Access token is missing in the request header.

[LunguAlexandruMihai]

Hello,

I am encountering an error when I am trying to access https://sellingpartnerapi-na.amazon.com/sellers/v1/marketplaceParticipations, it gives me {"errors"=>[{"message"=>"Access to requested resource is denied.", "code"=>"Unauthorized", "details"=>"Access token is missing in the request header."}]}

I am using Faraday to make requests and my request headers are:

"User-Agent"=>"Wrapper 0.0.1 (Language=Ruby/2.7; Platform=Linux)", "Content-Type"=>"application/json", "x-amz-Access-Token"=>"Atza|IwEBINKEa6fOACCESSTOKEN”, "host"=>"sellingpartnerapi-na.amazon.com", "x-amz-date"=>"20210113T135214Z", "x-amz-content-sha256"=>"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "authorization"=>"AWS4-HMAC-SHA256 Credential=AKIA3TVXMI6JDCREDENTIAL/20210113/us-east-1/execute-api/aws4_request, SignedHeaders=content-type;host;user-agent;x-amz-access-token;x-amz-content-sha256;x-amz-date, Signature=f53853bd8b0c4131f4bdde5259a1995de900f9d22eecce92f61d79084f72e622"

In this request there are no body or query params.

What I've done wrong ?

Thank you very much!

[krybbio]

try remove "X-Amz-Security-Token" from headers (I never use it on selling-partner-api calls) and use these headers for signature: host user-agent x-amz-access-token x-amz-date

SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date

https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#include-a-user-agent-header-in-all-requests

[LunguAlexandruMihai]

@krybbio in x-amz-access-token should be the token from 0auth not from Sts right ?

[krybbio]

https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#step-1-request-a-login-with-amazon-access-token

I don't use STS but i think you still need this type of access token with selling-partner-api

[LunguAlexandruMihai]

@krybbio thank you for your input into this black magic / voodoo.

https://sellingpartnerapi-na.amazon.com/sellers/v1/marketplaceParticipations With these headers "User-Agent"=>"Wrapper/0.0.1 (Language=Ruby/2.7; Platform=Linux)", "X-Amz-Security-Token"=>"**_SECURITY TOKEN FROM STS_**", "Host"=>"sellingpartnerapi-na.amazon.com", "Authorization"=>"AWS4-HMAC-SHA256 Credential=**_ACCESS KEY ID FROM STS_**/20210113/us-east-1/execute-api/aws4_request, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-content-sha256;x-amz-date;x-amz-security-token, Signature=3ccea9c729430e6f4d1b7d0dc01c27ae4af9582c50b375052e1396652a4713d2", "X-Amz-Date"=>"20210113T235124Z", "X-Amz-Access-Token"=>"**### ACCESS TOKEN FROM SELLER**", "X-Amz-Content-Sha256"=>"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"

is still giving me hard time....

{"errors"=>[{"message"=>"Access to requested resource is denied.", "code"=>"Unauthorized", "details"=>"Access token is missing in the request header."}]}

response headers:

"date"=>"Wed, 13 Jan 2021 23:51:25 GMT", "content-type"=>"application/json", "content-length"=>"187", "connection"=>"keep-alive", "x-amzn-requestid"=>"236ebd58-bcd1-407f-a71c-61b9fc3e3a62", "x-amzn-errortype"=>"AccessDeniedException", "x-amz-apigw-id"=>"ZHIbkEWcIAMFQoQ="

Also I signed the headers with gem aws-sdk-signer. The application is in draft and registered with IAM User ARN which has sts role policy applied.

Other ideas? Someone from MWS Team please?

Thank you!

[jasonwells]

@LunguAlexandruMihai I was just having the same issue, but it looks like when Ruby passes headers to Net::HTTPHeader and it transforms them with a capitalize method that amazon's API doesn't like. Adding the following hack made it work for me in ruby, which helps keep the header names lowercase:

module Net::HTTPHeader
  def capitalize(name)
    name
  end
  private :capitalize
end

Hope this helps!

Update: You can also use https://github.com/typhoeus/typhoeus gem, which doesn't run through Net:HTTPHeader, and won't mess with the capitalization, but relies on native libcurl.

[LunguAlexandruMihai]

@jasonwells Thank you for your response, I applied this and still gives me hard time: {"errors"=>[{"message"=>"Access to requested resource is denied.", "code"=>"Unauthorized", "details"=>"Access token is missing in the request header."}]}

And I am signing with aws-sdk

This is how I get Sts tokens: @sts_token = Aws::STS::Client.new( access_key_id: Rails.application.credentials[:amazon][:aws_id], secret_access_key: Rails.application.credentials[:amazon][:aws_secret], region: 'us-east-1' ).assume_role( role_arn: Rails.application.credentials[:amazon][:role_arn], role_session_name: "sp-api" ).credentials

and the signing: signer = Aws::Sigv4::Signer.new( region: 'us-east-1', service: 'execute-api', access_key_id: @sts_token.access_key_id, secret_access_key: @sts_token.secret_access_key, ) signer.sign_request( http_method: http_method, url: url, headers:{ 'User-Agent' => Amazon::USER_AGENT, 'x-amz-access-token' => token, 'host' => @marketplace.host, 'x-amz-security-token' => @sts_token.session_token })

Somebody from mws support team please? @ShivikaK thanks! Request id: f552b8df-0596-4743-b27f-ea7466f2984f

Thank you!

[ShivikaK]

Hello @LunguAlexandruMihai

We will need to work with you via a support case to resolve this issue. Please open a support case so we can pursue the investigation. If you have reported a case regarding this issue, please share the case ID with me and I will get the issue expedited for support.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

[Sgroove]

@ShivikaK I have the same issue and I opened a support case (7993314141). I would appreciate your help! Thanks so much.

[UoooBarry]

@LunguAlexandruMihai I was just having the same issue, but it looks like when Ruby passes headers to Net::HTTPHeader and it transforms them with a capitalize method that amazon's API doesn't like. Adding the following hack made it work for me in ruby, which helps keep the header names lowercase:

module Net::HTTPHeader
  def capitalize(name)
    name
  end
  private :capitalize
end

Hope this helps!

Update: You can also use https://github.com/typhoeus/typhoeus gem, which doesn't run through Net:HTTPHeader, and won't mess with the capitalization, but relies on native libcurl.

U save my day

[POOJA-BFRS01535]

@ShivikaK I am also facing same issue. Tried all possible solutions. Also started using one library to connect with API. But still getting Unauthorised error. My case id is 6815508592. Could you please check it too. To be more specific about error [{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': 'Access token is missing in the request header.'}]

[wreckah]

I had the same error ("Access token is missing in the request header.") and found out, that API is case sensitive to x-amz-access-token header's name. It must be sent in lower case (using lower case for signature only is not enough). Other headers are not case sensitive (I've tested hoST, User-agenT, x-amz-Security-tokeN, x-Amz-datE).

[ritik-novostack]

@wreckah @pooja8bhatt @jasonwells @LunguAlexandruMihai @Sgroove can anyone help me in creating x-amz-Security-tokeN or aws_session_token in python?

[LunguAlexandruMihai]

@ShivikaK could you please take a look at case id 8118793081 ? Thank you very much!

[ShivikaK]

Hello @LunguAlexandruMihai

Your case has been expedited and someone from our Support team will reach out to you with next steps or for further information if needed.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

[LunguAlexandruMihai]

@ShivikaK thank you very much.

Could you please make sure that your team will take a look asap? We have a client that is jumpy and we could lose him. Thank you!

[LunguAlexandruMihai]

Hi @ShivikaK, Hope your weekend is good. I wonder why i got no response from you back on case 8118793081. Could you please advice me? Thank you very much !

[ShivikaK]

Hi @ShivikaK, Hope your weekend is good. I wonder why i got no response from you back on case 8118793081. Could you please advice me? Thank you very much !

Hello @LunguAlexandruMihai

Your case has been reviewed and next steps have been provided in the case. Apologies for the delay.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

[LunguAlexandruMihai]

Hello @ShivikaK

Thank you for your response. Could you take a look on the case again, please? I have another problem when i call post on tokens/2021-03-01/restrictedDataToken, it returns me "Application do not have access to some or all requested resource". Also could you take a look on case 8124204411 i have no response since 18 March.

Thank you!

[ShivikaK]

Hello @LunguAlexandruMihai

Your case regarding restrictedDataToken issue has been responded to. Please continue monitoring the case for follow ups.

I will also expedite the case 8124204411 for next steps.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

[LunguAlexandruMihai]

Hello @ShivikaK

Thank you for quick response and for helping us :) I answered to the ticket with fresh request(new request id and new timestamp).

Thank you!

[leoplct]

What it was the issue? i have the same issue and x-amz-access-token is correctly present and downcased

[LunguAlexandruMihai]

@ShivikaK

Hi again, could you please help with the case 8124204411 ? We answered last month and we would like if other things are required. Thank you!

[LunguAlexandruMihai]

What it was the issue? i have the same issue and x-amz-access-token is correctly present and downcased

@leoplct Ticket them. The issue was from their api.

[ShivikaK]

Hello @LunguAlexandruMihai

I have expedited the case and it should be updated soon.

Apologies for the inconvenience and delay you are facing.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

[LunguAlexandruMihai]

Hello @ShivikaK

Could you take a look on case id 8410999881 ? We have problems with integrating second client in our platform.

Thank you!

[ShivikaK]

Hello @LunguAlexandruMihai

The case has been escalated to our Support team and is currently being reviewed. Please continue monitoring the case for further updates.

Thanks, 
Shivika Khare
 Selling Partner API Developer Support

[LunguAlexandruMihai]

Hello @ShivikaK

Could you take a look on case id 8124204411 and case id 8443974701 ? We are waiting for a response on first case since April and we already lost a client because we cannot streamline the entire flow of processing an amazon order. We need that PII only to allow customers after picking and packing to buy shipping labels, nothing more. I am really sorry for bothering you but this things are urgent.

Thank you for you support!

[itsalongstory]

What it was the issue? i have the same issue and x-amz-access-token is correctly present and downcased

@leoplct Ticket them. The issue was from their api.

@leoplct @LunguAlexandruMihai

@ShivikaK I am also facing same issue. Tried all possible solutions. Also started using one library to connect with API. But still getting Unauthorised error. My case id is 6815508592. Could you please check it too. To be more specific about error [{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': 'Access token is missing in the request header.'}]

@pooja8bhatt

Developers, we're running into the same problem(#1211), The SP API didn't return the correct message details to help developers debug their applications.

Have you solved your problem yet?

[rmosemann]

I can confirm that the header x-amz-access-token must be lowercase. Otherwise, you get the dreaded "Access token is missing in the request header.", because the API doesn't find a lowercase version. This, of course, violates RFC 2616, which states that headers are case insensitive, and it doesn't follow the HTTP "good practice" of using standard case (X-Amz-Access-Token). I have not encountered this issue in the API with any other header, so far.

I created case 9385391411. Unfortunately, Amazon Support is of no help. I have gone through nearly a dozen people, now. I've supplied all of the details, timestamps and request ID's, but they tend to simply copy/paste the documentation for creating a request. Either they don't understand, which is hard to believe, or it's a problem they can't/don't want to fix. So, they punt and move on. At the very least, they could document this deviation from the specifications so that it doesn't take days for people to stumble on the solution in a Google search. The API shouldn't be a treasure hunt. Whom does that help?

For those using Perl and LWP::UserAgent, it silently converts headers to standard case by default when sending the request. You can see which headers were converted by dumping the response. It shows something like this.

  '::std_case' => {
    'if-ssl-cert-subject' => 'If-SSL-Cert-Subject',
    'x-amz-date' => 'X-Amz-Date',
    'x-amz-security-token' => 'X-Amz-Security-Token',
    'x-amz-access-token' => 'X-Amz-Access-Token'
  },

It's a little buried, but if you look through the documentation, you will find that you can "escape" a header by prepending it with a colon. That stops any kind of conversion and leaves the header exactly as you specify it. I hope this helps others.

... ":x-amz-access-token" => $ACCESS_TOKEN ...

[AXDevTimothy]

Just wanted to contribute and say that I am working on the Vendor Retail Procurement Orders API and spent half the day debugging why amazon was sending me ALL orders when I specified in the request header parameters like "PurchaseOrderState=Acknowledged". It turns out that the request headers are case sensitive and must start with lowercase characters. After modifying to lowercase, I finally got the response I was looking for.

[github-actions[bot]]

This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.

[github-actions[bot]]

closed for inactivity

[rmosemann]

I am using Faraday to make requests and my request headers are: ... "x-amz-Access-Token"=>"Atza|IwEBINKEa6fOACCESSTOKEN”

The header x-amz-access-token is REQUIRED to be all lowercase, contrary to HTTP specifications. I can't believe Amazon still hasn't fixed that. So much for standards.

Russell