requests-sigv4

0.1.6 · maintenance · verified Sat Apr 11

requests-sigv4 is a Python library designed to provide AWS Signature Version 4 (SigV4) authentication for the popular `requests` library. It enables users to make signed requests to AWS API endpoints, which is crucial for interacting with many AWS services. The library is currently at version 0.1.6 and was last updated in June 2022. Due to the lack of available documentation or an active source repository, its exact release cadence is unknown, but it appears to be a stable utility.

Warnings

gotcha The documentation for `requests-sigv4` (cleardataeng/requests-sigv4) is currently unavailable, with an empty GitHub repository. This means import paths, constructor signatures, and specific usage details are largely inferred from common patterns in similar libraries. Direct verification of this library's API is not possible without its source or documentation.
Fix: Refer to the source code if it becomes available, or consider using alternative, well-documented SigV4 libraries for 'requests' (e.g., `requests-aws4auth`, `requests-iamauth`, `aws-requests-auth`) for production environments. Thorough testing with this specific library is essential.
gotcha AWS Signature Version 4 is sensitive to request details, including headers, query parameters, and body. Any mismatch between the client's calculated signature and AWS's server-side calculation will result in a 401 Unauthorized or 403 Forbidden error. Pay close attention to canonical request construction, especially date headers (x-amz-date) and host headers.
Fix: Ensure all required headers (e.g., `Host`, `x-amz-date`) are correctly set. For POST requests, ensure `x-amz-content-sha256` header is included, especially if the body is empty or a hash of the empty string. Debugging AWS SigV4 often involves comparing the canonical request and string-to-sign with AWS documentation or sample implementations.
gotcha AWS credentials (Access Key ID, Secret Access Key, Session Token) must be valid and have appropriate IAM permissions for the target AWS service and action. Using temporary credentials (with a session token) is recommended over long-lived access keys.
Fix: Verify that your AWS credentials are correct and not expired. Ensure the IAM user or role associated with the credentials has the necessary policies attached (e.g., `execute-api:Invoke` for API Gateway). When using temporary credentials, make sure `AWS_SESSION_TOKEN` is also provided if applicable.

Install

pip install requests-sigv4 Install stable version

Imports

SigV4Auth
```
from requests_sigv4 import SigV4Auth
```
This import path is inferred based on common patterns for 'requests' authentication handlers and cannot be definitively confirmed due to the lack of official documentation for this specific library.

Quickstart

This quickstart demonstrates how to set up `requests-sigv4` to sign an HTTP GET request to an AWS API Gateway endpoint. It assumes AWS credentials are available via environment variables or explicitly passed. The specific constructor signature for `SigV4Auth` is inferred based on common patterns in similar libraries due to a lack of direct documentation for this package. Users should adapt the `SERVICE`, `REGION`, and `API_ENDPOINT` to their specific AWS setup. Authentication details like `aws_access_key_id`, `aws_secret_access_key`, and `aws_session_token` are retrieved from environment variables for security and flexibility. The example uses a `requests.Session` for persistent configuration.

import requests
import os
# This import path is inferred, verify with actual library usage if docs become available.
from requests_sigv4 import SigV4Auth

# AWS credentials are typically picked up from environment variables or a Boto3 session.
# For a real application, consider using boto3.Session() for credential management.
aws_access_key_id = os.environ.get('AWS_ACCESS_KEY_ID', 'YOUR_ACCESS_KEY_ID')
aws_secret_access_key = os.environ.get('AWS_SECRET_ACCESS_KEY', 'YOUR_SECRET_ACCESS_KEY')
aws_session_token = os.environ.get('AWS_SESSION_TOKEN', '') # Optional for temporary credentials

# Replace with your AWS service and region
SERVICE = 'execute-api'
REGION = 'us-east-1'
API_ENDPOINT = 'https://your-api-gateway-id.execute-api.us-east-1.amazonaws.com/prod/myresource'

# Initialize the SigV4Auth handler
# The constructor signature for this library is inferred and may vary.
# Assuming a similar interface to other SigV4 auth libraries for requests.
# You might need to pass AWS credentials explicitly or ensure they are in env vars.
auth = SigV4Auth(
    service=SERVICE,
    region=REGION,
    aws_access_key_id=aws_access_key_id,
    aws_secret_access_key=aws_secret_access_key,
    aws_session_token=aws_session_token
)

try:
    session = requests.Session()
    session.auth = auth
    response = session.get(API_ENDPOINT)
    response.raise_for_status() # Raise an exception for HTTP errors
    print(f"Success! Status Code: {response.status_code}")
    print(f"Response Body: {response.text}")
except requests.exceptions.RequestException as e:
    print(f"Request failed: {e}")
    if hasattr(e, 'response') and e.response is not None:
        print(f"Error Response Body: {e.response.text}")

view raw JSON →