The security token included in the request is invalid

[Francesco-accline]

Hello, I tried to contact support forum but my seller central credentials aren't recognized in that section, maybe because mine is an Italian marketplace

After obtaining an access_token, I tried to call SP API to retrieve a list of orders from the sandbox endpoint. I get this response

"errors": [ { "message": "The security token included in the request is invalid.", "code": "InvalidInput" }

the call is made through CURL using php shell_exec command

this is my CURL request

/usr/local/bin/curl -k -i https://sandbox.sellingpartnerapi-eu.amazon.com/orders/v0/orders?CreatedAfter=2021-10-01 -H 'host:sandbox.sellingpartnerapi-eu.amazon.com' -H 'x-amz-access-token:Atza|IwEBIIckH6QJtK3AqzjJc2yA7fJhc3Fxc1Dkb4ln6LYSBrqK1ehR8QFQxRhKpvB5DMPSi6Fas6SROl49J5Y8W--bI7gK8O-lAlPvVM1fNSfCciz6sDM_TlyxcK5EFvXES-lOOK1xp5AGTfnleXTcdpYfhI6eruUW4o-mD0_MG4nq11mLF6yDGk37kZKS2KYpTq3oNOVen28FTrzzY4HzbqNCuQ5BD7zDF8aZ7VgRMRJ60zuANu4duDfMrJOLmz-q4VWjdUlW2KWU00-IY5pnNoE1j0dgC8Pcm8ePP8x4JeFuw4uA9S0tQX68t2ISV2J7qdaErw0vEO3uN46NOeYkxCAeBUhc' -H 'Content-Type:application/x-www-form-urlencoded;charset=UTF-8' -H 'x-amz-date:20211013T105602Z' -H 'Authorization:AWS4-HMAC-SHA256 Credential=amzn1.application-oa2-client.a5b6016f7dcaXXXXXXXXXXXXXXXXX/20211013/eu-west-1/execute-api/aws4_request,SignedHeaders=host;x-amz-access-token;Content-Type;x-amz-date,Signature=dc93ff761cac1839629353f9913a12f855e1d42277ec8ecda5d0a1bda2fb629f'

(I obscured my client id)

This is the request ID e7fcc8fa-f551-488d-bc91-f5a5ce48ac0d.

I've read somewhere that an X-Amz-Security-Token header is also required, but I don't know how to get it. Can you help me please or can You address me to a working support page to solve my issue? Thank You in advance.

[ahlmackie]

May not be the issue but check your date formats in both the query and headers and make sure they meet requirements as per docs. Also as this is a GET I’m not sure the content type is required in the headers

[Francesco-accline]

May not be the issue but check your date formats in both the query and headers and make sure they meet requirements as per docs. Also as this is a GET I’m not sure the content type is required in the headers

Unfortunately it doesn't seems to be a date format related issue, neither it seems due to Content-Type header.

One thing comes in my mind is that the SP-API user has been created with a developer account which has a different email (account name?) compared to the seller-central account. Could this be an issue?

[duprayj782sdnm]

Francesco-accline did you solve the issue? is it related to "different emails"? I ask this question because I am facing the same issue :|.

for amzn team: request id 2c588845-50d8-4a2c-8a2a-6a6dd9e2a1ee

[github-actions[bot]]

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

[github-actions[bot]]

closed for inactivity

[MrJamesFeng]

botocore.exceptions.ClientError: An error occurred (InvalidClientTokenId) when calling the AssumeRole operation: The security token included in the request is invalid.

i'm facing the same issue, have you found resolution,tks !

[malekashkar]

Facing the same issue at the moment. Attempting to use aws4 npm module to sign the request for me and https NodeJS module to send the request.

Really can't seem to figure out what's causing it though :/