The Amazon Advertising API changed it's pathing on https hosted images and their path can no longer be determined by the ASIN, like can be done with non-secure image URLs.
This means that Chrome and other browsers will simply not display the images and will throw an error in the console about cross-protocol calls if the blog loading the plugin is being accessed via https.
The code for the Amazon Advertising API requires signing the URL with the API advertising key and secret (that plugin installers may not know) and hosting our key and secret in the file creates a security hole. So....
If the plugin calls the /api/asin endpoint in the HeyPublisher JSON api, the server can return the needed image URL and meta data the plugin requires, and get the benefit of cacheing. This solves the security problem and ensures that the plugin can load quickly.
The Amazon Advertising API changed it's pathing on https hosted images and their path can no longer be determined by the ASIN, like can be done with non-secure image URLs.
This means that Chrome and other browsers will simply not display the images and will throw an error in the console about cross-protocol calls if the blog loading the plugin is being accessed via https.
The code for the Amazon Advertising API requires signing the URL with the API advertising key and secret (that plugin installers may not know) and hosting our key and secret in the file creates a security hole. So....
If the plugin calls the
/api/asinendpoint in the HeyPublisher JSON api, the server can return the needed image URL and meta data the plugin requires, and get the benefit of cacheing. This solves the security problem and ensures that the plugin can load quickly.