SignatureDoesNotMatch

[spsinghats2]

I am having the above error when refreshRoleCredentials method is being called. either directly we call it or it being called when we use callApi method.

folowing is the request that is being generated: { method: 'POST', url: 'https://sts.amazonaws.com', body: 'Action=AssumeRole&DurationSeconds=3600&RoleArn=arn%3Aaws%3Aiam%3A%3A849291919351%3Arole%2FSellingPartnerAPI&RoleSessionName=SPAPISession&Version=2011-06-15', headers: { Authorization: 'AWS4-HMAC-SHA256 Credential=AKIA4LPN6H7337K4MSQ2/20220804/us-east-1/sts/aws4_request, SignedHeaders=host;user-agent;x-amz-content-sha256;x-amz-date, Signature=1a8fe572c8b33c9e2d08af74805c2b602dbae2abebcefa917035f985c6ea98a0', 'Content-Type': 'application/x-www-form-urlencoded; charset=utf-8', Host: 'sts.amazonaws.com', 'user-agent': 'amazon-sp-api/0.7.9 (Language=Node.js/v14.12.0; Platform=Darwin/20.04)', 'X-Amz-Content-Sha256': '0f23fbe70f689e9b56bd4798c2c90e95f27c9bef845f512004d4c152e9a763de', 'X-Amz-Date': '20220804T112604Z' } }

error i get in reply is following

{ ErrorResponse: { Error: { Type: 'Sender', Code: 'SignatureDoesNotMatch', Message: 'The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.' }, RequestId: 'c525f9c4-765d-45a8-a233-1ada7781f2ac' } }

my config is following:

`new SellingPartnerAPI({ access_token: credentials.accessToken, credentials: { AWS_ACCESS_KEY_ID: environment.amazon.keyId, AWS_SECRET_ACCESS_KEY: environment.amazon.userSecret, AWS_SELLING_PARTNER_ROLE: environment.amazon.role, SELLING_PARTNER_APP_CLIENT_ID: environment.amazon.clientId || 'amzn1.application-oa2-client.0416471fa9d4464a9b5c997f80ad806d', SELLING_PARTNER_APP_CLIENT_SECRET: environment.amazon.clientSecret || '40c2774170fbea1f16f739fd6e333dec928b77c4020c957b81568d96bb026b58', }, options: { auto_request_throttled: true, auto_request_tokens: true, debug_log: true, only_grantless_operations: false, use_sandbox: true, user_agent: 'amazon-sp-api/0.7.9 (Language=Node.js/v14.12.0; Platform=Darwin/20.04)', }, refresh_token: credentials.refreshToken, region: 'eu', role_credentials: {

  },
})`

Any idea what could be the issue.

[amz-tools]

Hi @spsinghats2,

hard to tell whats wrong. You could try to completely remove access_token, role_credentials and use_sandbox from the config and try again. And also maybe try to remove the credentials as well and provide them directly as environment variables.

[spsinghats2]

@amz-tools thx for helping, removing them resolved the error, not sure but removing access_token and adding env directly worked.

1 more issue though, { method: 'POST', url: 'https://sellingpartnerapi-eu.amazon.com/feeds/2020-09-04/documents', body: '{"contentType":"text/xml; charset=UTF-8"}', headers: { Authorization: 'AWS4-HMAC-SHA256 Credential=ASIA4LPN6H73YMRSYHAV/20220808/eu-west-1/execute-api/aws4_request, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date, Signature=cc35dbb1172529a89df860adc9478cdcf122b518c0101b5c5d8b892c215e3f5d', 'Content-Type': 'application/json; charset=utf-8', host: 'sellingpartnerapi-eu.amazon.com', 'user-agent': 'amazon-sp-api/0.7.9 (Language=Node.js/v14.12.0; Platform=Darwin/20.04)', 'x-amz-access-token': 'SOMETHING***', 'x-amz-security-token': 'SOMETHING**', 'x-amz-date': '20220808T131306Z' } }

I am getting error: { body: '{\n' + ' "errors": [\n' + ' {\n' + ' "message": "Access to requested resource is denied.",\n' + ' "code": "Unauthorized",\n' + ' "details": ""\n' + ' }\n' + ' ]\n' + '}', chunks: [ <Buffer 7b 0a 20 20 22 65 72 72 6f 72 73 22 3a 20 5b 0a 20 20 20 20 7b 0a 20 20 20 20 20 20 22 6d 65 73 73 61 67 65 22 3a 20 22 41 63 63 65 73 73 20 74 6f 20 ... 91 more bytes> ], statusCode: 403, headers: { date: 'Mon, 08 Aug 2022 13:13:07 GMT', 'content-type': 'application/json', 'content-length': '141', connection: 'close', 'x-amzn-requestid': 'c9a64605-9264-455a-bfc1-d662809ec5e2', 'x-amzn-errortype': 'AccessDeniedException', 'x-amz-apigw-id': 'Wi7LgF-QjoEF0tw=' } }

when i use the postman with same requst object I get: { "errors": [ { "message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.\n\nThe Canonical String for this request should have been\n'POST\n/feeds/2020-09-04/documents\n\nhost:sandbox.sellingpartnerapi-eu.amazon.com\nuser-agent:amazon-sp-api/0.7.9 (Language=Node.js/v14.12.0; Platform=Darwin/20.04)\nx-amz-access-token:SOMETHING****\nx-amz-date:20220808T120805Z\n\nhost;user-agent;x-amz-access-token;x-amz-date\nb65f054c48ac862679857366981192b9efefdbd1e83c0db6c2c3bd9f1f1f2f07'\n\nThe String-to-Sign should have been\n'AWS4-HMAC-SHA256\n20220808T120805Z\n20220808/eu-west-1/execute-api/aws4_request\n8c5fae8b899a9fe8a54296ea444cede1e000bfc931c374a45d384eebf5d32438'\n", "code": "InvalidSignature" } ] }

I have searched as I can but everything seems to be fine

[amz-tools]

@spsinghats2, are you sure authentication is now working? Is sellers.getMarketplaceParticipations working? Is it doesn't expect any params its a good test to check out if the connection is working via the module.

[spsinghats2]

No I am getting exactly same error in sellers.getMarketplaceParticipations in this. do you think it has something to do with IAM users permissions? or the token i generated?

[amz-tools]

@spsinghats2, yes there seems to be a problem with your authentication somewhere.

[nothinman]

@amz-tools I actually have a similar problem with signature mismatch for SOME of the calls. FBA Inventory does not seem to work for me for example. I always hated this signature. Especially the MWS one. PITA.

Loaded credentials from file (/home/nothinman/.amzspapi/credentials) CustomError: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.The Canonical String for this request should have been'GET/fba/inventory/v1/summariesMarketplaceIds=A1PA6795UKMFR9&granularityId=A1PA6795UKMFR9&granularityType=Marketplacehost:sellingpartnerapi-eu.amazon.comuser-agent:amazon-sp-api/0.7.10 (Language=Node.js/v12.22.9; Platform=Linux/5.15.0-43-generic)

EDIT: I can perform catalog items calls for example without any problems.

[nabeelasjid1]

I was getting similar type of error, after long day debug I found, I don't need to assume role at all