'message': 'Access to requested resource is denied.', 'code': 'Unauthorized' issue

[The-Geology-Guy]

I have been getting this error for every request. I currently have a Seller Central account and I am trying to gain access to the api. I have followed the documentation provided by amazon to set up the necessary credentials, but still receive the 'Access to requested resource is denied.' error message. I have checked in on the access_token that is being generated and it matches the 'Atza|xxxxxx' format, so I do not believe that is the issue.

Additionally, I have been following the Self Authorization guidelines to get the refresh token used here, so I am unsure as to why I am getting the error.

I have searched through the issues here and under the Seller-partner-api-docs and found no solution.

from sp_api.api.orders.orders import Orders

os.environ["SP_API_REFRESH_TOKEN"] = "Atzr|xxxxxxxx"
os.environ["LWA_APP_ID"] = "amzn1.application-oa2-client.xxxxxxxx"
os.environ["LWA_CLIENT_SECRET"] = "xxxxxxxx"
os.environ["SP_API_SECRET_KEY"] = "xxxxxxxx"
os.environ["SP_API_ACCESS_KEY"] = "xxxxxxxx"
os.environ["SP_API_ROLE_ARN"] = "arn:aws:iam::xxxxxxxx:role/SellerPartnerAPIRole"
os.environ["SP_AWS_REGION"] = "us-east-1"

try:
    res = Orders().get_orders(CreatedAfter=(datetime.datetime.utcnow() - datetime.timedelta(days=7)).isoformat())
    print(res.payload)  # json data
except SellingApiException as ex:
    print(ex)

output {'Date': 'Wed, 27 Jan 2021 15:22:51 GMT', 'Content-Type': 'application/json', 'Content-Length': '141', 'Connection': 'keep-alive', 'x-amzn-RequestId': '387bf5b0-58c6-4dee-93a0-47c3da1fadc0', 'x-amzn-ErrorType': 'AccessDeniedException', 'x-amz-apigw-id': 'Z0HDvHjOoAMF0Aw='} {'errors': [{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': ''}]} [{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': ''}]

Any help will be greatly appreciated!

[saleweaver]

You have to set environment variables from the cli with export ... ...

[sdaeric19]

Hello @saleweaver Thank you for creating this library and documentation, massively appreciated.

I'm also facing the exact same issue as @The-Geology-Guy .

I created AWS CLI Named Profile for my IAM User, connected the IAM role as per AWS documentation and exported the Named profile as env variable. But still getting response. ==> "[{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': ''}]"

What am I missing?

Best wishes, Eric

[sdaeric19]

BTW my Developer Profile was approved via email from Seller Central Support but still shows "Your developer registration is under review" under Apps & Services -> Develop Apps.

So my Application Client Status is showing "Draft". Wondering if this has anything to do with why it's not working.

Kindly advise. Many thanks

[saleweaver]

Can you check if one of the credentials I've noted here is wrong? The client status is draft unless you publish the app on the mws app store, so this shouldn't be the issue here. I don't know if "Your developer registration is under review" could be the culprint, might be though.

For the moment you should start with checking the credentials from the link, try a different endpoint maybe and see if that works.

Did you register the application with the role's ARN or the user's ARN?

[t-wittkopf]

I encountered the same error. The solution for me was to switch to the correct Marketplace in the client. I tried calling the DE marketplace but default in the client is the US marketplace. So if you have registered your app to another marketplace than US then you have to edit the client. At least that worked for me. Also thanks for this great wrapper btw Michael!

[saleweaver]

@t-wittkopf Thanks for this addition, that's a good hint! Would you mind to add this as an answer to the FAQ please

[t-wittkopf]

@saleweaver done!

[saleweaver]

Danke dir!

[ritik-novostack]

` from sp_api.api.orders import orders

from sp_api.base import SellingApiException

from datetime import datetime,timedelta

credentials=dict( refresh_token='Atzr|IwEBID4iuveBq95IlPBzGRq2KK3PhWUWAC5HQ7Wj9-dsIz4lKqfI- 0IP5dSoojHbV3fZg8TuwCqCOVgSexu9r16iQON8tRAydx5RPGPMd-
sYHV0Z__G2YtN6rja3eYCksRIo2Zc4DfEsBSViQhp4mUchLyqrAb2vvCgCyYeftKl6Adwtycc7R7REhbQdz2KjUa0IcFNwne2b- SoWOZnaYBhh2hohFsoCoWHvOMbhKNPmi4L7Nl8joMTlgY2tdZffo50Rb_izOxNZ0DrfKDuYmaKbF_FOIVW5ppYLbH1KaVVnABL- 0wkBD7i2fxh_Qp4rFIqOC5w',

    lwa_app_id='amznx.application-oax-clientxxbxae94d0eexxfef85b2bxxaxxxxfcfx',

    lwa_client_secret='exbxfadbxcaxaxxxxxxxcxxxxxcxbc4ee9eeed066080ab587e3356e82c1cd244',

    aws_secret_key='Yx9xGxApxxxx9qNxxxMx3bMSxxxxxjlRkpoxxf',

    aws_access_key='AKIAUWGxANxxxxxAEHRJK',

    role_arn='arn:aws:iam::32252942xxxx:role/SellingPartnerRole2',

    #aws_region='ap-south-1',
)

try:

res=orders.Orders(credentials=credentials).get_orders(CreatedAfter=(datetime.utcnow() - timedelta(days=7)).isoformat())

print(res.payload)

except SellingApiException as ex:

print(ex)`

i am putting all of the credentials correctly from the seller center but i am getting this error [{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': ''}] can u please tell me where i am doing thinks worng?

[saleweaver]

@ritik-novostack Did the proposed solutions above and in the FAQ not work for you? The region you are using is definitely wrong, maybe you have to pass a marketplace as explained in the docs?

[ritik-novostack]

@saleweaver where to put market place credentials?

[saleweaver]

@ritik-novostack Here's the client usage explained, just pass it as a parameter:

https://python-amazon-sp-api.readthedocs.io/en/latest/client_usage/

[ritik-novostack]

orders.Orders(credentials=credentials).get_orders(CreatedAfter=(datetime.utcnow() - timedelta(days=7)).isoformat()) can u please tell me where to put this parameter in above code? @saleweaver

[saleweaver]

@ritik-novostack

Orders(marketplace=Marketplaces.<Your marketplace>, credentials=credentials )

[ritik-novostack]

@saleweaver still getting the same error [{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': ''}]

[saleweaver]

@ritik-novostack Then you'll have to check your credentials and your app's permissions.

[t-wittkopf]

@ritik-novostack have you maybe used the App ID instead of the LWA Client identifier as value for the credentials lwa_app_id parameter? It's a bit confusing. You can find the LWA Client in your selllercentral when clicking on View under LWA Credentials.

[saleweaver]

@t-wittkopf It has to be the LWA client id, the one they have looks correct. It's pretty hard to debug since amazon doesn't return any helpful error descriptions... Since the role already has a trailing 2, my best guess is that the credential's setup is mixed up somehow.

[ritik-novostack]

@t-wittkopf @saleweaver i am putting the LWA client id in lwa_app_id can u please help me in figuring out the app setting that to be change?

[saleweaver]

@ritik-novostack Your settings seem to be correct, at least where you put which value. Your credentials look like you've tried to create at least the role multiple times; to figure out if there's a problem with permissions, or if your app registration in sellercentral is correct, I'd need more information. Maybe just try to start from scratch and create a set of new user, role, ... as in Amazon's docs, create a new app and try with that. It's very important to follow the guide closely.

[ritik-novostack]

@saleweaver i have already registered 2 app in sellercentral by following there sp api guide closely. please tell me which information u want from me to correctly configure the sp api?

[ritik-novostack]

@saleweaver man can u please help me regrading this issue because i am helpless right now?

[sdaeric19]

@ritik-novostack what are you struggling with? Have you set the 6 credentials correctly? Have you passed marketplace parameter in the client like this?

res = Sales(marketplace=Marketplaces.GB).get_order_metrics(marketplaceIds=["A1F83G8C2ARO7P"],
                                                               interval=(start_time, end_time),
                                                               granularity=Granularity.TOTAL)

[saleweaver]

@sdaeric19 They have set them all, yes. Either they are calling an endpoint they don't have permissions to call, or they are using wrong credentials or they are mixed up. @ritik-novostack Please provide the information I've asked for yesterday and try the steps I recommended yesterday, then we can look into this further.

[ritik-novostack]

[ritik-novostack]

@sdaeric19 @saleweaver sir which information u need for this please tell me?

[saleweaver]

I'll have more time tonight, I can take a look into this then. For the start, please generate a new refresh token and see if that works. Then try the usual debugging steps, changing one key a time and look what happens

[saleweaver]

@ritik-novostack How does an empty form help? I'm happy to help you, but you'll need to try at least one of the recommendations.

[ritik-novostack]

just to be clear it is not necessary to full fill this details in app to access the sp-api?

[ritik-novostack]

@saleweaver sir i have already done when i request the api i put new refresh token

[saleweaver]

@ritik-novostack Did recreating the token help?

[ritik-novostack]

@saleweaver in aws setting?

[ritik-novostack]

@saleweaver @sdaeric19 thank you soo much for your support i solve it now can u please help me in uploading the feed data using the sp api. i mean what is the text file format to put data in submit_feed function? can u please put an example text file of that? this will really helpful for me thankyou

[Prasand14]

Hi, I'm also facing the same issue. can someone please me to fix it. I could retrieve the same data from Postman without any access issue. Can someone help me where I'm going wrong.

from sp_api.api import Sales from sp_api.base import Granularity from sp_api.api import Orders

credentials=dict( refresh_token = SP_REFRESH_TOKEN, lwa_app_id = SP_CLIENT_ID, lwa_client_secret = SP_CLIENT_SECRET, aws_secret_key = SP_SECRET_KEY, aws_access_key = SP_ACCESS_KEY, role_arn = role_arn )

interval=("2022-03-22T00:00:00-07:00", "2022-03-23T00:00:00-07:00"), response = Sales(credentials=credentials,marketplace=Marketplaces.US).get_order_metrics(interval, Granularity.TOTAL, granularityTimeZone='US/Central')

Error: