search

amzn / selling-partner-api-models

This repository contains OpenAPI models for developers to use when developing software to call Selling Partner APIs.
Apache License 2.0
580 stars 730 forks source link

Access to requested resource is denied. #882

Closed midi-red closed 3 years ago

midi-red commented 3 years ago

I have been trying to use Amazon SP-API recently but somehow I am getting Unauthorized message. I followed all the steps on Amazon Selling API Developer Guide, and successfully went through all of them. I also created an app under Seller Central > Apps & Services > Develop Apps. But I am still getting this error for any type of api call for java client:

Error while trying to fetch marketplace participations: com.amazon.sellingpartner.ApiException: Forbidden at com.amazon.sellingpartner.ApiClient.handleResponse(ApiClient.java:953) at com.amazon.sellingpartner.ApiClient.execute(ApiClient.java:869) at com.amazon.sellingpartner.api.SellersApi.getMarketplaceParticipationsWithHttpInfo(SellersApi.java:143) at com.amazon.sellingpartner.api.SellersApi.getMarketplaceParticipations(SellersApi.java:130) at sample.spapi.SPAPI.getMarketplaceParticipations(SPAPI.java:46) at sample.spapi.Main.main(Main.java:12)

I also tried to test several APIs using curl but I am getting same error: { "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ] }

I can confirm that I am able to get x-amz-access-token and X-Amz-Security-Token. Here is a sample request I make with curl: curl --location --request GET 'https://sellingpartnerapi-na.amazon.com/sellers/v1/marketplaceParticipations' --header 'x-amz-access-token: Atza|IwEBIMrpzN5AIsBvquB2YRCg2ZzjCMzWV8ogtRjr4z72schJkGxG0lx_ZBJfzaAhp7hMU2Ef6fVX_7xo6m_6C8Hr9_t4li2Zh6YJriixCLcouEzB_NG5Otz8G-qpMH**** --header 'X-Amz-Security-Token: FwoGZXIvYXdBraaJtuNdkrr/1iCKwARqPIJ8****' --header 'X-Amz-Date: 20201212T040340Z' --header 'Authorization: AWS4-HMAC-SHA256 Credential=ASIAW27S6DNFWJCPUDUQ/20201212/us-east-1/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=ba9473e7842443ce6a66190770cc95****'

I opened a case 12 days ago but no response yet. Case id: 7722836221. Any help is appreciated.

umerfarooqkit commented 3 years ago

the ARN attached to the app is that of the role or the user?

If its the user then you need to add the SellingPartnerAPI policy (step 3 from the guide) directly on the user, would show up as policy type of "Managed Policy". If you user route... you don't have to do the STS assumeRole logic either. and can call with just x-amz-access-token.

midi-red commented 3 years ago

@umerfarooqkit

the ARN attached to the app is that of the role or the user?

If its the user then you need to add the SellingPartnerAPI policy (step 3 from the guide) directly on the user, would show up as policy type of "Managed Policy". If you user route... you don't have to do the STS assumeRole logic either. and can call with just x-amz-access-token.

I am attaching user arn something like arn:aws:iam::111111111111:user/username I also created SellingPartnerAPI policy as directed in the guide. I first tried without STS assumeRole logic but it gave me an error for that: Exception in thread "main" com.amazonaws.services.securitytoken.model.AWSSecurityTokenServiceException: User: arn:aws:iam::111111111111:user/username is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::111111111111:role/userrole (Service: AWSSecurityTokenService; Status Code: 403; Error Code: AccessDenied; Request ID: 14999031-1087-4004-a953-3e265876f27d)

Then created STS assume role as well, then gave me same error as in my original question: Error while trying to fetch marketplace participations: com.amazon.sellingpartner.ApiException: Forbidden at com.amazon.sellingpartner.ApiClient.handleResponse(ApiClient.java:953) at com.amazon.sellingpartner.ApiClient.execute(ApiClient.java:869) at com.amazon.sellingpartner.api.SellersApi.getMarketplaceParticipationsWithHttpInfo(SellersApi.java:143) at com.amazon.sellingpartner.api.SellersApi.getMarketplaceParticipations(SellersApi.java:130) at sample.spapi.SPAPI.getMarketplaceParticipations(SPAPI.java:57) at sample.spapi.Main.main(Main.java:16)

@nodisk8800 Yes, I have been doing that. I am really out of ideas. I have created 5 apps and every time I read through the guide just in case I do not miss any point but no luck. @ShivikaK Any help with this is appreciated.

definedfunctions commented 3 years ago

I am having the same issues, also with no insights from support despite despite sending multiple, detailed examples.

Have tried everything suggested here with no luck.

rogersv commented 3 years ago

@midi-red your curl call looks correct.

In which region did you register your app? I got the same problem when calling the na-endpoint since my app was created in the EU region.

If it was created for EU then try to call the eu-endpoint and still use the marketplaceId for US.

Otherwise you must have a problem with the aws configuration.

parvathm commented 3 years ago

Hi @midi-red,

Your case is updated. If you are still having issues. Please open a support case for further investigation.

Thanks, Parvathm, Selling Partner API Developer Support