I am using Amazon SES to try and send emails via a HTTP Post such as:
https://email.us-east-1.amazonaws.com/?Action=SendEmail&Source=user%40example.com&Destination.ToAddresses.member.1=allan%40example.com&Message.Subject.Data=This%20is%20the%20subject%20line.&Message.Body.Text.Data=Hello.%20I%20hope%20you%20are%20having%20a%20good%20day.
However in the HTTP Header it asks for X-Amzn-Authorization which consists of:
X-Amzn-Authorization: AWS3-HTTPS AWSAccessKeyId=<Your AWS Access Key ID>, Algorithm=HmacSHA256, Signature=<Signature>
I was wondering how to calculate the signature? Is it simply my Secret Access Key?
A shown here on the Amazon Documentation Site.
NO - Your secret Access key is secret for a reason. Never pass it over the wire or you'll give any one who sniffs it full access to your AWS Account - they could use it to shutdown all your insances, delete entire S3 Buckets - everything.
The signature is a "Signed request". you take the content of the request and create a Keyed-Hashing for Message Authentication code (HMAC) hash using your secret as the hash key. Since your secret key is only known to You and Amazon, When amazon receives the request they will also take the contents of your request and hash it based on your secret key - if they get the same hash as your signed request then they know the request was not tampered with. If they are different, then the request may have been maliciously tampered with or compromised so they will reject it.
More details here: https://www.jokecamp.com/blog/examples-of-creating-base64-hashes-using-hmac-sha256-in-different-languages/
Including code for calculating the HMAC.