Amazon MWS Scratchpad API

Question

I am trying to get Amazon MWS Scratchpad working, but it keeps giving me a message:

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

I was looking for similar topic out here, but nothing really helpful. So, here is code:

$params = array(
    'AWSAccessKeyId'   => AWS_ACCESS_KEY_ID,
    'Action'           => "GetLowestOfferListingsForASIN",
    'SellerId'         => MERCHANT_ID,
    'SignatureMethod'  => "HmacSHA256",
    'SignatureVersion' => "2",
    'Timestamp'        => gmdate("Y-m-d\TH:i:s\Z", time()),
    'Version'          => "2011-10-01",
    'MarketplaceId'    => MARKETPLACE_ID,
    'ItemCondition'    => "new",
    'ASINList.ASIN.1'  => "B001T6OP32");

$url = array();

foreach($params as $key => $val){   
    $val   = str_replace('%7E', '~', rawurlencode($val));
    $url[] = $key . '=' . $val;     
}

$uri = implode('&', $url);

$string_to_sign  = 'POST';
$string_to_sign .= "\n";
$string_to_sign .= 'mws.amazonservices.co.uk' . "\n";
$string_to_sign .= '/Products/2011-10-01' . "\n";
$string_to_sign .= $uri;

$signature = hash_hmac("sha256", $string_to_sign, AWS_SECRET_ACCESS_KEY, TRUE);
$signature = base64_encode($signature);
$signature = urlencode($signature);
$signature = str_replace("%7E", "~", $signature);

$url  = 'https://mws.amazonservices.co.uk/';
$url .= 'Products/2011-10-01' . '?' . $uri . "&Signature=" . $signature;

I bet that problem is with Signature, when I'm printing it with print $signature it always contains % symbols, and when I'm comparing with Amazon Scratchpad Request Details page, SHA 256 HMAC field - there is none.

Maby there is something I can't see? I was checking for spaces in Secret Access Key, it's looks okay.

Many Thanks.

Answer 1

Working version:

$param = array();
$param['AWSAccessKeyId']   = AWS_ACCESS_KEY_ID; 
$param['Action']           = 'GetLowestOfferListingsForASIN'; 
$param['SellerId']         = MERCHANT_ID; 
$param['SignatureMethod']  = 'HmacSHA256'; 
$param['SignatureVersion'] = '2'; 
$param['Timestamp']        = gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time());
$param['Version']          = '2011-10-01'; 
$param['MarketplaceId']    = MARKETPLACE_ID; 
$param['ItemCondition']    = 'new';
$param['ASINList.ASIN.1']  = << ITEM ASIN >>;

$url = array();
foreach ($param as $key => $val) {

    $key = str_replace("%7E", "~", rawurlencode($key));
    $val = str_replace("%7E", "~", rawurlencode($val));

    $url[] = "{$key}={$val}";
}

sort($url);

$arr   = implode('&', $url);

$sign  = 'GET' . "\n";
$sign .= 'mws.amazonservices.co.uk' . "\n";
$sign .= '/Products/2011-10-01' . "\n";
$sign .= $arr;

$signature = hash_hmac("sha256", $sign, AWS_SECRET_ACCESS_KEY, true);
$signature = urlencode(base64_encode($signature));

$link  = "https://mws.amazonservices.co.uk/Products/2011-10-01?";
$link .= $arr . "&Signature=" . $signature;

Load $link with curl and vualia!

Answer 2

To begin accessing Amazon MWS from PHP, you can download the client library for the Amazon MWS API that you are interested in using, such as the Products API that you referenced.

Choose an example from the src/MarketplaceWebServiceProducts/Samples directory, fill in your unique values, and run it.

The examples implement authentication using the MarketplaceWebServiceProducts_Client class in src/MarketplaceWebServiceProducts/Client.php which demonstrates how to successfully sign a request.