we are trying to access the Amazon MWS Api but we just can't get it to work and we don't know why.
This is what we have tried so far:
require_once('.config.inc.php');
$base_url = "https://mws.amazonservices.de/Products/2011-10-01";
$method = "POST";
$host = "mws.amazonservices.de";
$uri = "/Products/2011-10-01";
$params = array(
'AWSAccessKeyId' => <our Key>,
'Action' => "GetLowestOfferListingsForASIN",
'SellerId' => <our ID>,
'SignatureMethod' => "HmacSHA256",
'SignatureVersion' => "2",
'Timestamp'=> gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()), //tried this with time()+7200 since our server is 2 hours back but we also accessed mws to get the time used there
'Version'=> "2011-10-01",
'MarketplaceId' => <our MpID>,
'ItemCondition' => 'new',
'ASINList.ASIN.1' => B00NN8LSXY );
// Sort the URL parameters
$url_parts = array();
foreach(array_keys($params) as $key)
$url_parts[] = $key . "=" . str_replace('%7E', '~', rawurlencode($params[$key]));
sort($url_parts);
// Construct the string to sign
$url_string = implode("&", $url_parts);
$string_to_sign = "POST\nmws.amazonservices.de\n/Products/2011-10-01\n" . $url_string;
// Sign the request
$signature = hash_hmac("sha256", $string_to_sign, AWS_SECRET_ACCESS_KEY, TRUE);
// Base64 encode the signature and make it URL safe
$signature = urlencode(base64_encode($signature));
$url = "https://mws.amazonservices.de/Products/2011-10-01" . '?' . $url_string . '&Signature=' . $signature;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$response = curl_exec($ch);
//$parsed_xml = simplexml_load_string($response);
echo $response;
//return ($parsed_xml);
in the .config.inc.php file we added
all the Keys & IDs +
define('APPLICATION_NAME', '<our Firm>');
define('APPLICATION_VERSION', '1.0');
before we did all that we checked everything in MWS-Scratchpad but everything seems to be working there (on mws.amazon.de).
But we still get the SignatureDoesNotMatch Errorcode
<Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
or this Errorcode:
<Message>Request signature is for too far in the future. Timestamp date: 2015-05-23T04:54:38.000Z. Currently, 10 percent of requests that are more than 15 minutes in the future will be rejected.</Message>
Hope someone can help we went through every other post and developer-guide about this - nothing seems to help
I had the same problem with it (among others).
The PHP reference and examples supplied by amazon has the answer buried deep within. The whole thing is a prime example of lasagna-code and reads like an insult to coders everywhere.
The API expects an HTTP POST with all the request data and a signiture made with your secret key. The sorting of the array and the url encoding standard changes the string to sign.
Amazon expects it sorted like this:
uksort($params, 'strcmp');
Forget the whole $url_parts part, it's messy. Use http_build_query() instead like this:
$url_string = http_build_query($params,'','&',PHP_QUERY_RFC3986);
Amazon expects RFC3986, so a space is encoded as '+', not '%20'. Also the timestamp should look like this:
'Timestamp' => gmdate("Y-m-d\TH:i:s\\Z", time()),
Good luck.
This happens when your machine's / Server's time is not correct. It happens to my servers sometimes when i reboot them. Just set the syncronization with time servers.
Related
I am trying coinbase api to send and get money and going to use in game,on running below code for sending money getting invalid signature error, not sure where I am wrong. I tried getting account detail, which is working fine and I am able to get account details.
<?php
$API_VERSION = '2016-02-01';
$curl = curl_init();
$timestamp = json_decode(file_get_contents("https://api.coinbase.com/v2/time"), true)["data"]["epoch"];
$req = "/v2/accounts/:account_id/transactions";
$url = "https://api.coinbase.com".$req;
$cle = "xxxxxxx";
$secret = "xxxxxxxx";
$params=['type'=>'send', 'to'=>'xxxxxxxxxx', 'amount'=>0.0001, 'currency'=>'BTC'];
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_USERAGENT, 'local server',
CURLOPT_POSTFIELDS => json_encode($params),
CURLOPT_HTTPHEADER => array(
"CB-VERSION:" . $API_VERSION,
"CB-ACCESS-SIGN:" . hash_hmac('sha256', $timestamp."GET".$req, $secret),
"CB-ACCESS-KEY:" . $cle,
"CB-ACCESS-TIMESTAMP:" . $timestamp,
'Content-Type: application/json'
),
CURLOPT_SSL_VERIFYPEER => false
));
$rep = curl_exec($curl);
curl_close($curl);
print_r($rep);
?>
In the $req URL, you need to replace :account_id with an actual account ID such as 3c04e35e-8e5a-5ff1-9155-00675db4ac02.
Most importantly, since this is a post request, the OAuth signature needs to include the payload (POST data) in the signature.
hash_hmac('sha256', $timestamp."POST".$req.json_encode($params), $secret),
When I encountered this error, it ended up being the account id, which is different for each of your currency accounts. Spent way too much time trying to figure out what was wrong with my signature... Anyways, I'd definitely try that out as GETs worked for me, but every other request type ended up with the invalid signature error.
I am using Amazon MWS order API (ListOrders) and I can successfully run it on Amazon Scratchpad but I am getting the following error
Sender
MalformedInput
timestamp must follow ISO8601
Below is the php script which I got from some Stackoverflow post
$base_url = "https://mws.amazonservices.com/Orders/2013-09-01";
$method = "POST";
$host = "mws.amazonservices.com";
$uri = "/Orders/2013-09-01";
$params = array(
'AWSAccessKeyId' => "AWSAccessKeyId",
'Action' => "ListOrders",
'SellerId' => "SellerId",
'SignatureMethod' => "HmacSHA256",
'SignatureVersion' => "2",
//'Timestamp'=> gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()),
'Timestamp'=> gmdate("Y-m-d\TH:i:s\Z", time()),
'Version'=> "2013-09-01",
'MarketplaceId' => "MarketplaceId",
'CreatedAfter'=>'2014-07-06T19%3A00%3A00Z',
'CreatedBefore'=>'2014-07-08T19%3A00%3A00Z'
);
// Sort the URL parameters
$url_parts = array();
foreach(array_keys($params) as $key)
$url_parts[] = $key . "=" . str_replace('%7E', '~', rawurlencode($params[$key]));
sort($url_parts);
// Construct the string to sign
$url_string = implode("&", $url_parts);
$string_to_sign = "GET\nmws.amazonservices.com\n/Orders/2013-09-01\n" . $url_string;
// Sign the request
$signature = hash_hmac("sha256", $string_to_sign, AWS_SECRET_ACCESS_KEY, TRUE);
// Base64 encode the signature and make it URL safe
$signature = urlencode(base64_encode($signature));
$url = "https://mws.amazonservices.com/Orders/2013-09-01" . '?' . $url_string . "&Signature=" . $signature;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$response = curl_exec($ch);
$parsed_xml = simplexml_load_string($response);
print '<pre>';
print_r($response);
Can anyone help find my mistake?
You are sending three date values:
'Timestamp'=> gmdate("Y-m-d\TH:i:s\Z", time()),
'CreatedAfter'=>'2014-07-06T19%3A00%3A00Z',
'CreatedBefore'=>'2014-07-08T19%3A00%3A00Z'
For a start, you can get rid of the second parameter to gmdate() since it defaults to time() anyways. Other than that it's fine and should not be the cause of your problem.
The other two parameters have url encoded characters (the colon is encoded as %3A) which you then send through rawurlencode() to encode once more. That will replace the percent sign of above encoing with %25. The CreatedAfter value you are actually sending to Amazon for CreatedAfter is therefore 2014-07-06T19%253A00%253A00Z. Try this instead:
'Timestamp'=> gmdate("Y-m-d\TH:i:s\Z"),
'CreatedAfter'=>'2014-07-06T19:00:00Z',
'CreatedBefore'=>'2014-07-08T19:00:00Z'
I too had the same issue with the java api .i fixed mine by sending the timestamp in following format "yyyy-MM-dd'T'hh:mm:ss'Z'".
I have some trouble to get a simple xml answer from Amazon, it reports me always:
Sender
InvalidParameterValue
Either Action or Operation query parameter must be present.
And if I ask their Support, they can't help me they dont see the missing Parameter...
Their suggestion is follow their Examples, but my Webhost only supports php 5.2, so the autoloader doesn't work.
<?php
#header("Content-Type:text/xml");
$sellerID = 'SELLEDERID';
$aws = 'AWSKEY';
$secret = 'SECRET';
$action = 'GetReportList';
$timestamp = gmdate("Y-m-d\TH:i:s\Z");
$signature = $action . $timestamp;
$sig = base64_encode(hash_hmac("sha256", $signature, $secret, true));
$service = 'https://mws.amazonservices.com/?';
$url = 'AWSAccessKeyId='.$aws;
$url .= '&Action='.$action;
$url .= '&Merchant='.$sellerid;
$url .= '&SignatureVersion=2';
$url .= '&Timestamp=2013-01-10T12:22:48Z';
$url .= '&Version=2009-01-01';
$url .= '&Signature='.$sig;
$url .= '&SignatureMethod=HmacSHA256';
$awsURL = $service.urlencode($url);
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $awsURL,
CURLOPT_USERAGENT => 'Request'
));
$resp = curl_exec($curl);
curl_close($curl);
echo "<pre>";
var_dump($resp);
var_dump($awsURL);
echo "</pre>";
?>
The "we see no error in your request" probably referred to the request you put into Scratchpad, and not to the request you made through php, because your signature calculation is way off.
See this StackOverflow question or the MWS Developers Guide (page 12, "If you create your own client library") on how to calculate the sig.
The actual error message seems weird. I expect it to change once you've got your signature right. Please also note that quite a few MWS API calls require a HTTP POST, so if you intend to reuse that code in other places you're probably better off changing your code accordingly.
I am trying to programatically perform a search on Microsoft Bing search engine.
Here is my understanding:
There was a Bing Search API 2.0 , which will be replaced soon (1st Aug 2012)
The new API is known as Windows Azure Marketplace.
You use different URL for the two.
In the old API (Bing Search API 2.0), you specify a key (Application ID) in the URL, and such key will be used to authenticate the request. As long as you have the key as a parameter in the URL, you can obtain the results.
In the new API (Windows Azure Marketplace), you do NOT include the key (Account Key) in the URL. Instead, you put in a query URL, then the server will ask for your credentials. When using a browser, there will be a pop-up asking for a/c name and password. Instruction was to leave the account name blank and insert your key in the password field.
Okay, I have done all that and I can see a JSON-formatted results of my search on my browser page.
How do I do this programmatically in PHP? I tried searching for the documentation and sample code from Microsoft MSDN library, but I was either searching in the wrong place, or there are extremely limited resources in there.
Would anyone be able to tell me how do you do the "enter the key in the password field in the pop-up" part in PHP please?
Thanks alot in advance.
Documentation for new services can get a bit interesting - especially in the rabbit-warren of MSDN. The most clear explanation I can find is on the Migration Guide from this Bing Search API page. Best of all the migration guide has a nice simple example in PHP towards the end.
EDIT: Alright, the migration guide is a starting point, but it isn't the best example. Here are two methods that work for me (no proxy, firewalls etc. interfering):
Using file_get_contents
Note: 'allow_url_fopen' needs to be enabled for this to work. You can use ini_set (or change php.ini etc.) if it isn't.
if (isset($_POST['submit']))
{
// Replace this value with your account key
$accountKey = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=';
$ServiceRootURL = 'https://api.datamarket.azure.com/Bing/Search/';
$WebSearchURL = $ServiceRootURL . 'Web?$format=json&Query=';
$cred = sprintf('Authorization: Basic %s',
base64_encode($accountKey . ":" . $accountKey) );
$context = stream_context_create(array(
'http' => array(
'header' => $cred
)
));
$request = $WebSearchURL . urlencode( '\'' . $_POST["searchText"] . '\'');
$response = file_get_contents($request, 0, $context);
$jsonobj = json_decode($response);
echo('<ul ID="resultList">');
foreach($jsonobj->d->results as $value)
{
echo('<li class="resultlistitem"><a href="'
. $value->URL . '">'.$value->Title.'</a>');
}
echo("</ul>");
}
Using cURL
If cURL is installed, which is normal these days:
<?php
$query = $_POST['searchText'];
$accountKey = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
$serviceRootURL = 'https://api.datamarket.azure.com/Bing/Search/';
$webSearchURL = $serviceRootURL . 'Web?$format=json&Query=';
$request = $webSearchURL . "%27" . urlencode( "$query" ) . "%27";
$process = curl_init($request);
curl_setopt($process, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($process, CURLOPT_USERPWD, "$accountKey:$accountKey");
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($process);
$response = json_decode($response);
echo "<ol>";
foreach( $response->d->results as $result ) {
$url = $result->Url;
$title = $result->Title;
echo "<li><a href='$url'>$title</a></li>";
}
echo "</ol>";
?>
[WTS] changed SearchWeb to Search.
None of the above worked for me. Im running MAMP, this may be relevant. Try the below:
$accountKey = '=';
function sitesearch ($query, $site, $accountKey, $count=NULL){
// code from http://go.microsoft.com/fwlink/?LinkID=248077
$context = stream_context_create(array(
'http' => array(
'request_fulluri' => true,
'header' => "Authorization: Basic " . base64_encode($accountKey . ":" . $accountKey)
)
));
$ServiceRootURL = 'https://api.datamarket.azure.com/Data.ashx/Bing/Search/v1/News?Market=%27en-GB%27&';
$WebSearchURL = $ServiceRootURL . '$format=json&Query=';
$request = $WebSearchURL . urlencode("'$query'"); // note the extra single quotes
if ($count) $request .= "&\$top=$count"; // note the dollar sign before $top--it's not a variable!
return json_decode(file_get_contents($request, 0, $context), true);
}
$q = "query";
if ($q){
// get search results
$articles = sitesearch ($q, $_SERVER['HTTP_HOST'], $accountKey , 100);
foreach($articles['d']['results'] as $article) {
echo " <p>".$article['Title'].'</p>';
echo " <p>".$article['Description'].'</p>';
echo " <p>".$article['Source'].'</p>';
echo " <p>".strtotime($article['Date']).'</p>';
}
}
FROM:
http://bililite.com/blog/2012/06/05/new-bing-api/
you can use bellow code to get bing search results
$acctKey = 'Your account key here';
$rootUri = 'https://api.datamarket.azure.com/Bing/Search';
$query = 'Kitchen';
$serviceOp ='Image';
$market ='en-us';
$query = urlencode("'$query'");
$market = urlencode("'$market'");
$requestUri = "$rootUri/$serviceOp?\$format=json&Query=$query&Market=$market";
$auth = base64_encode("$acctKey:$acctKey");
$data = array(
'http' => array(
'request_fulluri' => true,
'ignore_errors' => true,
'header' => "Authorization: Basic $auth"
)
);
$context = stream_context_create($data);
$response = file_get_contents($requestUri, 0, $context);
$response=json_decode($response);
echo "<pre>";
print_r($response);
echo "</pre>";
http://www.guguncube.com/2771/python-using-the-bing-search-api
it contains python code to query the bing and this is according to latest new API (Windows Azure Marketplace)
# -*- coding: utf-8 -*-
import urllib
import urllib2
import json
def main():
query = "sunshine"
print bing_search(query, 'Web')
print bing_search(query, 'Image')
def bing_search(query, search_type):
#search_type: Web, Image, News, Video
key= 'YOUR_API_KEY'
query = urllib.quote(query)
# create credential for authentication
user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
credentials = (':%s' % key).encode('base64')[:-1]
auth = 'Basic %s' % credentials
url = 'https://api.datamarket.azure.com/Data.ashx/Bing/Search/'+search_type+'?Query=%27'+query+'%27&$top=5&$format=json'
request = urllib2.Request(url)
request.add_header('Authorization', auth)
request.add_header('User-Agent', user_agent)
request_opener = urllib2.build_opener()
response = request_opener.open(request)
response_data = response.read()
json_result = json.loads(response_data)
result_list = json_result['d']['results']
print result_list
return result_list
if __name__ == "__main__":
main()
Don't forget to put this:
base64_encode("ignored:".$accountKey)
instead of:
base64_encode($accountKey . ":" . $accountKey)
Here is a working example of the Search API just replace "XXXX" with your access key. Even I wasted quite a few hours trying to get it to work using cURL but it was failing because of "CURLOPT_SSL_VERIFYPEER" on local :( - so make sure your cURL opts are set properly.
$url = 'https://api.datamarket.azure.com/Bing/Search/Web?Query=%27xbox%27';
$process = curl_init($url);
curl_setopt($process, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($process, CURLOPT_USERPWD, base64_encode("username:XXXX"));
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($process);
# Deliver
return $response;
# Have a great day!
curl_close($process);
Here is the example of how to call Bing/Azure API using Unirest library.
require_once '/path/to/unirest-php/lib/Unirest.php';
$accountKey = "xxx";
$searchResults = Unirest::get("https://api.datamarket.azure.com/Bing/Search/v1/Composite",
array(),
array(
'Query' => '%27Microsoft%27',
'Sources' => '%27web%2Bimage%2Bvideo%2Bnews%2Bspell%27',
'$format' => 'json',
), $accountKey, $accountKey
);
// Results are here:
$objectArray = $searchResults->body->d->results;
$rawJson = $searchResults->raw_body;
You can omit Source parameter by defining it in the URL: https://api.datamarket.azure.com/Bing/Search/v1/Webor https://api.datamarket.azure.com/Bing/Search/v1/Image
Note: parameters in request URL are case-sensitive. For Bing they start with a capital letter.
<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$AWS_ACCESS_KEY_ID = "KEY";
$AWS_SECRET_ACCESS_KEY = "ACCESS KEY";
$base_url = "http://webservices.amazon.com/onca/xml?";
$url_params = array('Operation'=>"ItemSearch",'Service'=>"AWSECommerceService",
'AWSAccessKeyId'=>$AWS_ACCESS_KEY_ID,'AssociateTag'=>"associateTag",
'Version'=>"2011-08-01",'Availability'=>"Available",'Condition'=>"All",
'ItemPage'=>"1",'ResponseGroup'=>"Images,ItemAttributes,EditorialReview",
'Keywords'=>"Amazon");
// Add the Timestamp
$url_params['Timestamp'] = gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time());
// Sort the URL parameters
$url_parts = array();
foreach(array_keys($url_params) as $key)
$url_parts[] = $key."=".$url_params[$key];
sort($url_parts);
// Construct the string to sign
$string_to_sign = "GET\webservices.amazon.com\n/onca/xml?\n".implode("&",$url_parts);
$string_to_sign = str_replace('+','%20',$string_to_sign);
$string_to_sign = str_replace(':','%3A',$string_to_sign);
$string_to_sign = str_replace(';',urlencode(';'),$string_to_sign);
// Sign the request
$signature = hash_hmac("sha256",$string_to_sign,$AWS_SECRET_ACCESS_KEY,TRUE);
// Base64 encode the signature and make it URL safe
$signature = base64_encode($signature);
$signature = str_replace('+','%2B',$signature);
$signature = str_replace('=','%3D',$signature);
$url_string = implode("&",$url_parts);
$url = $base_url.$url_string."&Signature=".$signature;
print $url;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$xml_response = curl_exec($ch);
echo $xml_response;
?>
this returns an signature error;
why?
this is the output, keys and tag are replaced for privacy
http://webservices.amazon.com/onca/xml?AWSAccessKeyId=KEY&AssociateTag=ASSIOCATE TAG&Availability=Available&Condition=All&ItemPage=1&Keywords=Amazon&Operation=ItemSearch&ResponseGroup=Images,ItemAttributes,EditorialReview&Service=AWSECommerceService&Timestamp=2012-05-27T09:35:43.000Z&Version=2011-08-01&Signature=KEVlbW6G9ygvHheTf5m0ymguE64LEaYGDtQZQe0bCLQ%3D
Not sure if you still need help with this, but it's most likely failing due not providing a valid associate tag in your call.
'AssociateTag'=>"associateTag"
So you need to change this value to:
'AssociateTag'=>"(my-assigned-associate-tag)"
You MUST use the associate tag given to you by Amazon. I think associate tags usually end with the number '20', but I can't verify that. If you don't know your associate tag, login to your affiliate account here: Amazon affiliate page
...and it will be the 'Signed in as/Tracking ID' value in the upper left hand corner of the page.
signature error is mainly due to the mismatch of access key id and secret key id
please cross verify this ids.
also check the associateTag