Skip to Content

Signing Requests

Published: 2022-05-24

One of our customers recently asked us how they could sign their requests. We've investigated this and learned that when you're making unauthenticated requests against an origin like AWS Appsync, you have to use the AWS SDK to sign the request.

Based on their use case, there might be two different cases:

  1. A user of their application is authenticated, in which case they send a Bearer token in the Authorization header.
  2. The "backend" is actually making the request, so there's no JWT in the Authorization header.

In the first case, the Authorization header should not be altered. In the second case, as the request is unauthenticated, it needs to be signed using the AWS SDK.

Our intention to solve this problem was to build a very generic solution to modify the Request-Response chain, so that our users can use any signing algorithm they want or use the solution for other purposes.

So, we've added two new hooks, the onRequest Hook as well as the onResponse Hook, both can be used to completely modify the request and response chain.

Here's an example of how the AWS request signing could be implemented:

// wundergraph.server.ts
import {configureWunderGraphServer} from "@wundergraph/sdk";
import type {HooksConfig} from "./generated/wundergraph.hooks";
import type {InternalClient} from "./generated/wundergraph.internal.client";
export default configureWunderGraphServer<HooksConfig,
InternalClient>((serverContext) => ({
hooks: {
global: {
httpTransport: {
onRequest: {
hook: async (ctx, request) => {
if (request.headers.Authorization) {
return "skip"; // no signing required, skip hook and send original request
return {
headers: {
Authorization: `${generateSignature(request)}`,
enableForOperations: ["AWS_OPERATION"]
const generateSignature = (request: WunderGraphRequest) :string => {
// your algorithm here
return "foo";



Subscribe to our newsletter!

Stay informed when great things happen! Get the latest news about APIs, GraphQL and more straight into your mailbox.

© 2022 WunderGraph