Webhook authentication error with signed upload urls


I’m following the direction here to create an endpoint on my nodejs server so the cloudflare stream can notify it when a video is ready to be streamed. When I use a normal s3 URL like https://my-public-bucket.s3-us-west-1.amazonaws.com/test%25.m4v, the request is successfully authenticated.

But when I use a signed url (GET operation) like https://my-public-bucket.s3.us-west-1.amazonaws.com/test%25.m4v?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIA2RDPL7VRN6B7LQBC%2F20210329%2Fus-west-1%2Fs3%2Faws4_request&X-Amz-Date=20210329T173304Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=c86aa10860df3f0c67ed03d396f37741924de0cbdb5ef66fe19d314282c8794f (necessary for production), the signatures don’t match and the authentication fails.

The only difference between the two steps is the url, and I’m pretty stumped on why this is happening.


I work on the Stream team. Can you share how you are determining if the signature is not matching? Also, would you be able to share a working S3 signed url, ideally with a long expiration, so I can run tests on our side? My email is my firstname at Cloudflare.com

1 Like