AWS SigV4
AWS APIs require requests to be signed with Signature Version 4 (SigV4). Vegha computes the signature for you when you select AWS SigV4 in the Authorization tab.
Configuration fields
Section titled “Configuration fields”| Field | Description |
|---|---|
| Access Key ID | Your AWS access key identifier |
| Secret Access Key | The secret paired with the access key |
| Session Token | Optional — required only for temporary (STS) credentials |
| Region | The AWS region of the service, for example us-east-1 |
| Service | The AWS service name, for example s3 or execute-api |
Vegha uses these values to derive a signing key and add the Authorization header (plus the required X-Amz-* headers) at send time.
Choosing the region and service
Section titled “Choosing the region and service”The region and service must match the endpoint you are calling. For Amazon API Gateway the service is execute-api; for Amazon S3 it is s3. Using the wrong region or service produces a signature-mismatch error from AWS.
Temporary credentials
Section titled “Temporary credentials”If you are using temporary credentials from AWS STS — for example from an assumed role — supply the Session Token field as well as the access key and secret. Leave it blank for long-lived IAM user keys.
Using variables and secret managers
Section titled “Using variables and secret managers”All fields accept {{variable}} interpolation, so you can keep credentials in an environment and switch them per account:
Access Key ID: {{aws_access_key_id}}Secret Access Key: {{aws_secret_access_key}}Region: {{aws_region}}Service: execute-apiFor the secret access key, prefer a secret:// reference so the real value is resolved at send time and never written to your .bru files:
Secret Access Key: secret://aws-secrets-manager/dev/api#aws-secretSee Secret variables and the Secret managers overview.