Working sample for simple GET request

[smithburger]

New to github so sorry if this is the wrong place to ask. I am pretty confused with AWS singing and I have to talk to one of their new APIs (no SDK available) without any previous experience. Do you have a working example showing a full simple get request using your library to sign it? I am struggling getting off the ground with their docs and no experts to ask for help. Hoping for a little nudge.

[github-actions[bot]]

Hi there and welcome to this repository!

A maintainer will be with you shortly, but first and foremost I would like to thank you for taking the time to report this issue. Quality is of the highest priority for us, and we would never release anything with known defects. We aim to do our best but unfortunately you are here because you encountered something we didn't expect. Lets see if we can figure out what went wrong and provide a remedy for it.

[FantasticFiasco]

Are you writing for .NET, or simply need help with figuring out the raw HTTP request to send to a specific AWS service?

[smithburger]

I am trying to connect to the Selling Partner / Direct Fulfillment api which is new. They haven't created the sdk for it yet and I doubt it will be created for a while. I am using C# and .net. I was ultimately hoping to find a library that would take in credentials, headers and payload (If there is one) and spit back out a fully signed http request.

As you mentioned in you intro to this library it is pretty overwhelming starting from scratch without an sdk to lean on with aws.

https://pdfhost.io/v/aSOeqvZ2q_VendorDevGuide_v1pdf.pdf

Page 14 is where it starts.

I don't want to waste your time if this was not the intention of your project. Seemed like it was or at least close. Thank you for your time!

[FantasticFiasco]

I don't mind trying to help you, at least helping you on your way 😃

You should start with getting the access token as described on page 14. Then you'll need a couple of things:

• requestUri - https://sellingpartnerapi-eu.amazon.com/vendor/orders/v1/purchaseOrders?limit={example}&createdAfter={example}&createdBefore={example}&sortOrder={example}&nextToken={example}&includeDetails={example} or whatever else you are querying for
• regionName - Defined to be us-east-1 according to the table on page 18, but you should probably follow the link and see if the region is valid for your context
• serviceName - Defined to be execute-api according to the table on page 18, but you should probably follow the link and see if the service name is valid for your context
• credentials - Here's where I'm not sure. ImmutableCredentials is in AWS IAM defined by AccessKey, SecretKey and Token. I think token is what you've got from the first step, but I'm unsure of the access key and the secret access key. Maybe they are what's referred to as client id and client secret in the documentation?

Well, assuming we've now got the correct parameters, I think you should be able to send a GET request like this.

var client = new HttpClient();
client.GetAsync(
    "https://sellingpartnerapi-eu.amazon.com/vendor/orders/v1/purchaseOrders?limit={example}&createdAfter={example}&createdBefore={example}&sortOrder={example}&nextToken={example}&includeDetails={example}",
    "us-east-1",
    "execute-api",
    new ImmutableCredentials("<client id>", "<client secret>", "<token>"));

This is my best guess. I hope you'll get it to work,

[smithburger]

I am getting status code Forbidden.

I did make two changes. I changed x-amz-security-token to x-amz-access-token (from AWSDK.Core) and I added a user-agent header to match the docs I provided earlier. Still Forbidden.

{Connection: keep-alive x-amzn-RequestId: 23c40fac-01b8-40da-8ae4-1bb94419a676 x-amzn-ErrorType: InvalidSignatureException x-amz-apigw-id: UC4gIGB1IAMFdJA= Date: Wed, 07 Oct 2020 14:44:55 GMT }

Is there somewhere I can hand enter all the details and get the signature results to see if it matches what the code is generating? Not sure how else to debug this.

The information looks good. I don't think I am far off just don't know how to really debug it without ever seeing a working example. With Amazon MWS (their apis for business selling on amazon) they have a website scratchpad that makes working up api calls by hand easy to see what actually works.

[FantasticFiasco]

Both Postman and Insomnia support SigV4 as authentication methods right out of the box. You can try to hit the endpoints using those. It will however be tricky to match a request generated by those tools with the requests you create, unless you can make sure that the requests are generated using the exact same timestamp.

I ended up getting a lot of Forbidden requests during the development of this library, and what usually saved me where the CloudWatch logs, those often contained some information regarding the issue with the request. But you only have access to those logs if you own the API, which I guess you don't.

I don't think I can do more for you at this point. You ought to demand help from the API owners. It would be in their interest for you to use their API, I guess that's what makes them money?

[smithburger]

The API owner is Amazon and as you know they don't respond or provide any help.

Thanks gain though. If I get it working I will reach back out with my findings so your library can maybe be improved.