SignatureDoesNotMatch on GET request to pre-signed URL (hellosign)

i am attempting to grab a pdf file for e-signature using pre-signed URLs. i use Amplify Storage to generate the URL. then i provide the URL to the HelloSign function to bring the file into the embedding window. i am able to open the document using window.open but this other method brings the SignatureDoesNotMatchThe request signature we calculated does not match the signature you provided. error.

The request signature we calculated does not match the signature you provided. Check your key and signing method.

key: string = 'bucketname/path/to/file.pdf'
expires: number = 60

const url = await Storage.get(key, {
  level: 'public',
  cacheControl: 'no-cache',
  signatureVersion: 'v4',
  ContentType: 'application/pdf',
  expires: 60,
  customPrefix: {
    public: '',
    protected: '',
    private: '',
  },
})

hellosign.open(url, {
  clientId,
  skipDomainVerification: true,
})

one fix i found on Github was to include the signatureVersion when initializing the S3 class instance using the SDK. i am not using the SDK however, so i tried providing it when configuring Amplify like so:

AWSS3: {
  bucket,
  region,
  signatureVersion: 'v4',
},

needless to say it did not fix the issue. i could not find any references to this in the docs, as the Amplify.configure function takes any in their docs.

i tried clicking the pre-signed URL and was able to download the doc without issue. i inspected the request and saw the correct headers that match the outgoing request originating from hellosign.open. any ideas what i can try?

hellosign.open() is only expected to load embedded URLs. These would be URLs returned from requests to the following endpoints:

• /embedded/sign_url/ (sign URL - embedded signing)
• /template/create_embedded_draft (edit URL - embedded template creation)
• /embedded/edit_url/ (edit URL - embedded template editing)
• /unclaimed_draft/create_embedded (claim URL embedded requesting)
• /unclaimed_draft/create_embedded_with_template (claim URL embedded requesting)

If you'd like to collect signatures on a document in an iframe on your site, embedded signing will likely be what you're looking for. In that case, you'd want to create your signature request with a request to:

/signature_request/create_embedded

and then use the URL you're creating via Amplify Storage as the value of the file_url[] request parameter.

Once you've created your request, locate the signature ID for your signer in the response object, and use that in a request to /embedded/sign_url/

This will return a sign URL that you can load using hellosign.open().