All Products
Document Center

API Gateway:Invalid signature

Last Updated:Dec 01, 2017

Cause of error

The signature at the client does not match the signature at the server.


When the signatures do not match, the gateway returns the StringToSign of the server signature through an X-Ca-Error-Message in the HTTP Response Header.

StringToSign is a string added before your request and used for signature computing. For more information, see Request Signature Instructions.

StringToSign added locally at the client needs to be printed and checked for any differences. If the call demo provided by Alibaba Cloud is used, you can find the StringToSign before signature computing in the signature computing tools. Print this and check for any discrepancies.

Linefeed is not allowed in the HTTP Response Header, and linefeeds in StringToSign in the returned results are omitted. Compare the returned StringToSign with that in the reference documentation.

If StringToSigns at the server and client are consistent, check whether the AppKey and AppSecret used are correct. Particularly, check whether any spaces or other characters, that are not easily identifiable, have been added.