[BUG] if the param "sku" contain white space, such as "USCHILDREN005 GOLD03" raise signature match issue

[rockyspruce]

Background:

the api is "https://github.com/amzn/selling-partner-api-docs/blob/main/references/listings-items-api/listingsItems_2021-08-01.md#getlistingsitem"

method in my app is : getListingsItem(String sellerId, String sku, List marketplaceIds, String issueLocale, List includedData)

the sign method is : this.sign(stringToSign.getBytes(Charset.forName("UTF-8")), signingKey, SigningAlgorithm.HmacSHA256);

Issue:

if the param "sku" contain white space, such as "USCHILDREN005 GOLD03", the issue will be raised. the detail is :

"message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and

signing method. Consult the service documentation for details

[NetrushAnand]

We are also getting the same error in response when we call getListingsItem API with SKUs which have special characters.

Please see below some of the sample SKUs where we are getting this error: Sample SKUs: wScrew&GunMagnet MRO-ESSNTIAL:2021-03-01 5291 (FPT.PE00552-CA)

We have explored issue and found that the issue is in Selling Partner API Authentication/Authorization C# library. There is one method "ExtractCanonicalURIParameters" in AWSSignerHelper.cs file and it returns URI encoded version of absolute path.

Line No 60 - In the code, it encodes given SKU value twice as shown below. And when we call API with twice encoded value, it gives error.

SKU Original Value - wScrew&GunMagnet Encoding1 - wScrew%26GunMagnet Encoding2 - wScrew%2526GunMagnet

We have tried to make API request with single encode value and it gives successful response. But we are not sure how this change will impact in other APIs since this code is used with other APIs as well.

Can someone please confirm or guide?

[734303275]

Have you solved it yet

[824908000]

Have you solved it yet

[824908000]

when url contains space would decode is %20，and this listing api would decode twice is %2520. I solved it. I found it was the problem with sellingpartner-api-aa-java module. It can be solved by upgrading this module. The core point is that when signing, the URL needs to be encoded twice. The old module was encoded only once. The new module is encoded twice. Only the request mode with special characters in the Get request is affected. The following are its core modification points: SignableRequestImpl.java old: public String getResourcePath() { try { return this.originalRequest.url().toURI().getPath(); } catch (URISyntaxException var2) { throw new RuntimeException(var2); } }

New: public String getResourcePath() { return originalRequest.url() .getPath(); }

[DanielLanger]

Im having a different but related issue. SKUs with whitespace return SKU NOT FOUND for me. Anyone else come across this and have a solution?

[loneregister]

Same issue here. If I make a call to: /listings/2021-08-01/items/A2OL9GCABEY4G1/TL001B?marketplaceIds=... all works fine - and the SKU TL001B is found, and data returned.

However, if I then call: /listings/2021-08-01/items/A2OL9GCABEY4G1/TL001B M?marketplaceIds= (note the space between the B and M) The API returns that it cannot find TL001B%20M

I have tried encoding the space with %2520 or +, and many other options, but nothing seems to work properly.

[loneregister]

Can confirm - that using postman for a SKU with a space fails, and for a sku without a space, succeeds. it appears that the URL / API does not decode %20 properly when the url is called with a space. (Or something like that).

Can we get this bug fixed?

[loneregister]

confirming that a / also breaks this API call. It appears that if a SKU causes a URL to be 'malformed', the API call breaks.

Suggested fix would be to change the SKU value to a querystring value, and not a part of the URL/URI

[824908000]

Im having a different but related issue. SKUs with whitespace return SKU NOT FOUND for me. Anyone else come across this and have a solution?

suggest you need to confirm this sku exists in this seller?

[DanielLanger]

Confirm it exists – I am getting the SKU id from the FBA inventories API

[loneregister]

Hi DanielLanger - are you confirming that you also see the issue for skus with spaces or slashes? Or that you solved it by using the id from the inventory api?

[DanielLanger]

Sorry, confirmed that the sku itself exists - responding to the previous comment. I have the issue for spaces still - no fix

[DanielLanger]

Now running into the issue for skus with / in them. The error message for this case is [{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': ''}] though

[loneregister]

That is typically related to either: 1) Check your tokens etc.. The security tokens you have only last for a short while. Amazon just got back to me and stated that you can put the ASIN in for the SKU and it will work. As far as I can tell, it does not.
Does swapping the ASIN for the SKU in the URL work for you?

I did utilize a work around. I used the Catalog Items API request of getCatalogItem to pull the ASIN in question, and pull attribute info from that. It's not ideal - and means that I have to understand and work with the fact that the ASIN data I am pulling could be represented in the seller central account with many SKUs. But it does help at least a bit.

[DanielLanger]

swapping in ASIN does not work :)

I need the listings api because I also want to get the issues object that is returned there, so the catalog workaround doesnt work for me

[DanielLanger]

any updates?

[chapmanjw]

Hello @rockyspruce (and everyone else), we recently pushed a number of bug fixes surrounding the encoding issues for path parameters with the Listings Items APIs. You should no longer see these issues.

If you happen to receive an unexpected response for a SKU that should be present, please contact Developer Support so that we can troubleshoot your specific case.

Thanks!

[damianelder]

@chapmanjw also seeing similar issues producing pricing getPricing, tried every which way without success. skus without spaces are fine.

case id sent to developer support ID 11072238811

if replace spaces with + we get

request id 8074d7e4-bf69-49af-8ec0-c4e95564351d - in this example we replace spaces with + and response is ClientError { "payload": [ { "status": "ClientError" ,"SellerSKU": "486+0011+5905" } ] }

If we do not replace space with + we get

errors": [ { "message": "The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

The Canonical String for this request should have been 'GET /products/pricing/v0/price ItemType=Sku&MarketplaceId=A1PA6795UKMFR9&Skus=123%20123%20123

Checking the Canonical String in debugging it builds it as reported by API response above.

If we double encode it to %2520 it is the same result.