GetOrders RDT

[coder771]

Can you call GetOrders call without RDT Token if you are not looking for PII information and just get order details?

[kpconnell]

Yes, of course.

[AshleyBurr]

I can confirm this, yes you can. I am doing just that.

[NeftaliAcosta]

@AshleyBurr Can you help me generate an RDT correctly please?

I am using php and no the documentation is not very clear. I just get the following message message.

[ghaliano2005]

@NeftaliAcosta why and RDT is required to get orders ?, anyway i am getting a message as your's

To sumurize my steps, i succesfully passed all of those steps well explained here Step 1. The selling partner initiates authorization from the Amazon Seller Central Partner Network

Step 2. The selling partner consents to authorize your application

Step 3. The selling partner signs into your website

Step 4. Amazon sends you the authorization information

Step 5. Your application exchanges the LWA authorization code for an LWA refresh token

However when i try to call the api for orders i get a strange error [ERROR] Server error:POST https://api.amazon.com/auth/o2/token` resulted in a 500 Internal Server Error response: {"error_index":"Fcx5knlboMSD4FpIWy28qgAAAAAAAAABrjiZIfZ9PKCaJThSvbkUo5Cfrpm8jtmNGY31BOSGhxvg2j9ly53kTHnnmD-ziGL P-APuTTwg (truncated...) `

Maybe the truncated string could give some usefull informations about the error stack If you are using https://github.com/jlevers/selling-partner-api/

This is an insight of the code i used to end up with that error

public function import(Store $store)
    {
        // See README for more information on the Configuration object's options
        $config = new \SellingPartnerApi\Configuration([
            "lwaClientId" => $this->params->get('aws_app_client_id'),
            "lwaClientSecret" => $this->params->get('aws_app_client_secret'),
            "lwaRefreshToken" => $store->getExchangedRefreshToken()['access_token'],
            "awsAccessKeyId" => $this->params->get('aws_iam_id'),
            "awsSecretAccessKey" => $this->params->get('aws_iam_key'),
            "endpoint" => \SellingPartnerApi\Endpoint::NA  // or another endpoint from lib/Endpoints.php
        ]);

        $apiInstance = new \SellingPartnerApi\Api\OrdersApi($config);
        $marketplace_ids = array($store->getAwsSellingPartnerId()); // string[] | A list of MarketplaceId values. Used to select orders that were placed in the specified marketplaces. See the [Selling Partner API Developer Guide](https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#marketplaceid-values) for a complete list of marketplaceId values.

        try {
            $result = $apiInstance->getOrders($marketplace_ids);
            print_r($result);
        } catch (\Exception $e) {
            echo 'Exception when calling OrdersApi->getOrders: ', $e->getMessage(), PHP_EOL;
        }
    }

[coder771]

@kpconnell @AshleyBurr I keep on getting Access to resource is denied 403 forbidden when trying to call getorders and looking at below it seems it needs RDT token?

[AshleyBurr]

It does not need an RDT token to get the orders, you only need an RDT to get the restricted data in the orders (Address Line 1, Name, Email, Tel) of the person who ordered it because that is PII (Personally Identifiable Information).

[nrcd-sof]

@coder771 are you using an ARN ROLE ? most of my problems came from the fact that i am using user IRN unstead of an arn role i flowed this post

[coder771]

@coder771 are you using an ARN ROLE ? most of my problems came from the fact that i am using user IRN unstead of an arn role i flowed this post

I'm using user arn and in code using rolearn

[NeftaliAcosta]

Hi @ghaliano2005 Thanks for your answer.

I have managed to implement this library, but I am having problems with the getOrders() method.

I have followed this sample code and I get this message as a response https://github.com/jlevers/selling-partner-api/blob/main/docs/Api/OrdersApi.md#getOrders

 "errors": [
    {
      "code": "InvalidInput",
      "message": "Application does not have access to one or more requested data elements: [buyerInfo, shippingAddress]",
      "details": ""
    }
  ]

Could you please tell me where I request Amazon the privilege to obtain this information?

This is my code.

public function getOrders(
        SellerAccount $o_seller_account,
        string $from_timestamp,
        string $to_timestamp,
        string $next_token = null
    ) {

        $apiInstance = new OrdersApi($this->config);

        try {
            $result = $apiInstance->getOrders(
                [$o_seller_account->marketplace()->getId()],
                null,
                null,
                date('c', $from_timestamp),
                date('c', $to_timestamp),
                null,
                null,
                null,
                null,
                null,
                null,
                null,
                $next_token,
                null,
                null,
                true,
                null,
                array('buyerInfo', 'shippingAddress')
            );
            showdie($result);
        } catch (Exception $e) {
            echo 'Exception when calling OrdersApi->getOrders: ', $e->getMessage(), PHP_EOL;
        }
    }

Thank you.

[ghaliano2005]

@NeftaliAcosta Now You need to call the createRestrictedDataToken https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#authorization-with-the-restricted-data-token

[AshleyBurr]

You won't get the restricted data until you have approval from Amazon. You need to fill in the details in Seller Central (ticking the red check boxes and filling in all the details they want)

[coder771]

I'm able to now make getorders call to selling partner api, but the one to sandbox is giving Internal Server Error. I'm sending the parameters needed as per in json model of sandbox, so its (https://sandbox.sellingpartnerapi-na.amazon.com/orders/v0/orders?MarketplaceIds=ATVPDKIKX0DER&CreatedAfter=TEST_CASE_200)

but still giving Internal Server Error, anyone knows what it could be?

[ghaliano]

hi @NeftaliAcosta , sorry i was wrong, the lib you are using ask automaticly for the RDT and make the createRestrictedDataToken call for you if the ressource is a PII oriented however i found this in the doc

Tutorial: Get authorization to access PII for bulk orders
You can get an RDT that provides authorization to access Personally Identifiable Information (PII) for bulk orders. The dataElements values that you specify (using the [restrictedResources](https://github.com/amzn/selling-partner-api-docs/blob/main/references/tokens-api/tokens_2021-03-01.md#restrictedresource) parameter of the createRestrictedDataToken operation) determine the type of restricted data that the RDT authorizes your application to access. In this tutorial we request an RDT that authorizes access to both buyer information and shipping address information.

Prerequisites

To complete this tutorial, you will need:

Authorization from the selling partner for whom you are making calls. See the [Selling Partner API Developer Guide](https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md) for more information.

Approval for the roles that are required to access buyer information and/or shipping address information. These are:

Direct-to-consumer shipping. Required to access shipping address information.
Tax remittance. Required to access buyer information.
Tax invoicing. Required to access buyer information.
To request access to these roles, see [Registering as a developer](https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#registering-as-a-developer) in the Selling Partner API Developer Guide and update your developer profile.

So i guess you need to check those checkbox and wait for amazon approval

[NeftaliAcosta]

Thank you @ghaliano for you answer. Do you know if it is necessary to update the refresh token after requesting permissions from amazon?

[ghaliano2005]

hi @neftali,

i don't think so,

look at the message on the top of this image [image: Screen Shot 2022-02-16 at 6.03.12 PM.png]

On Wed, Feb 16, 2022 at 4:55 PM Neftalí Acosta @.***> wrote:

Thank you @ghaliano https://github.com/ghaliano for you answer. Do you know if it is necessary to update the refresh token after requesting permissions from amazon?

— Reply to this email directly, view it on GitHub https://github.com/amzn/selling-partner-api-models/issues/2226, or unsubscribe https://github.com/notifications/unsubscribe-auth/AXXRSX7CODNB6ARQEOHFTLLU3PCIRANCNFSM5NGE2MHA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

-- Bien cordialement Ahmed, Développeur et chef de projet Web & mobile

Tél: +216 20156576 Skype: ghaliano2005 https://tn.linkedin.com/in/ahmed-ghali-pro

[kpconnell]

RDTs are JWTs and have an expiration.

On Wed, Feb 16, 2022, 9:55 AM Neftalí Acosta @.***> wrote:

Thank you @ghaliano https://github.com/ghaliano for you answer. Do you know if it is necessary to update the refresh token after requesting permissions from amazon?

— Reply to this email directly, view it on GitHub https://github.com/amzn/selling-partner-api-models/issues/2226, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIHBZV2ORSQ7DZULNZHJETU3PCIPANCNFSM5NGE2MHA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you were mentioned.Message ID: @.***>

[ghaliano]

@NeftaliAcosta hi Neftali have you managed to get it to work ?

[NeftaliAcosta]

@ghaliano Not yet, I'm waiting for authorization from Amazon.

[daniel031699]

ghaliano We only have direct to consumer shipping permission. Can we apply for shipping information？ When applying for RDT, always be prompted with information ‘Application does not have access to one or more requested data elements: [shippingAddress]‘？

[ghaliano]

@daniel031699 i switched to another project du to the time i spent in this particular issue, i have the exact same error like you and du to the lac of time, i paused it, switched to another project until i get the breath for another sprint with the aws doc

[daniel031699]

@ghaliano Thank you for your reply. I still need to try to solve this problem.

[coder771]

I'm getting RDT token back with below request, but we don't have any orders in our Seller Central account at the moment as its just used for development, so I'm unable to test if that RDT token will give back shipping address/buyer info or not.

From what I understand GetOrdersResponse returns order object which has shipping address and buyerInfo object in it and that should be filled up with values. Is that correct?

{"restrictedResources":[{"method":"GET","path":"/orders/v0/orders","dataElements":["buyerInfo","shippingAddress"]}]}

[maltunok]

I'm getting RDT token back with below request, but we don't have any orders in our Seller Central account at the moment as its just used for development, so I'm unable to test if that RDT token will give back shipping address/buyer info or not.

From what I understand GetOrdersResponse returns order object which has shipping address and buyerInfo object in it and that should be filled up with values. Is that correct?

{"restrictedResources":[{"method":"GET","path":"/orders/v0/orders","dataElements":["buyerInfo","shippingAddress"]}]}

correct

[frtlkmn]

Hello everyone, we have all authorizations.

Path : https://sellingpartnerapi-eu.amazon.com/tokens/2021-03-01/restrictedDataToken [POST]

Request: { "targetApplication":"", "restrictedResources":[ { "method":{"method":"GET"}, "path":"/orders/v0/orders", "dataElements":["buyerInfo","shippingAddress","buyerTaxInformation"] } ] }

But, the response is : { "errors": [ { "code": "InvalidInput", "message": "Application does not have access to one or more requested data elements: [buyerInfo, buyerTaxInformation, shippingAddress]", "details": "" } ] }

any help will be appreciated, thanks.

[coder771]

"method":{"method":"GET"},

I'm no expert but shouldnt it just be method":"GET" instead of method":{"method":"GET"}

[frtlkmn]

Thank you, I tried that way too, nothing changed :(

[coder771]

Thank you, I tried that way too, nothing changed :(

so you have access to roles DirectToConsumer Delivery in seller central developer profile and the app. Are they ticked?

[frtlkmn]

Thank you, I tried that way too, nothing changed :(

so you have access to roles DirectToConsumer Delivery in seller central developer profile and the app. Are they ticked?

yes

[AshleyBurr]

Hi everyone,

I am at the point of trying to get a RDT using the tokens API. All I am getting as response is: Forbidden! I have tried re-authorising the refresh token (edit App/Authorise in Seller Central) and using it and writing a test that calls this end-point in the sandbox. (europe)

I have also tried calling the live endpoint, same response.

The authorization for getting the restricted (PII) data has been authorised by Amazon too, so its not that either.

Any help grateful.

[frtlkmn]

Thank you, I tried that way too, nothing changed :(

so you have access to roles DirectToConsumer Delivery in seller central developer profile and the app. Are they ticked?

We can only get RDT for our "testing" live seller account, we cannot get RDT with different sellers who gave us permission. So, I guess there is no techical issue for us here, everyting is right, Amazon must check the roles and application permissions for our application.

[AmandeepSingh179]

@NeftaliAcosta @frtlkmn were you able to get it working. I'm getting the same error. Direct to consumer role is checked in my profile.

[martr84]

We had tried to get this working we went through the process of clicking edit app and ticking the DirectToConsumer Role after being approved for the role and then regenerating the refresh token. however that DID NOT work.

What DID work is creating a brand new app registration with the same role arn and ticking all the required roles as part of the initial setup. This gave us new lwa credentials, new app ids and new refresh tokens.

Hopefully this saves many hours of frustrations for other people.

[github-actions[bot]]

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

[github-actions[bot]]

closed for inactivity