Amazon Product Advertising API Signature

Question

I am trying to produce a signature for the Amazon Product Advertising API, been at it a few hours and am still getting a 403 - could anyone have a quick look at the code and tell me if I am doing anything wrong please?

This is the function I use to create the signature

def create_signature(service, operation, version, search_index, keywords, associate_tag, time_stamp, access_key):
start_string = "GET\n" + \
               "webservices.amazon.com\n" + \
               "/onca/xml\n" + \
               "AWSAccessKeyId=" + access_key + \
               "&AssociateTag=" + associate_tag + \
               "&Keywords=" + keywords + \
               "&Operation=" + operation + \
               "&SearchIndex=" + search_index + \
               "&Service=" + service + \
               "&Timestamp=" + time_stamp + \
               "&Version=" + version

dig = hmac.new("MYSECRETID", msg=start_string, digestmod=hashlib.sha256).digest()
sig = urllib.quote_plus(base64.b64encode(dig).decode())

return sig;

And this is the function I use to return the string for the request

def ProcessRequest(request_item):
    start_string = "http://webservices.amazon.com/onca/xml?" + \
                   "AWSAccessKeyId=" + request_item.access_key + \
                   "&AssociateTag=" + request_item.associate_tag + \
                   "&Keywords=" + request_item.keywords + \
                   "&Operation=" + request_item.operation + \
                   "&SearchIndex=" + request_item.search_index + \
                   "&Service=" + request_item.service + \
                   "&Timestamp=" + request_item.time_stamp + \
                   "&Version=" + request_item.version + \
                   "&Signature=" + request_item.signature
    return start_string;

And this is the run code

_AWSAccessKeyID = "MY KEY"
_AWSSecretKey= "MY SECRET KEY"

def ProduceTimeStamp():
    time = datetime.datetime.now().isoformat()
    return time;

item = Class_Request.setup_request("AWSECommerceService", "ItemSearch", "2011-08-01", "Books", "harry%20potter", "PutYourAssociateTagHere", ProduceTimeStamp(), _AWSAccessKeyID)
item2 = Class_Request.ProcessRequest(item)

An example web request it spits out that produces at 403 is this:-

http://webservices.amazon.com/onca/xml?AWSAccessKeyId=AKIAIY4QS5QNDAI2NFLA&AssociateTag=PutYourAssociateTagHere&Keywords=harry%20potter&Operation=ItemSearch&SearchIndex=Books&Service=AWSECommerceService&Timestamp=2015-02-26T23:53:14.330000&Version=2011-08-01&Signature=KpC%2BUsyJcw563LzIgxf7GkYI5IV6EfmC0%2FsH8LuP%2FEk%3D

There is also a holder class called ClassRequest that just has a field for every request field

The instructions I followed are here if anyone is intrested:- http://docs.aws.amazon.com/AWSECommerceService/latest/DG/rest-signature.html

I hope someone can help, I am new to Python and a bit lost

Answer 1

You can simply use one of the existing solutions

• bottlenose
• python-amazon-product-api
• python-amazon-simple-product-api

available from PyPI.

OR

Compare your solution to one of those: https://bitbucket.org/basti/python-amazon-product-api/src/41529579819c75ff4f03bc93ea4f35137716ebf2/amazonproduct/api.py?at=default#cl-143

Your timestamp, for instance, looks a bit short.

Answer 2

Check again that the timestamp is right, it should have the format of 2015-03-27T15:10:17.000Z and in your example web request it looks like: 2015-02-26T23:53:14.330000

A good tool to try out your links is Amazon's signed requests helper: https://associates-amazon.s3.amazonaws.com/signed-requests/helper/index.html