.\" generated by cd2nroff 0.1 from CURLOPT_AWS_SIGV4.md .TH CURLOPT_AWS_SIGV4 3 "March 22 2024" libcurl .SH NAME CURLOPT_AWS_SIGV4 \- V4 signature .SH SYNOPSIS .nf #include CURLcode curl_easy_setopt(CURL *handle, CURLOPT_AWS_SIGV4, char *param); .fi .SH DESCRIPTION Provides AWS V4 signature authentication on HTTP(S) header. Pass a char pointer that is the collection of specific arguments are used for creating outgoing authentication headers. The format of the \fIparam\fP option is: .IP provider1[:provider2[:region[:service]]] .IP "provider1, provider2" The providers arguments are used for generating some authentication parameters such as "Algorithm", "date", "request type" and "signed headers". .IP region The argument is a geographic area of a resources collection. It is extracted from the hostname specified in the URL if omitted. .IP service The argument is a function provided by a cloud. It is extracted from the hostname specified in the URL if omitted. NOTE: This call set \fICURLOPT_HTTPAUTH(3)\fP to CURLAUTH_AWS_SIGV4. Calling \fICURLOPT_HTTPAUTH(3)\fP with CURLAUTH_AWS_SIGV4 is the same as calling this with \fB"aws:amz"\fP in parameter. Example with "Test:Try", when curl uses the algorithm, it generates \fB"TEST\-HMAC\-SHA256"\fP for "Algorithm", \fB"x\-try\-date"\fP and \fB"X\-Try\-Date"\fP for "date", \fB"test4_request"\fP for "request type", \fB"SignedHeaders=content\-type;host;x\-try\-date"\fP for "signed headers" If you use just "test", instead of "test:try", test is used for every generated string. .SH DEFAULT By default, the value of this parameter is NULL. Calling \fICURLOPT_HTTPAUTH(3)\fP with CURLAUTH_AWS_SIGV4 is the same as calling this with \fB"aws:amz"\fP in parameter. .SH PROTOCOLS HTTP .SH EXAMPLE .nf int main(void) { CURL *curl = curl_easy_init(); if(curl) { curl_easy_setopt(curl, CURLOPT_URL, "https://service.region.example.com/uri"); curl_easy_setopt(curl, CURLOPT_AWS_SIGV4, "provider1:provider2"); /* service and region can also be set in CURLOPT_AWS_SIGV4 */ curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/uri"); curl_easy_setopt(curl, CURLOPT_AWS_SIGV4, "provider1:provider2:region:service"); curl_easy_setopt(curl, CURLOPT_USERPWD, "MY_ACCESS_KEY:MY_SECRET_KEY"); curl_easy_perform(curl); } } .fi .SH AVAILABILITY Added in 7.75.0 .SH RETURN VALUE Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. .SH NOTES This option overrides the other auth types you might have set in \fICURLOPT_HTTPAUTH(3)\fP which should be highlighted as this makes this auth method special. This method cannot be combined with other auth types. A sha256 checksum of the request payload is used as input to the signature calculation. For POST requests, this is a checksum of the provided \fICURLOPT_POSTFIELDS(3)\fP. Otherwise, it is the checksum of an empty buffer. For requests like PUT, you can provide your own checksum in an HTTP header named \fBx\-provider2\-content\-sha256\fP. For \fBaws:s3\fP, a \fBx\-amz\-content\-sha256\fP header is added to every request if not already present. For s3 requests with unknown payload, this header takes the special value "UNSIGNED\-PAYLOAD". .SH SEE ALSO .BR CURLOPT_HEADEROPT (3), .BR CURLOPT_HTTPAUTH (3), .BR CURLOPT_HTTPHEADER (3), .BR CURLOPT_PROXYAUTH (3)