Closed whoiswayne closed 2 years ago
I read amzn/selling-partner-api-models#730 , seems no result,
Hello @whoiswayne
We will need to work with you via a support case to resolve this issue. Please open a support case so we can pursue the investigation.
The error mainly refers to AWS credentials not being correct. When you use AssumeRole to request temporary credentials, you are required to use those temporary AWS credentials along with the STS token for the request.
But feel free to open a support case with us and we will further assist you with troubleshooting the issue.
Thanks, Shivika Khare Selling Partner API Developer Support
- Using https://github.com/amzn/selling-partner-api-models/tree/main/clients/sellingpartner-api-aa-csharp I successfully got an access token.
- Also got the x-amz-security-token from AmazonSecurityTokenServiceClient this.
- and sign successed by AWSSigV4Signer
- BUT reponse shows "Security Token Invalid". What is the error.
Any one can help me to find out the issue.
private const string MARKETPLACE_ID = "ATVPDKIKX0DER"; private const string ACCESS_KEY = "AKIAY********LHQ"; private const string SECRET_KEY = "HL5xnZ*************DhJD16Q"; private const string REGION = "us-east-1"; private const string CLIENTID = "amzn1.application-oa2-client.66********6355f1"; private const string CLIENTSCERET = "b467b034*********bdf26b"; private const string REFRESHTOKEN = "Atzr|IwEBIHAakkj***********0ZbsA"; public void foo() { AssumeRoleResponse assumeRoleResponse = null; Task.Run(async () => { assumeRoleResponse = await GetAssumeRoleTokenDetail(); }).GetAwaiter().GetResult(); var resource = $"/orders/v0/orders"; var client = new RestClient("https://sellingpartnerapi-na.amazon.com"); IRestRequest restRequest = new RestRequest(resource, Method.GET); restRequest.AddParameter("CreatedAfter", DateTime.UtcNow.AddDays(-2), ParameterType.QueryString); // DateTime.UtcNow.AddDays(-5) restRequest.AddParameter("MarketplaceIds", MARKETPLACE_ID, ParameterType.QueryString); var awsAuthenticationCredentials = new AWSAuthenticationCredentials { AccessKeyId = ACCESS_KEY, SecretKey = SECRET_KEY, Region = "us-east-1" }; var lwaAuthorizationCredentials = new LWAAuthorizationCredentials { ClientId = CLIENTID, ClientSecret = CLIENTSCERET, RefreshToken = REFRESHTOKEN, Endpoint = new Uri("https://api.amazon.com/auth/o2/token") }; restRequest = new LWAAuthorizationSigner(lwaAuthorizationCredentials).Sign(restRequest); restRequest.AddHeader("X-Amz-Security-Token", assumeRoleResponse.Credentials.SessionToken); restRequest = new AWSSigV4Signer(awsAuthenticationCredentials).Sign(restRequest, client.BaseUrl.Host); var response = client.Execute(restRequest); } private static async Task<AssumeRoleResponse> GetAssumeRoleTokenDetail() { // AWS IAM user data, NOT seller central dev data var accessKey = ACCESS_KEY; var secretKey = SECRET_KEY; var credentials = new BasicAWSCredentials(accessKey, secretKey); var client = new AmazonSecurityTokenServiceClient(credentials); var assumeRoleRequest = new AssumeRoleRequest() { DurationSeconds = 3600, // role ARN you create here: // https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#step-4-create-an-iam-role RoleArn = "arn:aws:*****873:role/FzoneDev_Role", RoleSessionName = DateTime.Now.Ticks.ToString() }; var assumeRoleResponse = await client.AssumeRoleAsync(assumeRoleRequest); return assumeRoleResponse; }
Try to Use my library handle most of requirement https://github.com/abuzuhri/Amazon-SP-API-CSharp
This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.
Any one can help me to find out the issue.