CODEWITHSUNDEEP
pythonamazon-web-servicesamazon-selling-partner-api
SouravPal95
SouravPal95

Reputation: 31

403 error while making Amazon SP API calls despite having LWA access and refresh tokens

I have followed the official developer's guide (https://github.com/amzn/selling-partner-api-docs) to the teeth, and have been able to get access and refresh tokens. I have also managed to sign each request properly using SHA256 hashing algorithm. But after trying to make an API call, this is the error I get.

{
  "errors": [
    {
      "message": "Access to requested resource is denied.",
     "code": "Unauthorized",
     "details": ""
    }
  ]
}

The inline policy attached to the IAM Role is:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Resource": "arn:aws:iam::310069193681:role/SellingPartner"
        }
    ]
}

Attached below are other request details....

{
  'Date': 'Mon, 12 Jul 2021 10:23:12 GMT', 
   'Content-Type': 'application/json', 
  'Content-Length': '141', 
  'Connection': 'keep-alive', 
  'x-amzn-RequestId': '8541dac4-e734-486b-820d-3010f447b055', 
  'x-amzn-ErrorType': 'AccessDeniedException', 
  'x-amz-apigw-id': 'CWiykGXFDoEF2Xw='
}

Upvotes: 0

Views: 2823

Answers (2)

user26421670
user26421670

Reputation: 1

I also encountered the same error in my Node.js application (using the amazon-api-api package). Despite timely rotating the LWA credentials and successfully fetching information via Postman, I received the following error:

{
  "errors": [
    {
      "message": "Access to requested resource is denied.",
      "code": "Unauthorized",
      "details": ""
    }
  ]
}

After some investigation, I discovered that the issue was with the endpoint version. By default, when you connect to the Amazon SP-API without specifying the endpoint version, it defaults to the oldest version (e.g., 2020).

To resolve this, you need to specify the correct endpoint version when making the API call. Here’s an example of how to do it:

let sellingPartner = new SellingPartnerAPI({
    region: config.region, // The region to use for the SP-API endpoints ("eu", "na" or "fe")
    refresh_token: config.refresh_token, // The refresh token of your app user
    endpoints_versions: {
      reports: '2021-06-30' // Specify the correct endpoint version
    }
});

By setting the endpoints_versions correctly, I was able to successfully authenticate and access the requested resources.

Upvotes: 0

Ntkm
Ntkm

Reputation: 11

I had a similar issue, for me I didn't give the roles needed for the app.

For your application to access a given resource you have to select some roles. To to this, if you are using the new interface:

  1. Go to the page where your apps are listed
  2. Select your app -> Edit
  3. Select the roles you need. You can check which roles are necessary in

https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/roles/Roles-in-the-Selling-Partner-API.md Some roles are restricted - if that's your case, you might need to update your developer profile to request them.

Upvotes: 1

Related Questions