Authentication (SigV4a)
The Amazon Automotive Telematics API uses AWS Signature Version 4a (SigV4a). Requests are signed with ECDSA-P256 and support multi-region routing via a wildcard region set (*).
Signing parameters
| Parameter | Value |
|---|---|
| Algorithm | AWS4-ECDSA-P256-SHA256 |
| Service name | execute-api |
| Region set | * (required for multi-region routing) |
Java (AWS SDK v2)
byte[] payloadBytes = jsonPayload.getBytes(StandardCharsets.UTF_8);
ContentStreamProvider bodyProvider = () -> new ByteArrayInputStream(payloadBytes);
SdkHttpFullRequest request = SdkHttpFullRequest.builder()
.method(SdkHttpMethod.POST)
.uri(URI.create("https://na.telematics.transportation.amazon.dev/v2/telemetry"))
.putHeader("Content-Type", "application/json")
.contentStreamProvider(bodyProvider)
.build();
var credentials = (AwsCredentialsIdentity) DefaultCredentialsProvider.create()
.resolveIdentity().join();
var signedRequest = (SdkHttpFullRequest) AwsV4aHttpSigner.create().sign(
SignRequest.builder(credentials)
.request(request)
.payload(bodyProvider) // required — hashes body into x-amz-content-sha256
.putProperty(AwsV4aHttpSigner.SERVICE_SIGNING_NAME, "execute-api")
.putProperty(AwsV4aHttpSigner.REGION_SET, RegionSet.GLOBAL)
.build()
).request();
⚠️ .payload(bodyProvider) is required. Without it, x-amz-content-sha256 will contain the empty-string hash and the signature will be rejected with a 403.
Maven dependencies
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>http-auth-aws</artifactId>
</dependency>
<dependency>
<groupId>software.amazon.awssdk</groupId>
<artifactId>http-auth-aws-crt</artifactId>
</dependency>
<dependency>
<groupId>software.amazon.awssdk.crt</groupId>
<artifactId>aws-crt</artifactId>
<version>0.31.3</version>
</dependency>