Amazon SNS

Has anyone successfully used Amazon SNS services from an Agent? Pulling my hair out without success. Keep getting a “signature does not match” error. This despite verifying the obvious stuff like Access ID key, Secret Key, HMAC implementation, URL Encoding and byte order. Here’s the code I’m using. I have another variant that uses GET instead of POST but the result is the same. The only input amazon tech support could offer was to make sure the byte order is correct and matches the request. As far as I can see it does.


const AWS_URL = “”;
const AWS_PARN = “arn:aws:sns:us-west-2:471814202198:app/APNS_SANDBOX/PushChat”;

function encodeString(str) {
return http.urlencode({s=str}).slice(2);

function registerDeviceToken(sToken) {

local awsParn = encodeString(AWS_PARN);
local token = sToken;
local action = "CreatePlatformEndpoint";

local impDateTime = date(time(),"u");
local timestamp = "" + impDateTime.year + "-"
+ format("%02d",impDateTime.month+1) + "-"
+ format("%02d", + "T"
+ format("%02d", impDateTime.hour) + "%3A"
+ format("%02d", impDateTime.min)  + "%3A"
+ format("%02d", impDateTime.sec) + ".330Z";

server.log("Timestamp: " + timestamp);

// We create the string to sign
local stringToSign = "POST\

+ “

+ “/

+ “&Action=CreatePlatformEndpoint”
+ “AWSAccessKeyId=” + AWS_KEY
+ “&SignatureMethod=HmacSHA256”
+ “&SignatureVersion=2”
+ “&Timestamp=” + timestamp
+ “&Version=2010-03-31”;

server.log("String to sign: " + stringToSign);

local sHash = http.hash.hmacsha256(stringToSign, AWS_SECRET);

local sBase64 = http.base64encode(sHash);
local sSecret = encodeString(sBase64);
server.log("Secret: " + sBase64 );

// Now finally we send this to the SNS API 
local req =""
+ "PlatformApplicationArn=" + awsParn
+ "&Action=CreatePlatformEndpoint"
+ "&AWSAccessKeyId=" + AWS_KEY
+ "&SignatureMethod=HmacSHA256"
+ "&SignatureVersion=2"
+ "&Token=" + token
+ "&Signature=" + sSecret
+ "&Timestamp=" + timestamp
+ "&Version=2010-03-31", { "Content-Type": "application/x-www-form-urlencoded; charset=utf-8" },"");

local resp = req.sendsync();
local status = resp.statuscode;
server.log("Resp Status: " + resp.statuscode);
server.log("Result Body: " + resp.body);

return status;



The response is always

Sender `SignatureDoesNotMatch` The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. 16ef2d4e-997c-5897-96bb-663ab1d0a707

Amazon SNS looks like a great service to push notifications to phones in a OS platform independent way (handles iOS, Droid and MIcrosoft notification services) and is free for up to 1,000,000 messages per month which makes it very attractive. Now, if I could only get it working!

Hi deonsmt ,
Did you ever get your code working?

I’ve had similar problems in different environments and have found that the order of the parameters in the string to sign is very important.