+ Start a Discussion

Amazon S3 API calls

I'm trying to call the Amazon S3 API from Apex, but keep getting a

System.HttpResponse[Status=Forbidden, StatusCode=403] error. 

I know my end-points, key and secret are correct - as I pasted them directly from a working Postman example.

Can anyone see issues with my code?

public  list<string> rtnBucketItems(string bucketName, string key, string secret) {
		if(bucketName==null) 	bucketName 	= '******************************';
		if(key==null) 			key 		= '******************************';
		if(secret==null)		secret		= '******************************';

		String currentTimestamp = datetime.now().formatGmt('EEE, dd MMM yyyy HH:mm:ss Z');

		list<string> bucketItems = new list<string>();

		Http http = new Http();
		HttpRequest request = new HttpRequest();
		request.setHeader('Content-Encoding', 'base64');

		// Build and set Authorization Header
		string stringToSign = 'GET\n\n\n' + currentTimestamp + '\n\n/' + bucketName;
		string stringSigned = rtnSignedString(stringToSign, secret);
		string authHeader = 'AWS' + ' ' + key + ':' + stringSigned;
		request.setHeader('Authorization', authHeader);

		HttpResponse response = http.send(request);

		return bucketItems;

	public string rtnSignedString(string inString, string secret) {
		string signedString;
		Blob mac = Crypto.generateMac('HMACSHA1',blob.valueOf(inString),blob.valueOf(secret));
		signedString = EncodingUtil.base64Encode(mac);
		return signedString;

NagendraNagendra (Salesforce Developers) 
Hi Jeffrey,

Sorry for this issue you are facing.

May I suggest you please refer to below link from the stack exchange community with a similar discussion which might help you further. Please let us know if this helps.

Kindly mark this as solved if the reply was helpful.

Yes - I had been in that thread.  And - on the origional ask - he was trying to do a GET, the only reponse he got was a sample of a PUT.  I haven't found a working example of a GET yet.  (The StringToSign changes on the GET's and the PUT's).  Plus I'm a litt confused on the AuthHeader - I'm not sure if I'm combinging the AWS, the key and signed string correctly. 

remote site added?
Yep - already been past that error.  When the remote site isn't added - I get the Remote site missing type of error.