Can AWS Auth be used with non-AWS APIs?

Hi-- we have an internal API we would like to expose to Retool. We'd prefer not to use a bearer token-- request signing would be perfect. Reading your docs, I can't tell if I can use AWS request signing for this? It kind of reads like you're going to append to the URL.

Hi @sp1ff :wave:

Happy to try and help you out here. If I'm understanding you correctly, you may be able to use AWS V4 signature to authenticate your resource requests. Check out these docs about it!

Is it possible to use a custom signature request auth?


Authorization: "APIAuth-HMAC-SHA256 123xxxxxxxxxx456:789xxxxxxxxxxxxxx101112"

Instead, Amazon Example:

Authorization: "AWS4-HMAC-SHA256 Credential=789xxxxxxxxxxxxxx101112/1234567/us-east-1//aws4_request, SignedHeaders=host;ot-baggage-requestid;user-agent;x-amz-date;x-datadog-parent-id;x-datadog-sampling-priority;x-datadog-trace-id;x-retool-forwarded-for, Signature=123xxxxxxxxxx456"

Hey @T_T!

Would you mind giving a bit more detail about how the signature is generated?

This might not be something that Retool supports at the moment, I'm curious if it would be able to sign the request in your app and pass the signature as a header. Either way, any additional context is appreciated! For a feature request, if nothing else :slightly_smiling_face: