Question
I'm following several examples I've found online and I'm trying to recreate the signature they have in the official API documentation here. However, I'm failing to generate the same signature.
They state the string to sign is as follows:
https://stackoverflow.com/questions/21663403
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianGET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=I
temLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReview
s&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&
Version=2009-01-06
It states to "Calculate an RFC 2104-compliant HMAC with the SHA256 hash algorithm using the string above with our "dummy" Secret Access Key: 1234567890."
I do this using the following code:
$private_key = "1234567890";
$string_to_sign = "GET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=I
temLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReview
s&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&
Version=2009-01-06";
$signature = base64_encode(hash_hmac("sha256",$string_to_sign, $private_key, True));
This yields the following signature:
LM5S6MrycUETu1p94QDnLurKIpwiqKnCxm3B73a0QiE=
Amazon's signature is:
M/y0+EAFFGaUAp4bWv/WEuXYah99pVsxvqtAuC8YN7I=
I've followed a bunch of examples I found via Google and they all appear to do this the same way. However, I can't arrive at the same signature that Amazon gets and I can't figure out why.
Any help is appreciated.
Solution 2
Do you really have all those linebreaks in your actual code? Because I\ntemLookup is not the same as ItemLookup. That GET URI should be a single long string, not a multi-line string.
GET webservices.amazon.com /onca/xmlAWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-06
Notice how it's all on the SAME line
OTHER TIPS
I just burned a few hours of my life trying to figur out why my signature wasn't matching. In case this helps somebody out, use Amazon's example as mentioned by the OP. I started having trouble at steps 6 and 7. Amazon says to prepend the following three lines (including line breaks) to your string:
Get
webservices.amazon.com
/onca/xml
On my windows 7 platform, here's what I did for those steps:
$string_to_sign = "AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&AssociateTag=mytag-20&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=Images%2CItemAttributes%2COffers%2CReviews&Service=AWSECommerceService&Timestamp=" . "2014-08-18T12%3A00%3A00Z&Version=2013-08-01";
$prepend = "GET\nwebservices.amazon.com\n/onca/xml\n";
$string_to_sign = $prepend . $string_to_sign;
Then, step 8 threw me off too because I was using the sample's secret key:
Secret Access Key: "1234567890"
instead of the correct key:
Secret Access Key: 1234567890
Hope these little mistakes don't burn anybody else.
