This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Community will be in read-only from July 16 - July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

AWS SNS signature verification

Posted on 05-26-2021 10:45 AM
agupta267
New Member
Reply posted on --/--/---- --:-- AM

Hi,

I am creating a proxy which will act as AWS SNS Subscriber. I need to verify the signature, before processing the request. Has anyone worked on similar requirement before and provide some help on how we can achieve this in apigee.

Sample Request Message - 

POST / HTTP/1.1
    x-amz-sns-message-type: Notification
    x-amz-sns-message-id: 22b80b92-fdea-4c2c-8f9d-bdfb0c7bf324
    x-amz-sns-topic-arn: arn:aws:sns:us-west-2:123456789012:MyTopic
    x-amz-sns-subscription-arn: arn:aws:sns:us-west-2:123456789012:MyTopic:c9135db0-26c4-47ec-8998-413945fb5a96
    Content-Length: 773
    Content-Type: text/plain; charset=UTF-8
    Host: example.com
    Connection: Keep-Alive
    User-Agent: Amazon Simple Notification Service Agent
    
{
  "Type" : "Notification",
  "MessageId" : "22b80b92-fdea-4c2c-8f9d-bdfb0c7bf324",
  "TopicArn" : "arn:aws:sns:us-west-2:123456789012:MyTopic",
  "Subject" : "My First Message",
  "Message" : "Hello world!",
  "Timestamp" : "2012-05-02T00:54:06.655Z",
  "SignatureVersion" : "1",
  "Signature" : "EXAMPLEw6JRN...",
  "SigningCertURL" : "https://sns.us-west-2.amazonaws.com/SimpleNotificationService-f3ecfb7224c7233fe7bb5f59f96de52f.pem",
  "UnsubscribeURL" : "https://sns.us-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-west-2:123456789012:MyTopic:c9135db0-26c4-47ec-8998-413945fb5a96"
}

Thanks.

@Dino-at-Google

Solved Solved
0 7 1,971
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

I think you could do this pretty easily in a Java callout, starting from the documentation from AWS describing how to verify a signature on an SNS message.

I can put that together (example repo), but I don't have a good way to test that the code I have is working. If you gave me a couple test messages I could test it to verify that it is working.

View solution in original post

Jump to Solution
7 REPLIES 7
Top Solution Authors
View all