search

amzn / selling-partner-api-models

This repository contains OpenAPI models for developers to use when developing software to call Selling Partner APIs.
Apache License 2.0
580 stars 730 forks source link

403 Forbidden using the Java SDK #1067

Closed davidsartori closed 2 years ago

davidsartori commented 3 years ago

Dear All,

We have strictly followed the instructions in the Github developer guide of SP-API. Here is the unsecret log of the latest execution of the Java program in an Ubuntu PC with an internet direct access:

ubuntu@ip-172-30-2-210:~$ java -jar Livraisons/Sprint3.09.01/SellersAPIdemo.jar Accept: application/json Content-Type: application/json User-Agent: Swagger-Codegen/1.0.0/java x-amz-access-token: Atc|MQEBIHhDWk1slvaD8KKUb_62qUF9v0JemWbhXbwxmvHFGEag1fH3ARGj_TJ8mRYkxymEz0TWZBkghRHpCmtLrzsbD5O1pl95qn6iFyXXHzmAHVSIh-2rzZ1PjMmEi7gPYyF9uZEsXGJuhvqq-wFaLtNno9hyHDGX2AQ22UA1vnXvHffKS5AqurhsM9jJbA9FLXKek3NOzF-V-xN5rEhaxOuvK4cgRsK1Ua0jbAjE_FxppbI5sQ2C9UkxKJzBBhg6a_xWiAtZ1NisCHV4m_4ytEN_eY-9nkU4Ro19llPAin-xKpY5SczPbQCS9z4PbyGXi_qmfPdJTabrMPhWVBIaPim2LLWx-DxdPW55PQm12UlgG7EXT35-weLp0SDHEqYaPLazEbI X-Amz-Security-Token: FwoGZXIvYXdzEPn//////////wEaDBJgj4XJIKQrB6fdxSLIAQa8qPmDGAv5siMsVwcm4TtpCgSxqSPiCHDbVl/cxbigb70fEXYlRLO4z8OwAstSBhcTPe3d0tp4F1GKywWmNxfFXVT1dxLCRz0Xa5l/dTopV4IKTpf4Uu/EhOKSKcZmTYKdh4mtZuZr18RzsRHLGrZ8aBWHpMs1iESnj9klGB3SsvmVK7uagsnKSmQYRPSTtSEriYqQSm+Lk7TPoC1EZEj7KkBVm6WLNfyh0HfTwSTZ0uEsyBqqnuitNE306UD60Yhfpv3uqfJkKIzC1IEGMi2fgz62hgmA+F23PfGl3NunjDvtAPBQkq6O78V/gAHLq+WUb87lpNUcrv/vGrE= Host: sellingpartnerapi-eu.amazon.com X-Amz-Date: 20210223T153645Z Authorization: AWS4-HMAC-SHA256 Credential=ASIAY5MBCA5K7WJ5DTET/20210223/eu-west-1/execute-api/aws4_request, SignedHeaders=accept;content-type;host;user-agent;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=806eb32cf2fa49be882de214c510732f4da413496bebb706ae3a7178b9b568b6

https://sellingpartnerapi-eu.amazon.com/catalog/v0/items?MarketplaceId=A13V1IB3VIYZZH Date: Tue, 23 Feb 2021 15:36:45 GMT Content-Type: application/json Content-Length: 141 Connection: keep-alive x-amzn-RequestId: fb7d0df9-c193-489b-824f-4822ad48b97c x-amzn-ErrorType: AccessDeniedException x-amz-apigw-id: bNIaGFMwDoEFclQ= OkHttp-Sent-Millis: 1614094605307 OkHttp-Received-Millis: 1614094605381

403 Forbidden Exception in thread "main" io.swagger.client.ApiException: Forbidden at io.swagger.client.ApiClient.handleResponse(ApiClient.java:957) at io.swagger.client.ApiClient.execute(ApiClient.java:872) at io.swagger.client.api.SellersApi.getMarketplaceParticipationsWithHttpInfo(SellersApi.java:143) at io.swagger.client.api.SellersApi.getMarketplaceParticipations(SellersApi.java:130) at io.swagger.client.api.SellersApiTest.main(SellersApiTest.java:83)

We have been investigating for 1 month and could not find any solution in all the corresponding threads. Our request seems to be well-formed. On February, 17th, we wrote a support ticket #6794063222 which is in the state "Waiting for Amazon action". Note that we are on the eu-west-1 region.

I hope that your colleagues at SellerCentral will authorize our request. Else what should we do ?

Best Regards,

David

ShivikaK commented 3 years ago

Hello @davidsartori

Thank you for raising this issue.

It appears you are using wrong access token value for the request as per the details provided.

The access token generated appears to be a grantless access token (starting with Atc|) whereas the API request is not a grantless operation (https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#grantless-operations-1)

Please refer to below documentation to verify that you are using correct parameters to configure your LWA credentials - https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#step-3-configure-your-lwa-credentials

An access token generated using refresh token starts with value Atza| so that should help you identify the type of access token being generated.

If issue persists, please let us know and we will follow up with you via the support case you have opened to further troubleshoot the errors.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

ShivikaK commented 3 years ago

Hello @davidsartori

I would like confirm if the issue reported here has been resolved or if you are facing any delays in response regarding the related support case.

If issue is persisting, please provide further details on the support case for deeper investigation.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

davidsartori commented 3 years ago

Hello Shivika,

After reviewing the concept of Roles, that we did not know before, and that is not mentioned in the developer guide AFAIK, we managed to build a valid request. I think you may close this ticket. We created on Thursday a new ticket so that Seller Central explains why our getOrders response is an empty 'payload' JSON.

Regards,

DS.

De : Shivika Khare notifications@github.com Envoyé : vendredi 5 mars 2021 22:17 À : amzn/selling-partner-api-docs selling-partner-api-docs@noreply.github.com Cc : SARTORI David david.sartori-ext@sagemcom.com; Mention mention@noreply.github.com Objet : Re: [amzn/selling-partner-api-docs] 403 Forbidden using the Java SDK (#432)

[EXTERNAL]-Real sender is: noreply@github.commailto:noreply@github.com

Hello @davidsartorihttps://urldefense.com/v3/__https:/github.com/davidsartori__;!!MNCx95vGHQ!B-xA64wgah22q-ZebKNf4Jh4bLq6H5dr9odKPAoytLV9zV_mNZMsP0eH07GFELDpSLjvUeAx$

I would like confirm if the issue reported here has been resolved or if you are facing any delays in response regarding the related support case.

If issue is persisting, please provide further details on the support case for deeper investigation.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/amzn/selling-partner-api-docs/issues/432*issuecomment-791715067__;Iw!!MNCx95vGHQ!B-xA64wgah22q-ZebKNf4Jh4bLq6H5dr9odKPAoytLV9zV_mNZMsP0eH07GFELDpSGllbG9b$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AR6S4BBAYW2WEJPH5RJY5BDTCFC5BANCNFSM4YCW3DFA__;!!MNCx95vGHQ!B-xA64wgah22q-ZebKNf4Jh4bLq6H5dr9odKPAoytLV9zV_mNZMsP0eH07GFELDpSB_1mjRB$.

Ce courriel et les documents qui lui sont joints sont, sauf mention contraire, présumés de nature confidentielle et destinées à l'usage exclusif du ou des destinataire(s) mentionné(s). Si vous n'êtes pas le ou les destinataire(s), vous êtes informé(e) que toute divulgation, reproduction, distribution, toute autre diffusion ou utilisation de cette communication ou de tout ou partie de ces informations est strictement interdite, sauf accord préalable de l’expéditeur. Si ce message vous a été transmis par erreur, merci d’immédiatement en informer l'expéditeur et supprimer de votre système informatique ce courriel ainsi que tous les documents qui y sont attachés. En vous remerciant de votre coopération.

This email and any attached documents are, unless otherwise stated, presumed to be confidential and intended for the exclusive use of the recipient(s) mentioned. If you are not the recipient(s), you are informed that any disclosure, reproduction, distribution, any other dissemination or use of this communication or all or part of this information is strictly prohibited, unless agreed beforehand by the sender. If you have received this e-mail in error, please immediately advise the sender and delete this e-mail and all the attached documents from your computer system. Thanking you for your cooperation.

estebanangel commented 3 years ago

We still have a similar issue. We're able to query the Orders, Reports and Finances API without any problem, but when we query the GET /catalog/v0/items endpoint we get unauthorized. We have checked other threads and some users suggest to check all the roles in the application, but when we check our application we ony see these roles:

image

We're really clueless about how to get the information from the catalog items endpoint.

Thanks

ShivikaK commented 3 years ago

Hello @estebanangel

The roles you see on the App registration page are based on roles you selected when you filled out the Developer Profile.

Please review your Developer Profile to verify if you selected all roles you need for app registration.

The GET /catalog/v0/items endpoint is mapped to Product Listing role.

Hope this helps clarify the confusion regarding not seeing the roles on the page.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

github-actions[bot] commented 2 years ago

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.