Closed moltar closed 1 year ago
parvathm
commented
3 years ago Hi @moltar,
When you are using NA endpoint please make sure you are using NA authorization(Access token) meaning NA seller account authorized on your application to make call. If you are using a EU account on NA endpoint it will return access denied error. If you still have any questions please open a support case.
Thanks, parvathm, Selling Partner API Developer Support.
moltar
commented
3 years ago When you are using NA endpoint please make sure you are using NA authorization(Access token) meaning NA seller account authorized on your application to make call.
Unfortunately that makes no difference.
Here's another request, from an entirely different Seller Central account from North America (sellercentral.amazon.ca), with application from the NA region, and trying to access a NA seller account.
GET /sellers/v1/marketplaceParticipations HTTP/1.1
user-agent: selling-partner-api-sdk/0.0.0
x-amz-access-token: Atza|...
Host: sellingpartnerapi-na.amazon.com
X-Amz-Security-Token: IQoJb3JpZ...
X-Amz-Date: 20210402T015524Z
Authorization: AWS4-HMAC-SHA256 Credential=ASIAUUXUTCSV7VOU5K6H/20210402/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=4a968431c430963dc4cdf0b0f5d1cd9f2288a369cc3bbd16abd54bb7646b2390
Connection: close
Pragma: no-cache
Cache-Control: no-cacheHTTP/1.1 403 Forbidden
Date: Fri, 02 Apr 2021 01:55:25 GMT
Content-Type: application/json
Content-Length: 141
x-amzn-RequestId: 3966a04d-73a5-48eb-8f28-370fb0b1e4f8
x-amzn-ErrorType: AccessDeniedException
x-amz-apigw-id: dIfuGG30oAMFVew=
Expires: 0
Cache-Control: no-cache
Connection: close
{
"errors": [
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"details": ""
}
]
}Here's the twist.
Using exactly the same code base, exactly the same credentials, basically everything is exactly the same. Making calls one after another, using the same function, from the same execution environment.
await makeRequest(agent, {
method: 'GET',
url: '/sellers/v1/marketplaceParticipations',
})
await makeRequest(agent, {
method: 'GET',
url: '/finances/v0/financialEvents',
})We get 403 on the first call, and 200 on the next call.
/sellers/v1/marketplaceParticipationsGET /sellers/v1/marketplaceParticipations HTTP/1.1
user-agent: selling-partner-api-sdk-cdk/0.1.0 (Language=TypeScript)
x-amz-access-token: Atza|
Host: sellingpartnerapi-na.amazon.com
X-Amz-Security-Token: IQoJb3J...
X-Amz-Date: 20210402T041747Z
Authorization: AWS4-HMAC-SHA256 Credential=ASIAUUXUTCSV3RKRV37N/20210402/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=c1eafe9050fc052999508e2a55fa4f5e8b812d664fe1bdf0617df18712b4cd43
Connection: close
Pragma: no-cache
Cache-Control: no-cacheHTTP/1.1 403 Forbidden
Date: Fri, 02 Apr 2021 04:17:50 GMT
Content-Type: application/json
Content-Length: 141
x-amzn-RequestId: dbd0f85e-060d-4ff3-b293-a8cf4def1070
x-amzn-ErrorType: AccessDeniedException
x-amz-apigw-id: dI0lQG3qoAMFekw=
Expires: 0
Cache-Control: no-cache
Connection: close
{
"errors": [
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"details": ""
}
]
}/finances/v0/financialEventsGET /finances/v0/financialEvents HTTP/1.1
user-agent: selling-partner-api-sdk-cdk/0.1.0 (Language=TypeScript)
x-amz-access-token: Atza|...
Host: sellingpartnerapi-na.amazon.com
X-Amz-Security-Token: IQoJb3...
X-Amz-Date: 20210402T041753Z
Authorization: AWS4-HMAC-SHA256 Credential=ASIAUUXUTCSV3RKRV37N/20210402/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=45bbacc91da373a4b858dcf5a16cf02ce6fe568fe3106aa36d1d2d73b7cbc855
Connection: close
Pragma: no-cache
Cache-Control: no-cacheHTTP/1.1 200 OK
Date: Fri, 02 Apr 2021 04:17:55 GMT
Content-Type: application/json
Content-Length: 83
x-amzn-RequestId: 758a67cb-3c2e-4316-8fd3-6f8f7b50614e
x-amz-apigw-id: dI0mDECioAMF-OQ=
X-Amzn-Trace-Id: Root=1-60669af3-2535b9e9458ccae71f07db29
Expires: 0
Cache-Control: no-cache
Connection: close
{
"payload": {
}
}How do you explain that?
parvathm
commented
3 years ago Hi,
I see that you have a case open for this issue we can communicate further on the case. At a high level I see that you have added role that is required to call SellersAPI recently. Please generate new refresh token whenever you update your app id with new roles.
Thanks, Parvathm, Selling Partner Developer API.
moltar
commented
3 years ago At a high level I see that you have added role that is required to call SellersAPI recently.
I've added many test applications and roles at different times. And I waited more than 30 minutes for testing. So did others.
Please generate new refresh token whenever you update your app id with new roles.
Did that as well.
If you did any interventions, things have actually gotten worse since the last time we've reported this.
Now both calls are failing.
We have not changed our code.
/sellers/v1/marketplaceParticipationsGET /sellers/v1/marketplaceParticipations HTTP/1.1
user-agent: selling-partner-api-sdk-cdk/0.1.0 (Language=TypeScript)
x-amz-access-token: Atza|...
Host: sellingpartnerapi-na.amazon.com
X-Amz-Security-Token: IQoJb3...
X-Amz-Date: 20210402T222811Z
Authorization: AWS4-HMAC-SHA256 Credential=ASIAUUXUTCSVRQHUUAHW/20210402/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=81a7864c390305765df64d44ecf6f80e21e060e4b3482f4a086c15143af6ee56
Connection: close
Pragma: no-cache
Cache-Control: no-cacheHTTP/1.1 403 Forbidden
Date: Fri, 02 Apr 2021 22:28:14 GMT
Content-Type: application/json
Content-Length: 141
x-amzn-RequestId: 4b1a527c-82c0-4586-9acb-420ba4a3e18e
x-amzn-ErrorType: AccessDeniedException
x-amz-apigw-id: dLUTzGUuoAMF74Q=
Expires: 0
Cache-Control: no-cache
Connection: close
{
"errors": [
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"details": ""
}
]
}/finances/v0/financialEventsGET /finances/v0/financialEvents HTTP/1.1
user-agent: selling-partner-api-sdk-cdk/0.1.0 (Language=TypeScript)
x-amz-access-token: Atza|...
Host: sellingpartnerapi-na.amazon.com
X-Amz-Security-Token: IQoJb3...
X-Amz-Date: 20210402T222815Z
Authorization: AWS4-HMAC-SHA256 Credential=ASIAUUXUTCSVRQHUUAHW/20210402/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=dbd83d3f4b12c3d79fe151888038ed193630433b892fde1e93102e38565b446f
Connection: close
Pragma: no-cache
Cache-Control: no-cache
HTTP/1.1 403 Forbidden
Date: Fri, 02 Apr 2021 22:28:17 GMT
Content-Type: application/json
Content-Length: 141
x-amzn-RequestId: c47645da-e1f3-4167-9b95-3f3361479ddb
x-amzn-ErrorType: AccessDeniedException
x-amz-apigw-id: dLUUSHHcoAMF9qQ=
Expires: 0
Cache-Control: no-cache
Connection: close
{
"errors": [
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"details": ""
}
]
}
shailesh345
commented
3 years ago Here's the twist.
Using exactly the same code base, exactly the same credentials, basically everything is exactly the same. Making calls one after another, using the same function, from the same execution environment.
await makeRequest(agent, { method: 'GET', url: '/sellers/v1/marketplaceParticipations', }) await makeRequest(agent, { method: 'GET', url: '/finances/v0/financialEvents', })We get
403on the first call, and200on the next call.Endpoint:
/sellers/v1/marketplaceParticipationsRequest
GET /sellers/v1/marketplaceParticipations HTTP/1.1 user-agent: selling-partner-api-sdk-cdk/0.1.0 (Language=TypeScript) x-amz-access-token: Atza| Host: sellingpartnerapi-na.amazon.com X-Amz-Security-Token: IQoJb3J... X-Amz-Date: 20210402T041747Z Authorization: AWS4-HMAC-SHA256 Credential=ASIAUUXUTCSV3RKRV37N/20210402/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=c1eafe9050fc052999508e2a55fa4f5e8b812d664fe1bdf0617df18712b4cd43 Connection: close Pragma: no-cache Cache-Control: no-cacheResponse
HTTP/1.1 403 Forbidden Date: Fri, 02 Apr 2021 04:17:50 GMT Content-Type: application/json Content-Length: 141 x-amzn-RequestId: dbd0f85e-060d-4ff3-b293-a8cf4def1070 x-amzn-ErrorType: AccessDeniedException x-amz-apigw-id: dI0lQG3qoAMFekw= Expires: 0 Cache-Control: no-cache Connection: close { "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ] }Endpoint:
/finances/v0/financialEventsRequest
GET /finances/v0/financialEvents HTTP/1.1 user-agent: selling-partner-api-sdk-cdk/0.1.0 (Language=TypeScript) x-amz-access-token: Atza|... Host: sellingpartnerapi-na.amazon.com X-Amz-Security-Token: IQoJb3... X-Amz-Date: 20210402T041753Z Authorization: AWS4-HMAC-SHA256 Credential=ASIAUUXUTCSV3RKRV37N/20210402/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=45bbacc91da373a4b858dcf5a16cf02ce6fe568fe3106aa36d1d2d73b7cbc855 Connection: close Pragma: no-cache Cache-Control: no-cacheResponse
HTTP/1.1 200 OK Date: Fri, 02 Apr 2021 04:17:55 GMT Content-Type: application/json Content-Length: 83 x-amzn-RequestId: 758a67cb-3c2e-4316-8fd3-6f8f7b50614e x-amz-apigw-id: dI0mDECioAMF-OQ= X-Amzn-Trace-Id: Root=1-60669af3-2535b9e9458ccae71f07db29 Expires: 0 Cache-Control: no-cache Connection: close { "payload": { } }How do you explain that?
Did you authorized your application for that seller account and marketplace ? https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#authorizing-selling-partner-api-applications
Some APIs are grantless they will execute without app authorization. https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#grantless-operations-1
moltar
commented
3 years ago Did you authorized your application for that seller account and marketplace ?
Yes, both seller account, developer account and authorization come from the same account.
Some APIs are grantless they will execute without app authorization.
Not the ones in question though (marketplaceParticipations).
abuzuhri
commented
3 years ago The problem solved with me after I use Role ARN instead of User ARN in the application
coder771
commented
2 years ago @moltar what was the issue with this one? I'm having similar issue it seems, the call that was working on Friday stopped working today.
omrihaim
commented
2 years ago hey @abuzuhri can you please share where did you use switch the ARN? Also, can you update if that solution still works for you? Thanks!
splotter
commented
2 years ago we're also having the same issue and what I find really frustrating is that, first, no helpful details to at least give you a clue of what was wrong, and second, it's the same exact error you get for a lot of different scenarios, such as when you just had a typo in the URL, pending app registration and who knows what!
github-actions[bot]
commented
1 year ago This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.
github-actions[bot]
commented
1 year ago closed for inactivity
This is so bizarre! Three engineers have spent 2 weeks trying to figure this out.
We are getting 403 for
marketplaceParticipationsrequest for NA and FE regions, yet it works in EU.Other requests (orders list, financial events) work fine in NA.
Case ID
8166141741EU
Request
Response
NA
Request
Response