Closed The-Geology-Guy closed 1 year ago
See duplicate bug amzn/selling-partner-api-models#699 and bug amzn/selling-partner-api-models#786 .
Hello @The-Geology-Guy
We will need to work with you via a support case to resolve this issue. Please open a support case so we can pursue the investigation.
Thanks, Shivika Khare Selling Partner API Developer Support
If he followed the documentation then there's no hope of it working, because the documentation is still totally broken last I checked. Do what bug amzn/selling-partner-api-models#786 says and it will probably be fixed.
Hi, We have the next problem with SP-API. The aplication is HIPER_CALZADO (draft state) I follow having the ERROR with the SP-API: Access to Orders.ListOrders is denied
We have opened in Amazon the case 6560068722 from 16th December without reply. After that we have opened other case where Amazon asked me:
Operation:Orders: ListOrders MarketplaceId:mws.amazonservices.es RequestId:71887a1d-f6ac-4937-9806-c2da4b0eb9a3 TimeStamp:2021-01-07T09%3A27%3A40Z
After I reply this Amazon don't reply. We are on a dead end with the problem: Access to Orders.ListOrders is denied
Can someone help us? Please.
If bug amzn/selling-partner-api-models#786 fixed that issue, then please note and close this as a duplicate of bug amzn/selling-partner-api-models#786 so it's obvious.
Hi, We have the next problem with SP-API. The aplication is HIPER_CALZADO (draft state) I follow having the ERROR with the SP-API: Access to Orders.ListOrders is denied
We have opened in Amazon the case 6560068722 from 16th December without reply. After that we have opened other case where Amazon asked me:
Operation:Orders: ListOrders MarketplaceId:mws.amazonservices.es RequestId:71887a1d-f6ac-4937-9806-c2da4b0eb9a3 TimeStamp:2021-01-07T09%3A27%3A40Z
After I reply this Amazon don't reply. We are on a dead end with the problem: Access to Orders.ListOrders is denied
Can someone help us? Please.
Hello @FranciscoVi ,
I am following up on your case 6560068722 to expedite it and someone from our team will reach out to you regarding next steps or if they require additional information.
Thanks, Shivika Khare Selling Partner API Developer Support
Hello @FranciscoVi ,
I am following up on your case 6560068722 to expedite it and someone from our team will reach out to you regarding next steps or if they require additional information.
Thanks, Shivika Khare Selling Partner API Developer Support
Gracias Shivika. Aun
Thanks Shivika, They have not contacted me yet. Please can you give them another notice. We are still waiting since December 16. Best Regards. Francisco.
Thanks Shivika, They have not contacted me yet. Please can you give them another notice. We are still waiting since December 16. Best Regards. Francisco.
Hello @FranciscoVi ,
I am following up on your case 6560068722 to expedite it and someone from our team will reach out to you regarding next steps or if they require additional information.
Thanks, Shivika Khare Selling Partner API Developer Support
Hi Shivika, Please, look up this https://github.com/amzn/selling-partner-api-models/issues/1039 It is true that currently the AP-API is not enabled in EU region which is why we are receiving access denied error?
Amazon have capped the full address delivery in the old MWS API from 4 months ago, and we can't get the full address because you have the new SP-API disabled in EU region... How then can we solve this problem?
Hello @FranciscoVi
If you are receiving access denied errors for FBA Inventory API in EU then yes it is due to the API not being available as of now in EU and FE. We are working on expediting the launch for this API.
Thanks, Shivika Khare Selling Partner API Developer Support
Thanks Shivika. Please, inform me as soon as possible when the API is availabled in EU zone. I have the additional problem Amazon will require from April 1 to upload all invoices for business customers. We have a lot of sales and we need upload the invoices with the SP-API. Thanks. Francisco.
Thanks Shivika. Please, inform me as soon as possible when the API is availabled in EU zone. We have been waiting for 4 months and we are running out of time. I have the additional problem Amazon will require from April 1 to upload all invoices for business customers. We have a lot of sales and we need upload the invoices with the SP-API. Thanks. Francisco.
Hello, someone has been able to work with the new SP-API in the euro zone? Thanks. Jusj.
Hello, someone has been able to work with the new SP-API in the euro zone? Thanks. Jusj.
Sorry, SP-API in EU region is disabled and Amazon does not yet have an expected activation date.
@FranciscoVi the SP-API exists in the EU-zone too. i just tried a call for getting orders and it works. Shivika only said that the FBA-inventory API was disabled, right?
@FranciscoVi the SP-API exists in the EU-zone too. i just tried a call for getting orders and it works. Shivika only said that the FBA-inventory API was disabled, right?
Ohhh, What a wonderful news. We are having the error "Access to Orders.ListOrders is denied" and Shivika told me 2 month ago the reason is SP-API is disable in EU region. Can you help me telling me where we have the error?
------------------------------ API Selection ------------------------------ API Section: Orders Operation: ListOrders
------------------------------ Authentication ------------------------------
SellerId: XXXXXXXXXXXXXX MWSAuthToken: XXXXXXXXXX.... AWSAccessKeyId: XXXXXXXXXXXXXXXXXXXX Secret Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Endpoint: mws.amazonservices.es
------------------------------ Request Details ------------------------------ POST /Orders/2013-09-01?AWSAccessKeyId=XXXXXXXXXXXXXXXXXXXX &Action=ListOrders &SellerId=XXXXXXXXXXXXXX &MWSAuthToken=XXXXXXXXXX.... &SignatureVersion=2 &Timestamp=2021-02-02T09%3A30%3A51Z &Version=2013-09-01 &Signature=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX &SignatureMethod=HmacSHA256 &MarketplaceId.Id.1=A1RKKUPIHCS9HS HTTP/1.1 Host: mws.amazonservices.es x-amazon-user-agent: AmazonJavascriptScratchpad/1.0 (Language=Javascript) Content-Type: text/xml
------------------------------ Response ------------------------------ <?xml version="1.0"?>
AccessDenied
I would really appreciate your help. From Amazon support they only limit themselves to answering that SP-API is disabled in EU region. Thanks.
Well I have only used the self auth and my app is not published. I have only used the SP-API (not the MWS). Are you using a hybrid between MWS and the SP-API? Your call seems to be to the MWS endpoint.
The called I used was this one https://github.com/amzn/selling-partner-api-models/blob/927faf03eeda694726bed552313c7f45c971cc3e/models/orders-api-model/ordersV0.json#L27.
Hello @FranciscoVi
Currently FBA Inventory API is not available in EU and JP.
But if you are getting access denied issues for any other API, it could be due to permission issues with the application, if you are using IAM role entity and not adding STS token to your request along with LWA access token or if you are using IAM user but the IAM policy is not directly added to the IAM user.
Please confirm the APIs you are getting access denied errors for in the case 6560068722 that you have opened with us and our team can further help troubleshoot the error.
Thanks, Shivika Khare Selling Partner API Developer Support
Sorry @rogersv and @ShivikaK , I got confused and pasted the old code for MWS.
About the policy we are using: ------------------------------ Policy Details ------------------------------ { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "execute-api:Invoke", "Resource": "arn:aws:execute-api:::*" } ] }
Here the code we are using now for SP-API: ------------------------------ Request Details ------------------------------
<?php
$access_key = 'XXXXXXXXXXXXXX'; $secret_key = 'XXXXXXXXXXXXXX'; $merchant_id = 'XXXXXXXXXXXXXX'; $refresh_token = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; $id_cliente = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; $client_secret = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
$ch = curl_init(); curl_setopt($ch, CURLOPT_URL,"https://api.amazon.com/auth/o2/token"); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: api.amazon.com','Content-Type: application/x-www-form-urlencoded;charset=UTF-8')); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=refresh_token&refresh_token=".$refresh_token."&client_id=".$id_cliente."&client_secret=".$client_secret); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch); curl_close($ch); $array_response = json_decode($response); $token = $array_response->access_token;
$version = '2011-06-15'; $action = 'AssumeRole'; $requestPayload = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; $role_arn = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; $role_session_name = 'XXXXXXXXXXXXXXXXXXXXXX'; $resquestIAM = "Version=".$version."&Action=".$action."&RoleSessionName=".$role_session_name."&RoleArn=".$role_arn; $signature = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; $url_sts = 'https://sts.eu-west-1.amazonaws.com/'; $user_agent = 'XXXXXXXXXXXXXXXXXXXXXXXXXXX'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url_sts); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Host: sts.eu-west-1.amazonaws.com','Authorization: AWS4-HMAC-SHA256 Credential=XXXXXXXXXXXXXXXXXXX/'.$date.'/eu-west-1/sts/aws4_request, SignedHeaders=content-type;host;x-amz-date, Signature='.$signature, 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8', 'Accept: application/json', 'user-agent: '.$user_agent, 'x-amz-access-token:'.$token, 'x-amz-date:'.$fecha)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $resquestIAM); $response = curl_exec($ch); curl_close($ch); $array_sts = json_decode($response); var_dump($array_sts); $iam_session_token = $array_sts->AssumeRoleResponse->AssumeRoleResult->Credentials->SessionToken; $iam_access_key_id = $array_sts->AssumeRoleResponse->AssumeRoleResult->Credentials->AccessKeyId; $iam_secret_access_key = $array_sts->AssumeRoleResponse->AssumeRoleResult->Credentials->SecretAccessKey;
$signature = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; $url = "https://sellingpartnerapi-eu.amazon.com/orders/v0/orders"; $user_agent = 'XXXXXXXXXXXXXXXXXXXXXXXXX'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded;charset=UTF-8', 'user-agent: '.$user_agent, 'x-amz-access-token:'.$token, 'x-amz-security-token:'.$iam_session_token, 'x-amz-date:'.$fecha, 'Authorization: AWS4-HMAC-SHA256 Credential='.$iam_access_key_id.'/'.$date.'/eu-west-1/execute-api/aws4_request, SignedHeaders=host;content-type;user-agent;x-amz-access-token;x-amz-security-token;x-amz-date, Signature='.$signature, 'Host: sellingpartnerapi-eu.amazon.com')); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS,"MarketplaceIds=A1RKKUPIHCS9HS"); $response = curl_exec($ch); curl_close($ch); $prueba = json_decode($response); var_dump($response); ?>
------------------------------ Response ------------------------------ string(141) "{ "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ] }"
Can you help me about this Unauthorized error? Thank you very much!!
Hi, we have opened in Amazon the case 6837269402 The aplication is andresmachado (draft state) we try to authorize the app using the Self Authorization method I follow having the ERROR with the SP-API:
GET /sellers/v1/marketplaceParticipations HTTP/1.1 host: sellingpartnerapi-eu.amazon.com Accept: application/json Content-Type: application/json user-agent: cs-php-sp-api-client/2.1 x-amz-access-token: XXXXXXXXX x-amz-date: 20210317T083907Z x-amz-security-token: XXXXXXXXX Authorization: AWS4-HMAC-SHA256 Credential=XXXXXXXXX/20210317/eu-west-1/execute-api/aws4_request, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date;x-amz-security-token, Signature=XXXXXXXXX
< HTTP/1.1 403 Forbidden < Date: Wed, 17 Mar 2021 08:39:08 GMT < Content-Type: application/json < Content-Length: 141 < Connection: keep-alive < x-amzn-RequestId: 6eeee2ca-49b3-429a-bbe4-87e09dd2c4f3 < x-amzn-ErrorType: AccessDeniedException < x-amz-apigw-id: cUr2-HUHDoEFrlw= <
Exception when calling SellersApi->getMarketplaceParticipations: [403] Client error: GET https://sellingpartnerapi-eu.amazon.com/sellers/v1/marketplaceParticipations
resulted in a 403 Forbidden
response:
{
"errors": [
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"det (truncated...)
Can someone help us? Please.
Hello @FranciscoVi
For access denied errors, we request you to provide all the required information in the support case that you have created with us so that the Support engineer can further troubleshoot this and provide you with next steps.
Please provide all this information in the open Support case.
Thanks, Shivika Khare Selling Partner API Developer Support
@FranciscoVi your SignedHeaders should be sorted in alphabetical order. That's probably one of the errors. Look at the python example here https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html and check the comments in the code. It might help you.
Thank you very much @rogersv I tried following the steps indicated on that page, but we keep getting the same error: string(141) "{ "errors": [ { "message": "Access to requested resource is denied.", "code": "Unauthorized", "details": "" } ] }"
@ShivikaK I am going to update my support case. It is the CaseID: 6560068722. I hope this time Amazon support reply. Last time they told me: "Currently this API is not enabled in EU and FE regions which is why you are receiving access denied error. We are working in order to enable this API in EU and FE region." Can you let them know? Thanks.
I have solved it by creating a new app using ARN role instead of ARN user.
If you register your application using your IAM user, be sure that the IAM policy is attached to it. Otherwise your calls to the Selling Partner API will fail. We recommend registering your application using an IAM role, as shown in this workflow, to help you better control access to your AWS resources.
Hi @jusjjusj , Yes, I tried that way too, but the respond was the same. Thank you anyway.
Hi @jusjjusj , Yes, I tried that way too, but the respond was the same. Thank you anyway.
Hi Francisco, did you made any progress on this. I Am having the same issue
Sorry @diegocvazquez Amazon don't reply the case.
Hi @ShivikaK , can you help us with this issue? Amazon doesn't reply the cases about "Access to requested resource is denied." from EU regions. For example the CaseID: 6560068722 wasn't reply.
Hello @FranciscoVi
I will expedite the support case for resolution and you should receive an update on the case by next week.
Thanks, Shivika Khare Selling Partner API Developer Support
Thank you very much @ShivikaK I hope this time Amazon reply my case.
Thanks. Francisco.
Same error any news? Forbidden calling https://sellingpartnerapi-eu.amazon.com/sellers/v1/marketplaceParticipations my case #6989728532 no response
For now there is no news. It is an error that Amazon is trying to solve.
6989728532
Hello @daloch
Apologies for the delay and inconvenience caused.
The case is being reviewed by Support team and it will be updated with next steps accordingly.
Please continue monitoring the case.
Thanks, Shivika Khare Selling Partner API Developer Support
Hi @FranciscoVi, I guess SP-API have problems with the EU zone, at least in the sandbox environment. We have an application (eDock) using MWS and trusted by hundreds of sellers. We are in process of migrating everything to the new SP-API before the end of September because this is what Amazon asked.
My findings:
Marco
Hi @marconline and @daloch, you can solve this problem if you use method GET (not post)
Any update?. I am still getting the issue 'Access to requested resource is denied.'.And my marketplace in seller account is India.
me too @japan
Any updates on this issue? @ShivikaK
me too @ShivikaK
This is a very old issue that is probably not getting as much attention as it deserves. We encourage you to check if this is still an issue after the latest release and if you find that this is still a problem, please feel free to open a new issue and make a reference to this one.
closed for inactivity
We have gone through the Documentation and set up everything as it should be -- double and triple checking everything. The main issue is that when we use the code (below), we run into the 'Unauthorized' error. Additionally, when we try to authorize the app (which has the status of 'draft') using the Self Authorization method, it does nothing.
Even while following the documentation exactly, we have not found a solution.
Code we are trying to use to connect to the SP-API:
sp_api is from https://github.com/saleweaver/python-amazon-sp-api
which works for others, but not for us.
from sp_api.auth.access_token_client import AccessTokenClient
======== GET AUTH ========
Set environment variables.
os.environ["SP_API_REFRESH_TOKEN"] = "Atzr|xxxxxxxxx" os.environ["LWA_APP_ID"] = "amzn1.application-oa2-client.xxxxxxxxx" os.environ["LWA_CLIENT_SECRET"] = "xxxxxxxxx" os.environ["SP_API_SECRET_KEY"] = "xxxxxxxxx" os.environ["SP_API_ACCESS_KEY"] = "xxxxxxxxx" os.environ["SP_API_ROLE_ARN"] = "arn:aws:iam::xxxxxxxxx:role/SellerPartnerAPIRole" os.environ["SP_AWS_REGION"] = "us-east-1"
Credentials for user created following the docs
amw_client = boto3.client( 'sts', aws_access_key_id=os.environ.get("SP_API_ACCESS_KEY"), aws_secret_access_key=os.environ.get("SP_API_SECRET_KEY"), region_name=os.environ.get("SP_AWS_REGION") )
ROLE created following the docs
STS assume policy must be included in the role
res = amw_client.assume_role( RoleArn=os.environ.get("SP_API_ROLE_ARN"), RoleSessionName='SellingPartnerAPIRole' )
Credentials = res["Credentials"] AccessKeyId = Credentials["AccessKeyId"] SecretAccessKey = Credentials["SecretAccessKey"] SessionToken = Credentials["SessionToken"]
aws_auth = AWSSigV4('execute-api', aws_access_key_id=AccessKeyId, aws_secret_access_key=SecretAccessKey, aws_session_token=SessionToken, region=os.environ.get("SP_AWS_REGION") )
params_ = { "reportTypes": { "value": [ "FEE_DISCOUNTS_REPORT", "GET_AFN_INVENTORY_DATA" ] }, "processingStatuses": { "value": [ "IN_QUEUE", "IN_PROGRESS" ] } }
request_url = 'https://sandbox.sellingpartnerapi-na.amazon.com'
======== CONSUME API ========
The 'AccessTokenClient().get_auth().access_token' provides the 'Atza|xxxxx' token.
resp = requests.get(request_url, auth=aws_auth, headers={'x-amz-access-token': AccessTokenClient().get_auth().access_token})
print(resp.json())