|
Product Advertising API
Product Advertising API Signed Requests Sample Code - Java REST/QUERY
Posts:
1
Registered:
7/16/09
|
|
|
Posts:
4
Registered:
2/8/06
|
|
|
|
Re: Product Advertising API Signed Requests Sample Code - C# ASP.NET
Posted:
Sep 22, 2009 5:43 AM PDT
in response to: dostind
|
|
|
Hey, whoever made this code available: Thank you!!! Huge help!
|
|
Posts:
3
Registered:
12/1/09
|
|
|
|
Product Advertising API Signed Requests Sample Code - Java REST/QUERY
Posted:
Dec 1, 2009 10:55 PM PST
in response to: B. morris
|
|
|
This sample does not work anymore.
Return message is
"The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details."
How can I do this problem? anybody?
|
|
Posts:
3
Registered:
12/1/09
|
|
|
|
Re: Product Advertising API Signed Requests Sample Code - Java REST/QUERY
Posted:
Dec 7, 2009 9:44 PM PST
in response to: gyungmin
|
|
|
this code not work in 64bit,
I found error Base64,
who has solution?
|
|
Posts:
3
Registered:
12/1/09
|
|
|
|
|
Base64 lineLength, Aug 17, 2009 11:34 PM
Reviewer: pmoosman
FYI, in order to get this sample code to work, I had to make the following change:
From:
Base64 encoder = new Base64();
To:
Base64 encoder = new Base64(0);
The '0' is the lineLength, a value of zero means no "chunking". If chunking is enable, my library was appending CRLF, which caused the following error:
SignatureDoesNotMatch
|
|
Incorrect logic double-encodes cart HMAC, Sep 17, 2009 8:52 AM
Reviewer: "sublime1"
If you request a shopping cart, it returns an id and HMAC which need to be passed in subsequent requests -- when used in a REST query, the HMAC must be URL encoded in order to create a valid URI (indeed, the API also returns an encoded version of the HMAC for this purpose.
This is a different HMAC than the one needed to create a signature.
However, the sample code provided here calls a "canonicalize" method, which arbitrarily URL Encodes all names and values.
1
2
3
4
5
6
7
8
9
| while (iter.hasNext()) {
Map.Entry<String, String> kvpair = iter.next();
buffer.append(percentEncodeRfc3986(kvpair.getKey()));
buffer.append("=");
buffer.append(percentEncodeRfc3986(kvpair.getValue()));
if (iter.hasNext()) {
buffer.append("&");
}
}
|
The call to percentEncodedRfc3986 is benign if there are no invalid characters (so it usually works in most calls), but if an already encoded HMAC is passed, for example "snZtZM99lw2h9RyzAezvpNjx0lk%3D" it will be re-encoded, with the result "snZtZM99lw2h9RyzAezvpNjx0lk%253D".
There is no need to call the percentEncodeRfc3986 method anyway, since in the sample code, the input is a URL already, and thus can be presumed to be valid.
Oh, and can't anyone add documentation to libraries like this? Yes, I know this code is delivered "as is", and we're responsible for making sure it works, but shouldn't Amazon be reviewing and testing this stuff?
Sorry, I speak in anger. I'll get over it -- my goal is just to help make sure someone else doesn't waste a day on this as I have.
|
|
Totally Sucks, Nov 22, 2009 11:46 AM
Reviewer: PolishBen
The code is great except for one huge problem - it is not obvious that you have to supply your AssociateTag in the requests. If you don't then the DetailPageUrl links that you get back don't contain your associate tag and therefore DON'T TRACK on your account. I found out the hard way after losing a lot of money on un-tracked orders....
|
|
Don't ignore this / it works, Jan 25, 2010 9:42 PM
Reviewer: dannodaws
Because of the low ratings I ignored the code thinking it would not work. However, I was able to get the REST example running, with signing, very easily. Make sure you have all the necessary supporting libraries (Ant & DOM things). Obviously it will take some modification to do more than search for Harry Potter, but it's a better place to start than I was expecting.
|
|
Works perfectly, Jan 31, 2010 11:25 PM
Reviewer: Oscar Bolanos
It works perfectly, just follow the instructions and get the required library and it will work correctly. I spent hours searching for this.
|
|
yet another bug, Feb 2, 2010 8:20 AM
Reviewer: ifuice
First of all, to get here I had to enable cookies GLOBALLY. Otherwise several parts of the amazon website are unreachable. That's just unacceptable. I would have normally stopped here.
Second, I searched for Java APIs for the advertisement API. There are 2 Java examples on this site for this purpose. But both are rated badly (very poor = 1 star, and poor = 2 stars). So I decided to start with the less poor one (Java REST/QUERY). The good thing is that this example is well documented and easy to setup and execute. The bad thing is that it creates wrong HTTP requests and therefore fails deterministic with an exception. The reason for this is the "%0D%0A" prefix appended at the signature parameter. This can be fixed by replacing the following line in SignedRequestsHelper.java
1
| "http://" + this.endpoint + REQUEST_URI + "?" + canonicalQS + "&Signature=" + sig;
|
with
1
| "http://" + this.endpoint + REQUEST_URI + "?" + canonicalQS + "&Signature=" + sig.replaceAll("%0D%0A", "");
|
Since the signature is only a cryptic sequence of characters, the problem is not so easy to see for someone that experiments with this API for the first time. I spent several hours in finding this bug! Argh! I suggest you, when putting an example program for first time users on the website, test it beforehand! Thanks.
|
|
Better Than Expected, Mar 13, 2010 3:36 AM
Reviewer: M. Frisch
Based on the low ratings, I expected to spend hours getting this to work. The only mod I needed to make was the one ifuice mentioned which is to strip out the unnecessary chars at the end of the request. Thanks ifuice!
|
|
Some notes, May 5, 2010 5:11 AM
Reviewer: robertkielty
The Documentation that covers the technology used in this sample is here:
http://docs.amazonwebservices.com/AWSECommerceService/2009-11-01/DG/
Use Commons Codec Version 1.3 (commons-codec-1.3.jar) and the requests are signed properly.
The 1.4 Version of the Commons Codec does not sign the requests properly with the code as is.
|
|
|
|
 |
|
