We Keep Coding

PHP URL query parameters in Etsy OAuth 1.0 not working

After getting all the credentials I'm now requesting a resource from Etsy API. It's working fine without query parameters to the url but when I add them I get signature invalid.
Here's what I got working without the query parameters in the url:
// enconding, sorting and creating the base URI
function buildBaseString($baseURI, $method, $params){
$r = array();
ksort($params);
foreach($params as $key=>$value){
$r[] = "$key=" . rawurlencode($value);
}
return $method."&" . rawurlencode($baseURI) . '&' . rawurlencode(implode('&', $r));
}
// create encoded header
function buildAuthorizationHeader($oauth){
$r = 'Authorization: OAuth ';
$values = array();
foreach($oauth as $key=>$value)
$values[] = "$key=\"" . rawurlencode($value) . "\"";
$r .= implode(', ', $values);
return $r;
}
$consumer_key = 'the_key';
$consumer_secret = 'the_secret';
$shop_id = '00000000000';
$oauth_access_token = 'access_token';
$oauth_access_token_secret = 'token_secret';
$receipts_by_status_url = 'https://openapi.etsy.com/v2/shops/'.$shop_id.'/receipts/opens';
$oauth = array(
'oauth_callback' => 'oob',
'oauth_consumer_key' => $consumer_key,
'oauth_nonce' => time(),
'oauth_signature_method' => 'HMAC-SHA1',
'oauth_timestamp' => time(),
'oauth_token' => $oauth_access_token,
'oauth_version' => '1.0',
);
$base_info = buildBaseString($receipts_by_status_url, 'GET', $oauth);
$composite_key = rawurlencode($consumer_secret) . '&' . rawurlencode($oauth_access_token_secret);
$oauth_signature = base64_encode(hash_hmac('sha1', $base_info, $composite_key, true));
$oauth['oauth_signature'] = $oauth_signature;
$header = array(buildAuthorizationHeader($oauth), 'Expect:', 'Content-Type: application/x-www-form-urlencoded');
/*
* Set curl options
*/
//ob_start();
//$curl_log = fopen('php://output', 'w');
$ch = curl_init($receipts_by_status_url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 25);
curl_setopt($ch, CURLOPT_VERBOSE, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// Execute curl
$result_token = curl_exec($ch);
when I add the parameters to the url:
$receipts_by_status_url = 'https://openapi.etsy.com/v2/shops/'.$shop_id.'/receipts/opens/?includes=Listings';
I get signature invalid.
$base info:
'GET&https%3A%2F%2Fopenapi.etsy.com%2Fv2%2Fshops%2F12962774%2Freceipts%2Fopen%3Fincludes%3DListings&oauth_callback%3Doob%26oauth_consumer_key%thekey%26oauth_nonce%3D1607965396%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1607965396%26oauth_token%oauthtoken%26oauth_version%3D1.0'
$oauth signature:
0Dr9wz24LU6NPkO7eKvP//HCOWk=
$header:
0 => string 'Authorization: OAuth oauth_callback="oob", oauth_consumer_key="consumerkey", oauth_nonce="1607965396", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1607965396", oauth_token="oauthtoken", oauth_version="1.0", oauth_signature="0Dr9wz24LU6NPkO7eKvP%2F%2FHCOWk%3D"' (length=301)
1 => string 'Expect:' (length=7)
2 => string 'Content-Type: application/x-www-form-urlencoded
What am I doing wrong?

I got it working.
I Manually created the base string without the function in the question, this was the root of the problem, because when I added parameters to the endpoint it didn't work.
The server takes the parameters in the authrization header and creates an OAuth signature and compares it to yours, if the don't match you'll get invalid signature like in my case.
The base string should be 3 chunks of data concatenated together and rawurlencoded:
Http method '&' url endpoint '&' params
Things to make sure:
Use a url endpoint without query parameters
Make sure the whole base string has only two ampersands.
Sort params alphabetically.
Use Postman and succeed in sending the request there, after that you can compare the signature generated in the header there to yours, when you can match it then it should work.
Make sure you're using the long url (with query params) in cURL, the clean one is only to create the base string.
I didn't notice but Etsy is actually sending the base string they created from the params in the response when the signature is invalid, all I had to do is compare mine to theirs and fix it.
Hope I helped anyone

Amazon MWS Error SignatureDoesNotMatch

we are trying to access the Amazon MWS Api but we just can't get it to work and we don't know why.
This is what we have tried so far:
require_once('.config.inc.php');
$base_url = "https://mws.amazonservices.de/Products/2011-10-01";
$method = "POST";
$host = "mws.amazonservices.de";
$uri = "/Products/2011-10-01";
$params = array(
'AWSAccessKeyId' => <our Key>,
'Action' => "GetLowestOfferListingsForASIN",
'SellerId' => <our ID>,
'SignatureMethod' => "HmacSHA256",
'SignatureVersion' => "2",
'Timestamp'=> gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()), //tried this with time()+7200 since our server is 2 hours back but we also accessed mws to get the time used there
'Version'=> "2011-10-01",
'MarketplaceId' => <our MpID>,
'ItemCondition' => 'new',
'ASINList.ASIN.1' => B00NN8LSXY );
// Sort the URL parameters
$url_parts = array();
foreach(array_keys($params) as $key)
$url_parts[] = $key . "=" . str_replace('%7E', '~', rawurlencode($params[$key]));
sort($url_parts);
// Construct the string to sign
$url_string = implode("&", $url_parts);
$string_to_sign = "POST\nmws.amazonservices.de\n/Products/2011-10-01\n" . $url_string;
// Sign the request
$signature = hash_hmac("sha256", $string_to_sign, AWS_SECRET_ACCESS_KEY, TRUE);
// Base64 encode the signature and make it URL safe
$signature = urlencode(base64_encode($signature));
$url = "https://mws.amazonservices.de/Products/2011-10-01" . '?' . $url_string . '&Signature=' . $signature;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$response = curl_exec($ch);
//$parsed_xml = simplexml_load_string($response);
echo $response;
//return ($parsed_xml);
in the .config.inc.php file we added
all the Keys & IDs +
define('APPLICATION_NAME', '<our Firm>');
define('APPLICATION_VERSION', '1.0');
before we did all that we checked everything in MWS-Scratchpad but everything seems to be working there (on mws.amazon.de).
But we still get the SignatureDoesNotMatch Errorcode
<Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>
or this Errorcode:
<Message>Request signature is for too far in the future. Timestamp date: 2015-05-23T04:54:38.000Z. Currently, 10 percent of requests that are more than 15 minutes in the future will be rejected.</Message>
Hope someone can help we went through every other post and developer-guide about this - nothing seems to help

I had the same problem with it (among others).
The PHP reference and examples supplied by amazon has the answer buried deep within. The whole thing is a prime example of lasagna-code and reads like an insult to coders everywhere.
The API expects an HTTP POST with all the request data and a signiture made with your secret key. The sorting of the array and the url encoding standard changes the string to sign.
Amazon expects it sorted like this:
uksort($params, 'strcmp');
Forget the whole $url_parts part, it's messy. Use http_build_query() instead like this:
$url_string = http_build_query($params,'','&',PHP_QUERY_RFC3986);
Amazon expects RFC3986, so a space is encoded as '+', not '%20'. Also the timestamp should look like this:
'Timestamp' => gmdate("Y-m-d\TH:i:s\\Z", time()),
Good luck.

This happens when your machine's / Server's time is not correct. It happens to my servers sometimes when i reboot them. Just set the syncronization with time servers.

Fatal error: Call to a member function asXML() on a non-object

I know similar questions have already been asked, however, I have tried the solutions without any success. I keep getting this error:
Fatal error: Call to a member function asXML() on a non-object in
... on line 188
Here is my code:
$dom->save("productInfo.xml");
$feedHandle = file_get_contents("productInfo.xml");
$params = array(
'AWSAccessKeyId'=> "*****",
'Action'=>"SubmitFeed",
'SellerId'=> "********",
'SignatureMethod' => "HmacSHA256",
'SignatureVersion'=> "2",
'Timestamp'=> gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()),
'Version' => "2009-01-01",
'FeedContent' => $feedHandle,//must be a string
'FeedType' => "_POST_PRODUCT_DATA_");
// Sort the URL parameters
$url_parts = array();
foreach(array_keys($params) as $key)
$url_parts[] = $key . "=" . str_replace('%7E', '~', rawurlencode($params[$key]));
sort($url_parts);
// Construct the string to sign
$url_string = implode("&", $url_parts);
$string_to_sign = "GET\nmws.amazonservices.com\n/Feeds/2009-01-01\n" . $url_string;
// Sign the request
$signature = hash_hmac("sha256", $string_to_sign, "******", TRUE);
// Base64 encode the signature and make it URL safe
$signature = urlencode(base64_encode($signature));
$url = "https://mws.amazonservices.com/Feeds/2009-01-01" . '?' . $url_string . "&Signature=" . $signature;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$response = curl_exec($ch);
$parsed_xml = simplexml_load_string($response);
#fclose($feedHandle);
Header('Content-type: text/xml');
print($parsed_xml->asXML());
I know that $parsed_xml === FALSE so I know the processing of the XML is not working. I suspect it has something to do with $feedHandle as I was previously receiving an error that said FeedContent in the array $params was empty. I know the XML is formatted correctly as I have printed it out and also directly put it in the required field and it worked fine. Also, we used curl-ing in a similar file and it was working fine so I do not think that would be the issue either.

The error you are getting suggests that the simplexml_load_string function call failed. It only returns an object if the processing of the XML file was successful, otherwise, it returns a boolean FALSE. Try checking if $parsed_xml === FALSE. If it is returning a FALSE, try checking the XML file itself.
In fact, since you are curl-ing for the file itself, check that all of the fields were set correctly and that the URL you are using is correct by printing it out.

use try catch, and instead of using Exception class, try Throwable class
Example :-
try {
$x = false;
var_dump($x->asXML());
} catch(Throwable $e) {
echo $e->getMessage();
}

Bing search API and Azure

I am trying to programatically perform a search on Microsoft Bing search engine.
Here is my understanding:
There was a Bing Search API 2.0 , which will be replaced soon (1st Aug 2012)
The new API is known as Windows Azure Marketplace.
You use different URL for the two.
In the old API (Bing Search API 2.0), you specify a key (Application ID) in the URL, and such key will be used to authenticate the request. As long as you have the key as a parameter in the URL, you can obtain the results.
In the new API (Windows Azure Marketplace), you do NOT include the key (Account Key) in the URL. Instead, you put in a query URL, then the server will ask for your credentials. When using a browser, there will be a pop-up asking for a/c name and password. Instruction was to leave the account name blank and insert your key in the password field.
Okay, I have done all that and I can see a JSON-formatted results of my search on my browser page.
How do I do this programmatically in PHP? I tried searching for the documentation and sample code from Microsoft MSDN library, but I was either searching in the wrong place, or there are extremely limited resources in there.
Would anyone be able to tell me how do you do the "enter the key in the password field in the pop-up" part in PHP please?
Thanks alot in advance.

Documentation for new services can get a bit interesting - especially in the rabbit-warren of MSDN. The most clear explanation I can find is on the Migration Guide from this Bing Search API page. Best of all the migration guide has a nice simple example in PHP towards the end.
EDIT: Alright, the migration guide is a starting point, but it isn't the best example. Here are two methods that work for me (no proxy, firewalls etc. interfering):
Using file_get_contents
Note: 'allow_url_fopen' needs to be enabled for this to work. You can use ini_set (or change php.ini etc.) if it isn't.
if (isset($_POST['submit']))
{
// Replace this value with your account key
$accountKey = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=';
$ServiceRootURL = 'https://api.datamarket.azure.com/Bing/Search/';
$WebSearchURL = $ServiceRootURL . 'Web?$format=json&Query=';
$cred = sprintf('Authorization: Basic %s',
base64_encode($accountKey . ":" . $accountKey) );
$context = stream_context_create(array(
'http' => array(
'header' => $cred
)
));
$request = $WebSearchURL . urlencode( '\'' . $_POST["searchText"] . '\'');
$response = file_get_contents($request, 0, $context);
$jsonobj = json_decode($response);
echo('<ul ID="resultList">');
foreach($jsonobj->d->results as $value)
{
echo('<li class="resultlistitem"><a href="'
. $value->URL . '">'.$value->Title.'</a>');
}
echo("</ul>");
}
Using cURL
If cURL is installed, which is normal these days:
<?php
$query = $_POST['searchText'];
$accountKey = 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA';
$serviceRootURL = 'https://api.datamarket.azure.com/Bing/Search/';
$webSearchURL = $serviceRootURL . 'Web?$format=json&Query=';
$request = $webSearchURL . "%27" . urlencode( "$query" ) . "%27";
$process = curl_init($request);
curl_setopt($process, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($process, CURLOPT_USERPWD, "$accountKey:$accountKey");
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
$response = curl_exec($process);
$response = json_decode($response);
echo "<ol>";
foreach( $response->d->results as $result ) {
$url = $result->Url;
$title = $result->Title;
echo "<li><a href='$url'>$title</a></li>";
}
echo "</ol>";
?>
[WTS] changed SearchWeb to Search.

None of the above worked for me. Im running MAMP, this may be relevant. Try the below:
$accountKey = '=';
function sitesearch ($query, $site, $accountKey, $count=NULL){
// code from http://go.microsoft.com/fwlink/?LinkID=248077
$context = stream_context_create(array(
'http' => array(
'request_fulluri' => true,
'header' => "Authorization: Basic " . base64_encode($accountKey . ":" . $accountKey)
)
));
$ServiceRootURL = 'https://api.datamarket.azure.com/Data.ashx/Bing/Search/v1/News?Market=%27en-GB%27&';
$WebSearchURL = $ServiceRootURL . '$format=json&Query=';
$request = $WebSearchURL . urlencode("'$query'"); // note the extra single quotes
if ($count) $request .= "&\$top=$count"; // note the dollar sign before $top--it's not a variable!
return json_decode(file_get_contents($request, 0, $context), true);
}
$q = "query";
if ($q){
// get search results
$articles = sitesearch ($q, $_SERVER['HTTP_HOST'], $accountKey , 100);
foreach($articles['d']['results'] as $article) {
echo " <p>".$article['Title'].'</p>';
echo " <p>".$article['Description'].'</p>';
echo " <p>".$article['Source'].'</p>';
echo " <p>".strtotime($article['Date']).'</p>';
}
}
FROM:
http://bililite.com/blog/2012/06/05/new-bing-api/

you can use bellow code to get bing search results
$acctKey = 'Your account key here';
$rootUri = 'https://api.datamarket.azure.com/Bing/Search';
$query = 'Kitchen';
$serviceOp ='Image';
$market ='en-us';
$query = urlencode("'$query'");
$market = urlencode("'$market'");
$requestUri = "$rootUri/$serviceOp?\$format=json&Query=$query&Market=$market";
$auth = base64_encode("$acctKey:$acctKey");
$data = array(
'http' => array(
'request_fulluri' => true,
'ignore_errors' => true,
'header' => "Authorization: Basic $auth"
)
);
$context = stream_context_create($data);
$response = file_get_contents($requestUri, 0, $context);
$response=json_decode($response);
echo "<pre>";
print_r($response);
echo "</pre>";

http://www.guguncube.com/2771/python-using-the-bing-search-api
it contains python code to query the bing and this is according to latest new API (Windows Azure Marketplace)
# -*- coding: utf-8 -*-
import urllib
import urllib2
import json
def main():
query = "sunshine"
print bing_search(query, 'Web')
print bing_search(query, 'Image')
def bing_search(query, search_type):
#search_type: Web, Image, News, Video
key= 'YOUR_API_KEY'
query = urllib.quote(query)
# create credential for authentication
user_agent = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; FDM; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 1.1.4322)'
credentials = (':%s' % key).encode('base64')[:-1]
auth = 'Basic %s' % credentials
url = 'https://api.datamarket.azure.com/Data.ashx/Bing/Search/'+search_type+'?Query=%27'+query+'%27&$top=5&$format=json'
request = urllib2.Request(url)
request.add_header('Authorization', auth)
request.add_header('User-Agent', user_agent)
request_opener = urllib2.build_opener()
response = request_opener.open(request)
response_data = response.read()
json_result = json.loads(response_data)
result_list = json_result['d']['results']
print result_list
return result_list
if __name__ == "__main__":
main()

Don't forget to put this:
base64_encode("ignored:".$accountKey)
instead of:
base64_encode($accountKey . ":" . $accountKey)

Here is a working example of the Search API just replace "XXXX" with your access key. Even I wasted quite a few hours trying to get it to work using cURL but it was failing because of "CURLOPT_SSL_VERIFYPEER" on local :( - so make sure your cURL opts are set properly.
$url = 'https://api.datamarket.azure.com/Bing/Search/Web?Query=%27xbox%27';
$process = curl_init($url);
curl_setopt($process, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);
curl_setopt($process, CURLOPT_USERPWD, base64_encode("username:XXXX"));
curl_setopt($process, CURLOPT_TIMEOUT, 30);
curl_setopt($process, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($process, CURLOPT_SSL_VERIFYPEER, false);
$response = curl_exec($process);
# Deliver
return $response;
# Have a great day!
curl_close($process);

Here is the example of how to call Bing/Azure API using Unirest library.
require_once '/path/to/unirest-php/lib/Unirest.php';
$accountKey = "xxx";
$searchResults = Unirest::get("https://api.datamarket.azure.com/Bing/Search/v1/Composite",
array(),
array(
'Query' => '%27Microsoft%27',
'Sources' => '%27web%2Bimage%2Bvideo%2Bnews%2Bspell%27',
'$format' => 'json',
), $accountKey, $accountKey
);
// Results are here:
$objectArray = $searchResults->body->d->results;
$rawJson = $searchResults->raw_body;
You can omit Source parameter by defining it in the URL: https://api.datamarket.azure.com/Bing/Search/v1/Webor https://api.datamarket.azure.com/Bing/Search/v1/Image
Note: parameters in request URL are case-sensitive. For Bing they start with a capital letter.

Amazon Web Services signature error

<?php
error_reporting(E_ALL);
ini_set("display_errors", 1);
$AWS_ACCESS_KEY_ID = "KEY";
$AWS_SECRET_ACCESS_KEY = "ACCESS KEY";
$base_url = "http://webservices.amazon.com/onca/xml?";
$url_params = array('Operation'=>"ItemSearch",'Service'=>"AWSECommerceService",
'AWSAccessKeyId'=>$AWS_ACCESS_KEY_ID,'AssociateTag'=>"associateTag",
'Version'=>"2011-08-01",'Availability'=>"Available",'Condition'=>"All",
'ItemPage'=>"1",'ResponseGroup'=>"Images,ItemAttributes,EditorialReview",
'Keywords'=>"Amazon");
// Add the Timestamp
$url_params['Timestamp'] = gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time());
// Sort the URL parameters
$url_parts = array();
foreach(array_keys($url_params) as $key)
$url_parts[] = $key."=".$url_params[$key];
sort($url_parts);
// Construct the string to sign
$string_to_sign = "GET\webservices.amazon.com\n/onca/xml?\n".implode("&",$url_parts);
$string_to_sign = str_replace('+','%20',$string_to_sign);
$string_to_sign = str_replace(':','%3A',$string_to_sign);
$string_to_sign = str_replace(';',urlencode(';'),$string_to_sign);
// Sign the request
$signature = hash_hmac("sha256",$string_to_sign,$AWS_SECRET_ACCESS_KEY,TRUE);
// Base64 encode the signature and make it URL safe
$signature = base64_encode($signature);
$signature = str_replace('+','%2B',$signature);
$signature = str_replace('=','%3D',$signature);
$url_string = implode("&",$url_parts);
$url = $base_url.$url_string."&Signature=".$signature;
print $url;
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 15);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
$xml_response = curl_exec($ch);
echo $xml_response;
?>
this returns an signature error;
why?
this is the output, keys and tag are replaced for privacy
http://webservices.amazon.com/onca/xml?AWSAccessKeyId=KEY&AssociateTag=ASSIOCATE TAG&Availability=Available&Condition=All&ItemPage=1&Keywords=Amazon&Operation=ItemSearch&ResponseGroup=Images,ItemAttributes,EditorialReview&Service=AWSECommerceService&Timestamp=2012-05-27T09:35:43.000Z&Version=2011-08-01&Signature=KEVlbW6G9ygvHheTf5m0ymguE64LEaYGDtQZQe0bCLQ%3D

Not sure if you still need help with this, but it's most likely failing due not providing a valid associate tag in your call.
'AssociateTag'=>"associateTag"
So you need to change this value to:
'AssociateTag'=>"(my-assigned-associate-tag)"
You MUST use the associate tag given to you by Amazon. I think associate tags usually end with the number '20', but I can't verify that. If you don't know your associate tag, login to your affiliate account here: Amazon affiliate page
...and it will be the 'Signed in as/Tracking ID' value in the upper left hand corner of the page.

signature error is mainly due to the mismatch of access key id and secret key id
please cross verify this ids.
also check the associateTag