我试图向亚马逊销售合作伙伴API(node.js/Lambda(发出请求,但目前我总是收到403错误。我已经将相同的凭据和访问令牌插入Postman,请求工作正常。我相信在计算请求的签名时一定有错误,但我看不出有什么错误。
我计算签名如下:
function constructCanonicalRequest(accessToken, dateTime) {
let canonical = [];
canonical.push('GET');
canonical.push('/fba/outbound/2020-07-01/fulfillmentOrders/FBATestOrder-1');
canonical.push('');
canonical.push('host:' + 'sandbox.sellingpartnerapi-na.amazon.com');
canonical.push('x-amz-access-token:' + accessToken);
canonical.push('x-amz-date:' + dateTime);
canonical.push('');
canonical.push('host;x-amz-access-token;x-amz-date');
canonical.push(crypto.SHA256(''));
let canonicalRequest = canonical.join('n');
let canonicalRequestHash = crypto.SHA256(canonicalRequest);
return canonicalRequestHash
};
function constructStringToSign(dateTime, date, canonicalRequestHash) {
let stringToSign = [];
stringToSign.push('AWS4-HMAC-SHA256')
stringToSign.push(dateTime);
stringToSign.push(date + '/' + 'us-east-1' + '/' + 'execute-api' + '/aws4_request');
stringToSign.push(canonicalRequestHash);
return stringToSign.join('n');
};
function constructSignature(date, iamSecret, stringToSign) {
let kDate = crypto.HmacSHA256(date, 'AWS4' + iamSecret);
let kRegion = crypto.HmacSHA256('us-east-1', kDate);
let kService = crypto.HmacSHA256('execute-api', kRegion);
let kSigning = crypto.HmacSHA256('aws4_request', kService);
let signature = crypto.HmacSHA256(stringToSign, kSigning).toString(crypto.enc.Hex);
return signature
};
剩下的功能是:
let dateTimeISO = new Date().toISOString();
let dateTime = dateTimeISO.replace(/(.d{3})|W/g,'');
let date = dateTime.split('T')[0];
let canonicalRequestHash = constructCanonicalRequest(accessToken, dateTimeISO);
let stringToSign = constructStringToSign(dateTime, date, canonicalRequestHash);
let signature = constructSignature(date, iamSecret, stringToSign);
let authHeader = 'AWS4-HMAC-SHA256 Credential=' + iamId + '/' + date + '/' + 'us-east-1' + '/execute-api/aws4_request, SignedHeaders=host;x-amz-access-token;x-amz-date, Signature=' + signature
console.log(authHeader);
let amazonUrl = "https://sandbox.sellingpartnerapi-na.amazon.com/fba/outbound/2020-07-01/fulfillmentOrders/FBATestOrder-1";
const amazonResponse = await fetch(amazonUrl, {
method: 'get',
headers: {
'Authorization':authHeader,
'Content-Type':'application/json; charset=utf-8',
'host':'sandbox.sellingpartnerapi-na.amazon.com',
'x-amz-access-token':accessToken,
'user-agent': 'My Selling Tool/2.0 (Language=JS;Platform=Node)',
'x-amz-date':dateTime,
}
});
我还尝试使用多个不同的加密库来查看HMAC创建是否是问题所在,但这并没有解决任何问题。
我有权在C#中工作。GitHub上有一个Java库:https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md我只是按照那里的说明进行了操作,尽管C#库中有一个关于承担角色的缺陷,那就是在java库中。