authorization (RDT?) error when trying to call createShipment() with the sandbox endpoint

[mehgcap]

Hello,

I'm working with a small team to try to port our existing shipping software from MWS to the new SP API. Currently, we're working only with the sandbox endpoints. The software basically needs to get order items, get shipping services, and create a shipment with the service it chose. Our workflow is, basically:

• given an order number, get the list of items
• get available shipping services for the order
• choose a service, and set its service ID and offer ID in our request
• use the request to run createShipment()

Currently, our software can get order items and shipping services just fine. Obviously, we ignore the services since the sandbox requires hard-coded values, but we have to make sure the calls will work in production. Still, everything works until the call to createShipment(). At that point, there's an error that seems to be related to getting the RDT, from what I can tell. I'll paste the error and full trace below, at least the part involving the library.

First the actual error from Amazon, not that it tells me much:

[400] {
  "errors": [
    {
      "code": "InvalidInput",
      "message": "Could not match input arguments",
      "details": ""
    }
  ]
}

Now, the relevant part of the trace:

#0 vendor/jlevers/selling-partner-api/lib/Api/TokensV20210301Api.php(54): SellingPartnerApi\Api\TokensV20210301Api->createRestrictedDataTokenWithHttpInfo()
#1 vendor/jlevers/selling-partner-api/lib/Authentication.php(324): SellingPartnerApi\Api\TokensV20210301Api->createRestrictedDataToken()
#2 vendor/jlevers/selling-partner-api/lib/Authentication.php(199): SellingPartnerApi\Authentication->getRestrictedDataToken()
#3 vendor/jlevers/selling-partner-api/lib/Configuration.php(414): SellingPartnerApi\Authentication->signRequest()
#4 vendor/jlevers/selling-partner-api/lib/Api/MerchantFulfillmentV0Api.php(848): SellingPartnerApi\Configuration->signRequest()
#5 vendor/jlevers/selling-partner-api/lib/Api/MerchantFulfillmentV0Api.php(828): SellingPartnerApi\Api\MerchantFulfillmentV0Api->createShipmentWithHttpInfo()
#6 carrierAPIs/AmazonSellingPartner.php(105): SellingPartnerApi\Api\MerchantFulfillmentV0Api->createShipment()

As I said, the request object being sent appears to have the right data for use with static sandbox endpoints. The data and keys/secrets work perfectly when getting order items and shipping services. It seems like a PII operation is where things fall apart, even though this should all be doable with the sandbox. It's as though the token being generated is invalid, or not authorized, which should be impossible with the sandbox. This is only coming from a few days of all of us desperately reading and trying things, though, so we could all be completely off base in these conclusions. Still, other issues on this library all seem to work with live data, so I'm wondering if our use of the sandbox is less well-tested and might therefore be exposing a bug. Thank you in advance for any help.

[mehgcap]

This does indeed appear to be a bug. In Authentication.php, line 202 is:

$accessToken = $relevantCreds->getSecurityToken();

Just before that line, adding the line

$relevantCreds = $this->getAwsCredentials();

fixes the problem I've been having. Basically, I'm intentionally forcing the code to never try to use the RDT. After this change, the tests I've been running started working perfectly. The call to createShipment, which would previously fail when the request was being signed, now returns a result just as it should.

Based on this experiment and my limited understanding of the SP API, it seems that sandbox operations shouldn't try to use an RDT at all. They should cause Authentication.php to always act as though the RDT were not required. The edit I made is definitely not a real patch. It's just a proof of concept to see if my idea would work. I don't feel I have the time or knowledge to fix this for real and submit a pull request. For someone more familiar with this library, though, the change should be easy enough.

[jlevers]

Thanks for pointing this out. It should be fixed in the latest version (v5.8.4).

[mehgcap]

I'm on the latest version, 5.8.4, and am still experiencing the RDT problem. When my test file tries to create a shipment, I get an error with the library trying to create an RDT. My endpoint is still the sandbox, as it was previously.

[x140l31]

The problem is that is checking host vs scheme+host

Even fixing that, will end up in error due to $relevantCreeds is null.

I did a PR that works and I guess is the most logical solution

https://github.com/jlevers/selling-partner-api/pull/577