Closed a-Akanksha-dixit closed 1 year ago
If you attach the policy that allows you to make requests to the SP API (the ExecuteAPI
policy) directly to your AWS IAM user instead of to an IAM role, you can make requests without ever calling STS. This isn't recommended, as it's not as secure, but it is possible.
Since I haven't heard anything from you, I'm going to assume you're all set. Feel free to reopen this if you need more help.
I'm trying to make a custom authorization file to override current SellingPartnerApi\Authentication file. While debugging code flow i came to realise that while signing non-sts calls we are not sending X-Amz-Security-Token ( session token received by generating temporary assume role (sts) call ) in header while signing the api request.
I was wondering why this is not throwing any exception while making calls to Amazon, i regenerated api calls on Postman in which i made some changes:-
While in every documentation of Sp-Api, Amazon has mentioned to use Assume role for authorization, i'm still able to get 100% success rate in every api calls of Amazon.(I have tried report, catalog, productType and order apis by this method).
Does amazon has lifted restriction to send Assume roles keys or is it some bug i'm not able to understand.
i'm providing a signed api of your sdk which do not include X-Amz-Security-Token in headers and i've given random awsAcesskey and awsSecretKey (PS i have overrided getRoleCredentials to do not generate new role keys instead return those random values ) and still api calls are successful with status code 200.
GuzzleHttp\Psr7\Request Object ( [method:GuzzleHttp\Psr7\Request:private] => GET [requestTarget:GuzzleHttp\Psr7\Request:private] => [uri:GuzzleHttp\Psr7\Request:private] => GuzzleHttp\Psr7\Uri Object ( [scheme:GuzzleHttp\Psr7\Uri:private] => https [userInfo:GuzzleHttp\Psr7\Uri:private] => [host:GuzzleHttp\Psr7\Uri:private] => sellingpartnerapi-eu.amazon.com [port:GuzzleHttp\Psr7\Uri:private] => [path:GuzzleHttp\Psr7\Uri:private] => /catalog/2022-04-01/items [query:GuzzleHttp\Psr7\Uri:private] => identifiers=B08YRD1CNN&identifiersType=ASIN&marketplaceIds=A21TJRUUN4KGV&pageSize=10 [fragment:GuzzleHttp\Psr7\Uri:private] => )
)
Please provide an explanation why is it so.