search

amzn / selling-partner-api-models

This repository contains OpenAPI models for developers to use when developing software to call Selling Partner APIs.
Apache License 2.0
585 stars 730 forks source link

Not able to connect to sandbox environment, getting 403: Forbidden MissingAuthenticationToken #1227

Closed rajat-garg closed 1 year ago

rajat-garg commented 3 years ago

I am trying to connect to the: endpoint: https://sandbox.sellingpartnerapi-eu.amazon.com/sellers/v1/marketplaceParticipations?marketplace=A1RKKUPIHCS9HS

I have provided the following headers as well:

x-amz-access-token : Atza|IwEBIGEHXXXXXXXXXXXXXXXXXXX x-amz-date : 20210415T065600Z host : sandbox.sellingpartnerapi-eu.amazon.com Authorization : HMAC-SHA256 Credential=AKIAXXXXXXXXXXXXXX/20210415/eu-west-1/execute-api/aws4_request, SignedHeaders=host;user-agent;x-amz-access-token, Signature=49d1edbxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

(Note: The signature is generated using AWS Java SDK).

When I send the GET request to the above endpoint using Postman, it is returning:

403: forbidden

{
    "errors": [
        {
            "message": "Access to requested resource is denied.",
            "code": "MissingAuthenticationToken"
        }
    ]
}

What kind of authentication token it is expecting. I have provided all the information mentioned in the SP-API document.

Thanks.

rugved1991 commented 3 years ago

Hi @rajat-garg,

Please remove the "marketplace" parameter from the request and try again. https://sandbox.sellingpartnerapi-eu.amazon.com/sellers/v1/marketplaceParticipations

Thanks, Rugved Solutions Architect, SP API

rajat-garg commented 3 years ago

Hi @rugved1991 ,

I have tried to hit GET on below endpoint as well: https://sandbox.sellingpartnerapi-eu.amazon.com/sellers/v1/marketplaceParticipations

but it is still returning the same response 403 - Missing Authentication Token.

But, I have observed few more things:

In the Authorization header: when I enter algorithm as AWS4-HMAC-SHA256 (Previously, I was using only HMAC-SHA256) then it is returning a different response i.e.

403: Forbidden

{
    "errors": [
        {
            "message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been
'GET
/sellers/v1/marketplaceParticipations

host:sandbox.sellingpartnerapi-eu.amazon.com
user-agent:PostmanRuntime/7.26.10
x-amz-access-token:Atzr|IwEBIBsDhqvUXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXQ

host;user-agent;x-amz-access-token
e3b0c4429XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'

The String-to-Sign should have been
'AWS4-HMAC-SHA256
20210416T070400Z
20210416/eu-west-1/execute-api/aws4_request
6eddfXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
",
     "code": "InvalidSignature"
        }
    ]
}

But I am generating the signature using following AWS Java SDK methods:

static byte[] HmacSHA256(String data, byte[] key) throws Exception {
        String algorithm="HmacSHA256";
        Mac mac = Mac.getInstance(algorithm);
        mac.init(new SecretKeySpec(key, algorithm));
        return mac.doFinal(data.getBytes("UTF-8"));
    }

    static byte[] getSignatureKey(String key, String dateStamp, String regionName, String serviceName) throws Exception {
        byte[] kSecret = ("AWS4" + key).getBytes("UTF-8");
        byte[] kDate = HmacSHA256(dateStamp, kSecret);
        byte[] kRegion = HmacSHA256(regionName, kDate);
        byte[] kService = HmacSHA256(serviceName, kRegion);
        byte[] kSigning = HmacSHA256("aws4_request", kService);
        return kSigning;
    }

        byte[] signatureKey = getSignatureKey("L3IXXXXXXXXXXXXXXXXXXXXX", "20210416", "eu-west-1", "aws4_request");

// where the first parameter is Secret Access Key

Above methods I got from official docs. I am using the signature generated from the above logic in the Authorization header.

  1. What could be the reason behind signature mismatching.
  2. What is correct value for Algorithm: AWS4-HMAC-SHA256 or HMAC-SHA256.
vaikunth15 commented 2 years ago

Did you solve this error? please share the solution.

github-actions[bot] commented 2 years ago

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

Anuj4444 commented 2 years ago

@rajat-garg Hello Rajat, Have you got any solution for this issue? I am facing the same

github-actions[bot] commented 1 year ago

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

github-actions[bot] commented 1 year ago

closed for inactivity