Amazon MWS Order API timestamp must follow ISO8601

Question

I am using Amazon MWS order API (ListOrders) and I can successfully run it on Amazon Scratchpad but I am getting the following error

Sender
MalformedInput
timestamp must follow ISO8601

Below is the php script which I got from some Stackoverflow post

$base_url = "https://mws.amazonservices.com/Orders/2013-09-01";
$method = "POST";
$host = "mws.amazonservices.com";
$uri = "/Orders/2013-09-01";

$params = array(
    'AWSAccessKeyId' => "AWSAccessKeyId",
    'Action' => "ListOrders",
    'SellerId' => "SellerId",
    'SignatureMethod' => "HmacSHA256",
    'SignatureVersion' => "2",
    //'Timestamp'=> gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()),
    'Timestamp'=> gmdate("Y-m-d\TH:i:s\Z", time()),
    'Version'=> "2013-09-01",
    'MarketplaceId' => "MarketplaceId",
    'CreatedAfter'=>'2014-07-06T19%3A00%3A00Z',
    'CreatedBefore'=>'2014-07-08T19%3A00%3A00Z'
    );

// Sort the URL parameters
$url_parts = array();
foreach(array_keys($params) as $key)
    $url_parts[] = $key . "=" . str_replace('%7E', '~', rawurlencode($params[$key]));

sort($url_parts);

// Construct the string to sign
$url_string = implode("&", $url_parts);
$string_to_sign = "GET\nmws.amazonservices.com\n/Orders/2013-09-01\n" . $url_string;

// Sign the request
$signature = hash_hmac("sha256", $string_to_sign, AWS_SECRET_ACCESS_KEY, TRUE);

// Base64 encode the signature and make it URL safe
$signature = urlencode(base64_encode($signature));

$url = "https://mws.amazonservices.com/Orders/2013-09-01" . '?' . $url_string . "&Signature=" . $signature;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$response = curl_exec($ch);

$parsed_xml = simplexml_load_string($response);
print '<pre>';
print_r($response);

Can anyone help find my mistake?

Answer 1

You are sending three date values:

'Timestamp'=> gmdate("Y-m-d\TH:i:s\Z", time()),
'CreatedAfter'=>'2014-07-06T19%3A00%3A00Z',
'CreatedBefore'=>'2014-07-08T19%3A00%3A00Z'

For a start, you can get rid of the second parameter to gmdate() since it defaults to time() anyways. Other than that it's fine and should not be the cause of your problem.

The other two parameters have url encoded characters (the colon is encoded as %3A) which you then send through rawurlencode() to encode once more. That will replace the percent sign of above encoing with %25. The CreatedAfter value you are actually sending to Amazon for CreatedAfter is therefore 2014-07-06T19%253A00%253A00Z. Try this instead:

'Timestamp'=> gmdate("Y-m-d\TH:i:s\Z"),
'CreatedAfter'=>'2014-07-06T19:00:00Z',
'CreatedBefore'=>'2014-07-08T19:00:00Z'