search

amzn / selling-partner-api-models

This repository contains OpenAPI models for developers to use when developing software to call Selling Partner APIs.
Apache License 2.0
611 stars 733 forks source link

[BUG] [SP-API] C# SDK 2.0 No PII (Shipping Address) Returned by GetOrders or RDT Error #459

Closed dathat closed 4 months ago

dathat commented 1 year ago

I'm submitting a...

[x] Regression (a behavior that used to work and stopped working in a new release)
[x] Bug report  
[ ] Feature request
[x] Documentation issue or request
[ ] Other... Please describe:

SP-API Name and Version or Report/Feed Type

API: ordersV0 API using the new C# SDK 2.0 released about a week ago. Calling getOrders to retrieve a list of orders.

Expected Behavior

Previously with the C# SDK 1.0 I set a RDT with data elements "buyerInfo" and "shippingAddress" and shipping information would be returned by GetOrders. Psuedo code:

OrdersV0Api ordersApi = new OrdersV0Api.Builder()
    .SetAWSAuthenticationCredentials(AmazonTokens.awsAuthenticationCredentials)
    .SetLWAAuthorizationCredentials(AmazonTokens.lwaAuthorizationCredentials)
    .Build();

TokensApi tokensApi = new TokensApi.Builder()
    .SetAWSAuthenticationCredentials(AmazonTokens.awsAuthenticationCredentials)
    .SetLWAAuthorizationCredentials(AmazonTokens.lwaAuthorizationCredentials)
    .Build();

List<RestrictedResource> restrictedResourceList = new List<RestrictedResource>();
List<string> dataElements = new List<string>
{
    "buyerInfo",
    "shippingAddress"
};
restrictedResourceList.Add(new RestrictedResource(RestrictedResource.MethodEnum.GET, "/orders/v0/orders", dataElements));
CreateRestrictedDataTokenRequest createRDT = new CreateRestrictedDataTokenRequest(null, restrictedResourceList);
CreateRestrictedDataTokenResponse rdtResponse = tokensApi.CreateRestrictedDataToken(createRDT);

ordersApi.Configuration.AddDefaultHeader("x-amz-access-token", rdtResponse.RestrictedDataToken);

GetOrdersResponse response = ordersApi.GetOrders(marketplaceIds, null, null, null, null, null, null, null, null, null, maxResultsPerPage, null, null, null, orderIDs, null, null, null, null, null);

Current Behavior

After regenerating all the DLLs with the newer 2.0 SDK if I generate and attach a RDT the same way as previously I get the error: {"code": "Unauthorized", "message": "Access to requested resource is denied.", "details": "The access token you provided is revoked, malformed or invalid."}

If I do not generate or attach a RDT the PII shipping information is not returned. It seems like the new SDK automatically creates RDTs as needed since I can call GetOrderAddress without generating or attaching a RDT using the 2.0 SDK and the shipping information is returned, However, this would not work well since it would require an extra call for every order. Psuedo code:

OrdersV0Api ordersApi = new OrdersV0Api.Builder()
    .SetLWAAuthorizationCredentials(AmazonTokens.lwaAuthorizationCredentials)
    .Build();

GetOrdersResponse response = ordersApi.GetOrders(marketplaceIds, null, null, null, null, null, null, null, null, null, maxResultsPerPage, null, null, null, orderIDs, null, null, null, null, null);

foreach (Order order in response.Payload.Orders)
{
    GetOrderAddressResponse orderAddress = ordersApi.GetOrderAddress(order.AmazonOrderId);
}

Context/Screenshots

The use case guide shows shipping information being returned without setting anything to retrieve it (https://developer-docs.amazon.com/sp-api/docs/orders-api-v0-use-case-guide). I am generally confused around the RDT usage now since it seems the newer SDK no longer requires manually generating or setting them. Is there a way to specify "dataElements" for the getOrders call?

Your Environment

Visual Studio Community 2022. Generated Amazon.SellingPartnerAPIAA.dll C# SDK 2.0 with swagger-codegen-cli-2.4.33.jar and using libraries: tokens_2021-03-01, ordersV0

dathat commented 1 year ago

Found the solution. I forgot the original C# SDK was broken and Amazon has not fixed it yet. Still have to edit "ApiClient.cs" for each API before generating the DLLs by replacing:

private void InterceptRequest(IRestRequest request)
{
    lwaAuthorizationSigner.Sign(request);
}

with:

private void InterceptRequest(IRestRequest request)
{
    if (!Configuration.DefaultHeader.ContainsKey("x-amz-access-token"))
    {
        lwaAuthorizationSigner.Sign(request);
    }
}

Otherwise the manually added RDT header gets overwritten just before the request is sent to Amazon.

Amazon devs, please fix this. Applying an RDT in place of the LWA signature should not be so confusing. The thread that helped me solve this same issue twice now was started in 2021: https://github.com/amzn/selling-partner-api-models/issues/1255

surkaa commented 7 months ago

the idea is good!

github-actions[bot] commented 4 months ago

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

github-actions[bot] commented 4 months ago

closed for inactivity