When you send an HTTP API request to the Simple Message Queue (formerly MNS) server, the signature in the Authorization header must match the one calculated by the server. A mismatch causes the 403 SignatureDoesNotMatch error.
Issue
The 403 SignatureDoesNotMatch error occurs when you call an SMQ API operation.
Cause
Every HTTP API request to the SMQ server must include a signature in the Authorization header. If the signature does not match the one calculated by the server, the request is rejected with the 403 SignatureDoesNotMatch error.
Solution
Perform the following steps to troubleshoot this issue:
-
Verify that the request URL is valid. For more information, see API request structure.
-
Verify that the AccessKey ID and AccessKey secret are correct. You can manage your AccessKey pair in the Alibaba Cloud Management Console.
-
Use Sign requests to verify the signature that is generated.
-
Verify that the request parameters meet the specifications. The following are common errors. For more information, see Sign requests.
-
The API version is invalid. For the latest API version, see Request structure.
-
The format of the date is invalid.
-
A header that starts with
x-mns-does not meet the specifications.
-
References
The following example shows how to calculate a signature:
-
Sample HTTP header:
GET /MyQueue HTTP/1.1 Host: 1xxxx0.mns.cn-hangzhou.aliyuncs.com Date: Thu, 09 Jul 2015 03:01:34 GMT x-mns-version:2015-06-06 -
Sample string-to-sign:
GET (Line feed) (Line feed) Thu, 09 Jul 2015 03:01:34 GMT x-mns-version:2015-06-06 /MyQueue -
If the AccessKey ID is
TestAccessIDand the AccessKey secret isTestAccessSecret, the system calculates a signature by using an encryption algorithm based on these values and the string-to-sign.