Request headers are not editable, causing problem with RDT

[ethemguner]

Orders

To get more information about ShippingAddress and BuyerInfo from getOrders calls we have to pass restricted data token to request headers. Instead of using access token for x-amz-access-token, we need to pass RDT.

As far as I see there is no way to reach request headers to edit it.

My Suggestion

response = Orders(**credentials).get_orders(**params, restricted_data_token="Atz.r|...")

Restricted data token is special for order endpoints. So I believe we can implement a usage like above.

I can work on it and open a pull request next 1 or 2 days.

What do you think?

[ethemguner]

I haven't worked with those tokens yet, but doesn't it work when you pass the token as the refresh token to the Orders client?

Orders(refresh_token="...")

Actually yes, It's working that way. I missed that. Sorry, we can close issue.

[ethemguner]

I haven't worked with those tokens yet, but doesn't it work when you pass the token as the refresh token to the Orders client?

Orders(refresh_token="...")

I reopened issue, I thought It should work. I tried as you mentioned and It doesn't work. I got an error:

('invalid_grant', 'The request has an invalid grant parameter : refresh_token', 400) The request has an invalid grant parameter : refresh_token{'error_code': 'invalid_grant', 'message': 'The request has an invalid grant parameter : refresh_token', 'status_code': 400}

I believe this error occurs because refresh_token (not RDT) is necessary for authorization workflow. And then, when calling the getOrders or other order operations, we need to update x-amz-access-token with RDT (If passed) value in headers before the request.

I'm investigating the issue and will add the updates.

[ethemguner]

@saleweaver I also see some outputs from headers like this:

{'CreatedAfter': '2021-10-18T11:41:04.843181', 'NextToken': None, 'MarketplaceId': 'A33AVAJ2PDY3EV', 'MarketplaceIds': ['A33AVAJ2PDY3EV'], 'marketplace_ids': ['A33AVAJ2PDY3EV'], 'marketplaceIds': ['A33AVAJ2PDY3EV']}

Is this a normal behaviour? It seems market place ids duplicated (not causing any problem though).

[saleweaver]

Sounds good. If you want to, we can have a call and see how to get this working best. The duplicated marketplace ids are ok, Amazon has a different name for the parameter for different endpoints. I wanted to include the parameter in the respective client for version 1, but for now they just get sent along.

[saleweaver]

... Also note that both of the operations you want to use are deprecated. https://github.com/amzn/selling-partner-api-docs/blob/main/references/orders-api/ordersV0.md#getorderbuyerinfo, but I think there should be a solution to get the complete order with the token.

[ethemguner]

... Also note that both of the operations you want to use are deprecated. https://github.com/amzn/selling-partner-api-docs/blob/main/references/orders-api/ordersV0.md#getorderbuyerinfo, but I think there should be a solution to get the complete order with the token.

I want to do it for only getOrder, getOrders and getOrderItems calls. Hereby, Amazon will give customer/buyer & shipping address information from getOrders If RDT passed to headers. So, sending request to getBuyerInfo or getOrderAddress will be unnecessary. Also It causes request throttling, that problem will be solved, too.

Currently, I'm migrating our application MWS to SP-API. While doing this, I can make some improvements to this package. Also I'm in touch with Amazon Developer Support about this RDT thing right now. I will update you If I get any useful information.

I'll be available at this weekend, we can have a call.

==Out of context== And there is a small favour I want you to do :)

Can you add hacktoberfest label to the issue? There is an event about it, you can get more information from here: https://hacktoberfest.digitalocean.com/

Thanks!

[saleweaver]

I have updated the package, you can use the rdt token now by passing it to the client:

Orders(restricted_data_token='......').get_orders(...)

https://github.com/saleweaver/python-amazon-sp-api/commit/65210466be94f4f56413a1e9df0061e12e4daa09

Can you please check out 0.7.0 if that works for you? https://github.com/saleweaver/python-amazon-sp-api/releases/tag/v0.7.0

[saleweaver]

Can you also have a look if you can download reports like that please? The order-invoice report should contain PII

[ethemguner]

I'm getting authorization error now:

[{'message': 'Access to requested resource is denied.', 'code': 'Unauthorized', 'details': ''}]

[saleweaver]

Strange, it worked for me. Can you show me the code you're using including how you get the token?

[ethemguner]

Strange, it worked for me. Can you show me the code you're using including how you get the token?

This was my mistake. There is no problem with getOrders call but getOrderItems call was failing. I think we can't use RDT for getOrderItems because for getOrders everything works fine.

Yet, from getOrders operation I took empty BuyerInfo. Probably, this is happening because of my application's roles.

Anyway, I think this solution is perfect.

[saleweaver]

Doesn't it work with a token gotten like that:

{
  "restrictedResources": [
    {
      "method": "GET",
      "path": "/orders/v0/orders/<123-1234567-1234567>/orderItems",
      "dataElements": ["buyerInfo"]
    }
  ]
}

[ethemguner]

Doesn't it work with a token gotten like that:

{
  "restrictedResources": [
    {
      "method": "GET",
      "path": "/orders/v0/orders/<123-1234567-1234567>/orderItems",
      "dataElements": ["buyerInfo"]
    }
  ]
}

Oh yes, I forgot to change restrictedResources. Thank you so much!

[saleweaver]

Cool. I'll look to update the method in Tokens to make that easier.

[ethemguner]

Cool. I'll look to update the method in Tokens to make that easier.

Already It's really easy from this package but there are lots of things going on in Selling Partner API.

Again, thank you for your time and effort 👍