SPAPI, Unauthorized, Access to requested resource is denied

[Nasthada]

Hi,

I have been trying to use Amazon SP-API but I met an issue about authorization when requests via the postman. Could you please help me to address this issue?

Step what I did:

1. Generate temporary credentials using AWS STS from url https://sts.eu-west-1.amazonaws.com. I got the AccessKeyId, SecretAccessKey, SessionToken, RequestId = 99fba053-aa28-45b2-bd0c-ed7be6050d07

2. Generate LWA token from URL https://api.amazon.com, grant_type=refresh_token, refresh_token=from application that registered in Seller Console. I able to received the access_token = "Atza|IwEBIChmX9uK1V2HcFCtNCYz75n..."

3. Call SPAPI from URL https://sellingpartnerapi-eu.amazon.com/sellers/v1/marketplaceParticipations but I got the error Request: curl --location --request GET 'https://sellingpartnerapi-eu.amazon.com/sellers/v1/marketplaceParticipations' \ --header 'x-amz-access-token: Atza|....' \ --header 'X-Amz-Security-Token: ....' \ --header 'X-Amz-Date: 20220608T042014Z' \ --header 'Authorization: AWS4-HMAC-SHA256 Credential=..../20220608/eu-west-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=....' Response { "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ] }

Regards, Nasthada

[FatmaSedaOZYURT]

Hi Nasthada, I was looking in pages for Authroization error in GitHub and I saw your problem. I tried to request this endpoint /sellers/v1/marketplaceParticipations for you and it's successfully. I viewed your cURL code and I couldn't see wrong so, I explain how to I did this. You know, we should use AWS Signature. For this, I used AWSSdk.Security Token and I got accessKeyId, SecretAccessKey, SessionToken for 1 hours. I use this informations for AWS Signature in Authorization section of Postman. And than, I added got access token for seller as x-amz-access-token. So, I get successfully. I hope helpful. Good work!

[Nasthada]

Hi @FatmaSedaOZYURT Thank you so much for your response. I solved this issue by changing a configuration in the seller console. Now, we are using the IAM role in the application registration instead using IAM user

[FatmaSedaOZYURT]

@Nasthada I'm happy for you. Yes, we need to do by IAM role. Actually, I had been thinked that you didn't AWS security token dll. It was a possibility to be in IAM Role. Sorry for wrong redirect. If it is one of another IAM, we may have problems.

[Adrian-T-AMZN]

Hello @Nasthada,

Thank you for reaching out regarding the "Access to requested resource is denied" error.

You can find details regarding this in our documentation: https://developer-docs.amazon.com/sp-api-blog/docs/migrate-seller-authorizations-from-mws-to-sp-api#step-2-generate-temporary-credentials-using-aws-security-token-service-aws-sts

If the information available in the documentation link provided above does not fully resolve your inquiry, please open a support case with us.

Thanks, Adrian T. Selling Partner API Developer Support

[namtp-regit]

Hello @Nasthada , I also have the same problem. Can you help me check?

1. Generate temporary credentials using AWS STS from url https://sts.amazonaws.com/. I got the AccessKeyId, SecretAccessKey, SessionToken, RequestId = 65a47de9-9f61-454f-807f-05cf46a8ac46
2. Generate LWA token from URL https://api.amazon.com/auth/o2/token . I able to received the access_token = "Atza|IwEBILc9c5jzpsbIb0XuJGb45lx1WXvB..."
3. call SP API: curl --location 'https://sellingpartnerapi-na.amazon.com/sellers/v1/marketplaceParticipations' \ --header 'Accept: application/json' \ --header 'x-amz-access-token: Atza|IwEBILc9c5jzpsbIb0XuJGb45lx1WXvBZbMegbTBbO_iBSz0NOfDi1yIaNhelqQVXe8Z3M0Oo5fnuNRUaid2_Ie-5DvRY_UtGX_JeKal2VkYjHHpoe9NJlYdZP2uLa_29iKEIpObyY3esCLo_KYygErB6KaM0hCOUyFFVru6QW-GXFllZ31Ywdp-0xYFhxBi0wLPk0UGQdX8OCBu-m7IERS5w-YfIKzfk8kfAdyPLkoPFCfhJlXhTxZb4gWSwDmn_PdPaijm0I-vQkgSgFAmMpsB49SjCdbnFVtApQt5l1Hv15ktTnWHjgphFDvvrGwPLgNny6LcvakQUUM08cF6VC-PQ3H3' \ --header 'X-Amz-Security-Token: IQoJb3JpZ2luX2VjECIaCXVzLWVhc3QtMSJHMEUCIAarr4mTFM6TteoFAasUvH8nYpZ56Mtf6KRDUINy3aJ7AiEAzkvGp5vlA6kgYJzZJJ/GAooplaxBrwGx9/p0rya7Y9sqpQIIuv//////////ARAAGgwzNDk0NTcxNDQ1OTIiDN7OERc2jSpMrbVPlSr5Aa0i92bMlFELq2zrnCc+z1mTKOQ2L3Juz/cRMRzDUQxx6or3+DT19If6YUT47aN838MQH3ipqgNFqjt/5Bllm5Ufu/CK2nqSMhfsGh50V4XOIgm60nkUA7OskOx4+vLKy3YLY6/NX9VQzIwYsFGQNwxYgoCHA68carch4f9/cNu4UO7E3QiwV0Itvzx1PTyFeoeoCw7vZWdkncBN8FsImK+R4L1Ft5ZNOBmpHs+1vZ548U/stfUpBHe5nzusd4LHbQl/jJ4iPNjxdkG1pubf3eOa5OWZKoOvT7k8MIIW1K9Kzf1rXlFriDDyw6pfTmrXoomGTsJQy9U8wjDfktKfBjqdAfu6kSe9MFWj0mXl8rY4LOvrcgxRDgMwQvIkUUvK0hKl3ARHXjVW+8VQzrgekPigNN2FJ25tFl4LLoeXjPm1ciEfKrVr4wiVoJBFXFLkfE317l775bpnEaH6b7qnuW68NeqxWA/6S2FgaJc7ZDJuk2tKE21U/nKca6l1ITmec6xGsoALUMrNv2tfrLOvGik3eSYiCYH8/xosp/rzmHQ=' \ --header 'X-Amz-Date: 20230221T091312Z' \ --header 'Authorization: AWS4-HMAC-SHA256 Credential=ASIAVCXKE3MICQWAYCVX/20230221/us-east-1/execute-api/aws4_request, SignedHeaders=accept;host;x-amz-date;x-amz-security-token, Signature=a5b77cdb3cfc811518113a123952e5b7f61236e4f62a839842e65386ba0b062e'

[zabuli]

In my case although, I had everything correctly setup I still got same error and it was because credit card associated was not verified. You can find it in Account Info -> Payment Information tab -> Charge Method

[guorenn]

I feel that the current documentation is not user-friendly for the Python programming language. I hope to have a detailed usage example for each API in Python. "I am using the 'Self Authorizations' method to obtain the 'App ID', 'LWA credentials (Client identifier, Client secret)', and 'Refresh Token'. I would like to have an example that demonstrates how to query the 'Manage Inventory' data and update the 'Minimum Price' and 'Maximum Price' of products using only this information." Thank you.