empty GitHub repository. This means import paths, constructor signatures, and specific usage details are largely inferred from common patterns in similar libraries. Direct verification of this library's API is not possible without its source or documentation.","severity":"gotcha","affected_versions":"0.1.6"},{"fix":"Ensure all required headers (e.g., `Host`, `x-amz-date`) are correctly set. For POST requests, ensure `x-amz-content-sha256` header is included, especially if the body is empty or a hash of the empty string. Debugging AWS SigV4 often involves comparing the canonical request and string-to-sign with AWS documentation or sample implementations.","message":"AWS Signature Version 4 is sensitive to request details, including headers, query parameters, and body. Any mismatch between the client's calculated signature and AWS's server-side calculation will result in a 401 Unauthorized or 403 Forbidden error. Pay close attention to canonical request construction, especially date headers (x-amz-date) and host headers.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Verify that your AWS credentials are correct and not expired. Ensure the IAM user or role associated with the credentials has the necessary policies attached (e.g., `execute-api:Invoke` for API Gateway). When using temporary credentials, make sure `AWS_SESSION_TOKEN` is also provided if applicable.","message":"AWS credentials (Access Key ID, Secret Access Key, Session Token) must be valid and have appropriate IAM permissions for the target AWS service and action. Using temporary credentials (with a session token) is recommended over long-lived access keys.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-11T00:00:00.000Z","next_check":"2026-07-10T00:00:00.000Z"}