How to authorize to the Storj gateway MT instance?

test · February 26, 2021, 3:39pm

Hi

I am trying to integrate Storj gateway MT instance to a third party service.
That service allows authentication to any API based web service through its API endpoint & other credentials.

So, how may I achieve that?

Ultimately, at the end, a URL needs to be hit such as:
https://gateway.tardigradeshare.io/<some_endpoint_function>

Just guessing that it may include some authentication header key-value pairs like:
<some_keyname_for_serialized_access_grant> : <value_of_my_serialized_access_grant>
<some_keyname_for_access_key> : <value_of_my_access_key>
<some_keyname_for_secret key> : <value_of_my_secret_key>

So my query is:
What are those actual endpoint names & the key names required for authenticate/list/get/post functionalities with Storj gateway S3-compatible MT instance?

Further, which type of authentication do we need to use for HTTP API requests?
i.e. API-key based, OAuthv2, digest based, etc etc

Am I missing something here? Or any other thing needed to be taken care of?

Kindly help
Thanks

jtolio · February 26, 2021, 5:20pm

Hello!

https://gateway.tardigradeshare.io is an S3 compatible Gateway, and understands much of the S3 API. As a result, we haven’t spent a lot of time duplicating the S3 API documentation!

Please see the S3 API documentation for an explanation of endpoints and authorization. When you register with our gateway (either via the web interface or the uplink CLI), you should get back a specific S3 API compatible Access Key and Secret Key, and you can use those exactly like you would if you were talking to S3 directly (but to our Gateway instead).

Here’s example documentation for how to get an object (with example HTTP requests) against the S3 API.

Toyoo · February 26, 2021, 6:54pm

If so, is it documented which specific parts of API are missing?

jtolio · February 26, 2021, 6:58pm

Not yet, largely because we are working to fill in gaps. If you have an account on our beta satellite us2.tardigrade.io, most of the multipart features work, but that isn’t currently true of the other Satellites.

Please let us know what feature you need if you find a gap.

test · March 1, 2021, 6:42am

Hi

The AWS docs are extremely confusing for me. I mean I am totally clueless there.

Kindly provide some example or sample instructions, so that I may test the same through Postman GUI etc.

Examples which I tried through Postman:

URL: https://gateway.tardigradeshare.io
Request type: GET
Authorization Type: AWS Signature
In Authorization tab, I entered my AccessKey & SecretKey

On hitting the request, I got the response

`AuthorizationParametersError` Error parsing the Credential/X-Amz-Credential parameter; incorrect service. This endpoint belongs to "s3"./<some_string>

I repeated 1) but with URL https://s3-us-central-1.gateway.tardigradeshare.io
Still same error as 1

Kindly also provide some document for endpoint strings to be appended at URL end for the various functionalities.

Thanks

test · March 1, 2021, 6:43am

I am unable to get to that starting point, that’s why asking for some easy to understand guidance doc or link

Thanks

Alexey · March 1, 2021, 8:29am

You need to specify path to the object to get it, i.e. https://gateway.tardigrade.io/yourbucketname/path/to/the/object/index.htm
And authentication with REST is not simple: https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html

Maybe it’s more easy to use Tardigrade directly with existing bindings:

jtolio · March 1, 2021, 4:11pm

Instead of using Postman, you should consider using an existing S3 client library. S3’s API isn’t particularly REST friendly. If you do want to write your own library for the S3 protocol, you will at very least need to implement the AWS v4 signature format: https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html