AuthFailure AWS was not able to authenticate the request: access credentials are missing

Question

I'm trying to submit the Pay step in an Amazon Flexible Payments request...

I get the following error

AuthFailure AWS was not able to authenticate the request: access credentials are missing

However, I believe I am following the instructions to the letter:

The documentation gives the following example:

https://fps.sandbox.amazonaws.com?
Action=Pay
&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&CallerDescription=MyWish
&CallerReference=CallerReference02
&SenderTokenId=553ILMLCG6Z8J431H7BX3UMN3FFQU8VSNTSRNCTAASDJNX66LNZLKSZU3PI7TXIH
&Signature=0AgvXMwJmLxwdMaiE7lMHZxc6384h%2FjBkiTserQFpBQ%3D
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2009-10-06T05%3A49%3A52.843Z
&TransactionAmount.CurrencyCode=USD
&TransactionAmount.Value=1
&Version=2008-09-17

Here is what I generate:

https://fps.sandbox.amazonaws.com?
AWSAccessKeyId=AKIAI3...EXAMPLE
&Action=Pay
&CallerDescription=MyWebsite.com
&CallerReference=0.557658069068566
&SenderTokenId=25R743FUFUSUVPMZZ5Z83SWP1YPNX8YDPFR8XCDEMLH4L1PPMEZ65VLT8LE6UXPR
&SignatureMethod=HmacSHA256
&SignatureVersion=2&Timestamp=2013-07-06T13%3A56%3A03-07%3A00
&TransactionAmount.currencyCode=USD
&TransactionAmount.value=3
&Version=2008-09-17
&signature=9k%2B4Txi2ZzUj62QBK3TwV6x0KWfkNY9YWpqty8%2B3XKk%3D

I know that my AWS credentials are good because I have to use them in the immediately preceding step of getting the SenderTokenID. I'm just trying to finish up the transaction.

Any ideas? This has be totally baffled and has been a tragic waste of human life so far.

Answer 1

Ok, so the solution is

1) Although the opposite is documented for the antecedent step (getting a token ID), for this specific request, FPS cares about the case of the parameters - they should all be camel case.

2) I was missing a default '/' to cover the case of a blank path in my message signing function (the endpoint here has nothing after the host name)

Here's the HTTP GET that worked (obfuscating AWS credentials)

https://fps.sandbox.amazonaws.com/?AWSAccessKeyId=AKIAIEXAMPLE
&Action=Pay
&CallerDescription=MyWebsite
&CallerReference=0.7753969375044107
&SenderTokenId=25R7R3NUFBS6VPRZV5Z53AWP2YLNXAYEPFJ8BCDGMXH4V1FPMZZ95VATZLEFUCPG
&SignatureMethod=HmacSHA256
&SignatureVersion=2
&Timestamp=2013-07-06T14%3A38%3A41-07%3A00
&TransactionAmount.CurrencyCode=USD
&TransactionAmount.Value=3
&Version=2008-09-17
&Signature=Ijf0hqQuSi5zU%2BF1PUK1LBYvsK9AVHacrqK1hJVzffk%3D

And here is the message as it was actually signed with Hmac SHA256 (AWS Secret key as password):

GET
fps.sandbox.amazonaws.com
/
AWSAccessKeyId=AKIAIEXAMPLE&Action=Pay&CallerDescription=MyWebsite&CallerReference=0.7753969375044107&SenderTokenId=25R7R3NUFBS6VPRZV5Z53AWP2YLNXAYEPFJ8BCDGMXH4V1FPMZZ95VATZLEFUCPG&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2013-07-06T14%3A38%3A41-07%3A00&TransactionAmount.CurrencyCode=USD&TransactionAmount.Value=3&Version=2008-09-17