CODEWITHSUNDEEP
pythonamazon-product-api
superman23443
superman23443

Reputation: 61

Amazon Product Advertising API Signature

I am trying to produce a signature for the Amazon Product Advertising API, been at it a few hours and am still getting a 403 - could anyone have a quick look at the code and tell me if I am doing anything wrong please?

This is the function I use to create the signature

def create_signature(service, operation, version, search_index, keywords, associate_tag, time_stamp, access_key):
start_string = "GET\n" + \
               "webservices.amazon.com\n" + \
               "/onca/xml\n" + \
               "AWSAccessKeyId=" + access_key + \
               "&AssociateTag=" + associate_tag + \
               "&Keywords=" + keywords + \
               "&Operation=" + operation + \
               "&SearchIndex=" + search_index + \
               "&Service=" + service + \
               "&Timestamp=" + time_stamp + \
               "&Version=" + version

dig = hmac.new("MYSECRETID", msg=start_string, digestmod=hashlib.sha256).digest()
sig = urllib.quote_plus(base64.b64encode(dig).decode())

return sig;

And this is the function I use to return the string for the request

def ProcessRequest(request_item):
    start_string = "http://webservices.amazon.com/onca/xml?" + \
                   "AWSAccessKeyId=" + request_item.access_key + \
                   "&AssociateTag=" + request_item.associate_tag + \
                   "&Keywords=" + request_item.keywords + \
                   "&Operation=" + request_item.operation + \
                   "&SearchIndex=" + request_item.search_index + \
                   "&Service=" + request_item.service + \
                   "&Timestamp=" + request_item.time_stamp + \
                   "&Version=" + request_item.version + \
                   "&Signature=" + request_item.signature
    return start_string;

And this is the run code

_AWSAccessKeyID = "MY KEY"
_AWSSecretKey= "MY SECRET KEY"

def ProduceTimeStamp():
    time = datetime.datetime.now().isoformat()
    return time;

item = Class_Request.setup_request("AWSECommerceService", "ItemSearch", "2011-08-01", "Books", "harry%20potter", "PutYourAssociateTagHere", ProduceTimeStamp(), _AWSAccessKeyID)
item2 = Class_Request.ProcessRequest(item)

An example web request it spits out that produces at 403 is this:-

http://webservices.amazon.com/onca/xml?AWSAccessKeyId=AKIAIY4QS5QNDAI2NFLA&AssociateTag=PutYourAssociateTagHere&Keywords=harry%20potter&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2015-02-26T23:53:14.330000&Version=2011-08-01&Signature=KpC%2BUsyJcw563LzIgxf7GkYI5IV6EfmC0%2FsH8LuP%2FEk%3D

There is also a holder class called ClassRequest that just has a field for every request field

The instructions I followed are here if anyone is intrested:- http://docs.aws.amazon.com/AWSECommerceService/latest/DG/rest-signature.html

I hope someone can help, I am new to Python and a bit lost

Upvotes: 6

Views: 2790

Answers (3)

rescue1155
rescue1155

Reputation: 415

That Worked for me.

$str = "Service=AWSECommerceService&Operation=ItemSearch&AWSAccessKeyId={Access Key}&Keywords=Harry%20Potter&ResponseGroup=Images%2CItemAttributes%2COffers&SearchIndex=Books&Timestamp=2019-08-11T17%3A51%3A56.000Z";


$ar = explode("&", $str);

natsort($ar);

$str = "GET
webservices.amazon.com
/onca/xml
";

$str .= implode("&", $ar); 

$str = urlencode(base64_encode(hash_hmac("sha256",$str,'{Secret Key Here}',true)));


http://webservices.amazon.com/onca/xml?Service=AWSECommerceService&Operation=ItemSearch&AWSAccessKeyId={Access Key}&Keywords=Harry%20Potter&ResponseGroup=Images%2CItemAttributes%2COffers&SearchIndex=Books&Timestamp=2019-08-11T17%3A51%3A56.000Z&Signature=$str

Remember: If you get this error Your AccessKey Id is not registered for Product Advertising API. Please use the AccessKey Id obtained after registering at https://affiliate-program.amazon.com/assoc_credentials/home

Go to https://affiliate-program.amazon.com/assoc_credentials/home

Upvotes: 0

OskarH
OskarH

Reputation: 165

Check again that the timestamp is right, it should have the format of 2015-03-27T15:10:17.000Z and in your example web request it looks like: 2015-02-26T23:53:14.330000

A good tool to try out your links is Amazon's signed requests helper: https://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html

Upvotes: 2

Sebastian
Sebastian

Reputation: 1095

You can simply use one of the existing solutions

available from PyPI.

OR

Compare your solution to one of those: https://bitbucket.org/basti/python-amazon-product-api/src/41529579819c75ff4f03bc93ea4f35137716ebf2/amazonproduct/api.py?at=default#cl-143

Your timestamp, for instance, looks a bit short.

Upvotes: 4

Related Questions