leadstoloyals / node-agcod

Node.js api for the Amazon Gift Codes On Demand Web Services
5 stars 7 forks source link

The security token included in the request is invalid #8

Closed ekkis closed 2 years ago

ekkis commented 2 years ago

I'm trying to get the tests to work. the call to createGiftCard in tests/certification.js blows up with the following error:

{ request: { 
method: 'POST', 
url: 'https://agcod-v2-gamma.amazon.com/CreateGiftCard', 
headers: { 
  accept: 'application/json', 'content-type': 'application/json', 'x-amz-target': 'com.amazonaws.agcod.AGCODService.CreateGiftCard', 
  Host: 'agcod-v2-gamma.amazon.com', 'Content-Length': 105, 'X-Amz-Date': '20220502T002710Z', 
  Authorization: 'AWS4-HMAC-SHA256 Credential=AKI12345678/20220502/us-east-1/AGCODService/aws4_request, 
  SignedHeaders=accept;content-length;content-type;host;x-amz-date;x-amz-target, 
  Signature=d3a15f0cadd5e2aa8368a1628037f5b288729fe21dd10bfab6407e21235bfd40' }, 
  body: '{
    "creationRequestId":"A2c4E217cemp8xp1",
    "partnerId":"A2c4E",
    "value":{"amount":1000,"currencyCode":"USD"}}'
  }, 
  statusCode: 403, 
  message: 'The security token included in the request is invalid.' 
}

so the error is "The security token included in the request is invalid." and when I look at the signed request, it looks like this:

{
  region: 'us-east-1',
  host: 'agcod-v2-gamma.amazon.com',
  path: '/CreateGiftCard',
  body: '{"creationRequestId":"A2c4E217cemp8xp1","partnerId":"A2c4E","value":{"amount":1000,"currencyCode":"USD"}}',
  service: 'AGCODService',
  headers: {
    accept: 'application/json',
    'content-type': 'application/json',
    'x-amz-target': 'com.amazonaws.agcod.AGCODService.CreateGiftCard',
    Host: 'agcod-v2-gamma.amazon.com',
    'Content-Length': 105,
    'X-Amz-Date': '20220502T002710Z',
    Authorization: 'AWS4-HMAC-SHA256 Credential=AKI12345678/20220502/us-east-1/AGCODService/aws4_request, SignedHeaders=accept;content-length;content-type;host;x-amz-date;x-amz-target, Signature=d3a15f0cadd5e2aa8368a1628037f5b288729fe21dd10bfab6407e21235bfd40'
  },
  method: 'POST',
  securityOptions: 'SSL_OP_NO_SSLv3'
}

not knowing the Amazon system, I have no clue why this is breaking. help?

ekkis commented 2 years ago

ah... I see... it needs real credentials. when I put in my own it works fine. so I don't know how a proper test can be conducted unless we use someone's credentials

christiaanwesterbeek commented 2 years ago

Yes, I'm pretty sure that at the time I built and performed tests/certification.js, we had an Amazon account.

We were actually on the phone with some AWS employees to demonstrate this software was working. We had an AWS account to demonstrate that with. It was called a sandbox account. We were asked to perform the requests and we did them. On their end they could see it worked. Then we got certified.

But this was 2017. I don't know how the certification procedure is now.

ekkis commented 2 years ago

makes sense. there probably is no good way to provide an account for the tests to run so at the very least a notice to the user that he must provide his own account info would be good