Chapter 3If you want to read more about this topic, Roy Fielding's dissertation
is available here http://ics.uci.edu/~fielding/pubs/
dissertation, and one of the original books that promoted the concept,
and is a great read, RESTful Web Services by Leonard Richardson and
Sam Ruby, is now available for free download from this page http://
restfulwebapis.org/rws.html.Registering with AWS
Before we can access S3, we need to register with AWS. It is the norm for APIs to
require registration before allowing access to their features. You can use either an
existing Amazon account or create a new one at http://www.amazonaws.com.
Although S3 is ultimately a paid-for service, if you are using AWS for the first time,
then you will get a year's free trial for low-volume use. A year is plenty of time for
finishing this chapter! The trial provides 5GB of free S3 storage.
Authentication
Next, we need to discuss authentication, which is an important topic of discussion
when using many web APIs. Most web APIs we use will specify a way for supplying
authentication credentials that allow requests to be made to them, and typically
every HTTP request we make must include authentication information.
APIs require this information for the following reasons:
- To ensure that others can't abuse your application's access permissions
- To apply per-application rate limiting
- To manage delegation of access rights, so that an application can act on the
behalf of other users of a service or other services - Collection of usage statistics
All of the AWS services use an HTTP request signing mechanism for authentication.
To sign a request, we hash and sign unique data in an HTTP request using a
cryptographic key, then add the signature to the request as a header. By recreating
the signature on the server, AWS can ensure that the request has been sent by us,
and that it doesn't get altered in transit.