Signing API requests without effort.
Most API is simple. But they could be complicated when they are hidden from complex abstraction. reqsign bring the simple API back: build, sign, send.
The simplest way to use reqsign is with the default signers provided by each service:
use anyhow::Result;
use reqsign::aws;
#[tokio::main]
async fn main() -> Result<()> {
// Create a default signer for S3 in us-east-1
// This will automatically:
// - Load credentials from environment variables, config files, or IAM roles
// - Set up the default HTTP client and file reader
let signer = aws::default_signer("s3", "us-east-1");
// Build your request
let mut req = http::Request::builder()
.method("GET")
.uri("https://s3.amazonaws.com/testbucket")
.body(())
.unwrap()
.into_parts()
.0;
// Sign the request
signer.sign(&mut req, None).await?;
// Send the request with your preferred HTTP client
println!("Request has been signed!");
Ok(())
}For more control over the components, you can manually assemble the signer:
use anyhow::Result;
use reqsign::{Context, Signer};
use reqsign_aws_v4::{DefaultCredentialProvider, RequestSigner};
use reqsign_file_read_tokio::TokioFileRead;
use reqsign_http_send_reqwest::ReqwestHttpSend;
#[tokio::main]
async fn main() -> Result<()> {
// Build your own context with specific implementations
let ctx = Context::new()
.with_file_read(TokioFileRead)
.with_http_send(ReqwestHttpSend::default())
.with_env(reqsign::OsEnv);
// Configure credential provider
let credential_provider = DefaultCredentialProvider::new();
// Configure request signer for S3
let request_signer = RequestSigner::new("s3", "us-east-1");
// Assemble the signer
let signer = Signer::new(ctx, credential_provider, request_signer);
// Build and sign the request
let mut req = http::Request::builder()
.method("GET")
.uri("https://s3.amazonaws.com/testbucket")
.body(())
.unwrap()
.into_parts()
.0;
// Sign the request
signer.sign(&mut req, None).await?;
println!("Request has been signed!");
Ok(())
}You can also customize the default signers using the with_* methods:
use reqsign::aws;
use reqsign_aws_v4::StaticCredentialProvider;
// Start with default signer and customize specific components
let signer = aws::default_signer("s3", "us-east-1")
.with_credential_provider(StaticCredentialProvider::new(
"my-access-key",
"my-secret-key",
None, // Optional session token
));use reqsign::azure;
// Default signer for Azure Storage
let signer = azure::default_signer();
// With custom credentials
use reqsign_azure_storage::StaticCredentialProvider;
let signer = azure::default_signer()
.with_credential_provider(StaticCredentialProvider::new(
"account-name",
"account-key",
));use reqsign::google;
// Default signer for Google Cloud Storage
let signer = google::default_signer("storage.googleapis.com");use reqsign::aliyun;
// Default signer for Aliyun OSS
let signer = aliyun::default_signer();- Pure rust with minimal dependencies.
- Test again official SDK and services.
- Supported services
- Aliyun OSS:
reqsign-aliyun-oss - AWS services (SigV4):
reqsign-aws-v4 - Azure Storage services:
reqsign-azure-storage - Google services:
reqsign-google - Huawei Cloud OBS:
reqsign-huaweicloud-obs - Oracle Cloud:
reqsign-oracle - Tencent COS:
reqsign-tencent-cos
- Aliyun OSS:
Check out the CONTRIBUTING.md guide for more details on getting started with contributing to this project.
Submit issues for bug report or asking questions in discussion.
Inspired a lot from:
- aws-sigv4 for AWS SigV4 support.
- azure_storage_blobs for Azure Storage support.