Why Don't the Signatures Match?

The following error is reported during an OBS API call.

Status code: 403 Forbidden

Error code: SignatureDoesNotMatch

Error message: The request signature we calculated does not match the signature you provided. Check your key and signing method.

The provided signature does not match the signature calculated by the system.

Check the endpoint.
Check the endpoint if you are using the OBS SDK.

Ensure that the entered endpoint is correct. If the endpoint is set to a bucket domain name that consists of a bucket name and an endpoint, a signature mismatch error will also be reported.
Check the AK and SK.
Ensure that the AK and SK you entered are correct, so they can match those used in the request.
Check HTTP-Verb.
Ensure that the HTTP-Verb in the signature is the same as that in the request.
Check Date and Expires.
- Signature in a header: Check whether the Date in the signature is the same as that in the request header.
- Signature in a URL: Check whether the Expires in the signature is the same as that in the request URL.
Check headers.
Check Content-MD5, Content-Type, and Canonicalized Headers. If any of them are contained during signature calculation, they must be also contained in the request.

If a URL with a signature contained is used to access OBS resources through a browser, the header parameters above cannot be contained during signature calculation.
Check Canonicalized Resource.
Canonicalized Resource indicates the OBS resources that are requested. Configure this parameter based on the requirements in the API reference.

Check StringToSign.

Check whether StringToSign is constructed based on the following rules:

Signature in a header:

HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedHeaders + CanonicalizedResource

Signature in a URL:

HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Expires + "\n" + CanonicalizedHeaders + CanonicalizedResource

If a parameter is left blank, put it in a new line.