请求签名在Amazon API中不匹配(要签名的字符串)

时间:2018-05-01 12:55:50

标签: javascript amazon-web-services google-apps-script amazon-mws

我尝试使用Google Apps脚本向Amazon发出API调用,以获取有关ID的订单信息:XXX-XXXXXX-XXXXXX in marketplace:UK - A1F83G8C2ARO7P。

我一直得到回应:

<Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message>

我根据文档做了一切,我使用了这个例子:

Using GET with Authentication Information in the Query String (Python).

对于散列,我使用了库:jsSHA和SHA变体SHA-256。

我认为在公式中:

signature = HexEncode(HMAC(derived signing key, string to sign))我在第二部分实施了一些错误的内容:string to sign但无法确切地知道究竟是什么。 

function amazonGetQuery () {

var date = new Date(); 
var amz_date  = date.toISOString(); //2018-05-01T20:40:50.940Z

var yearMonthDay= Utilities.formatDate(date, 'UTC', 'yyyyMMdd');
var hourMinuteSec = Utilities.formatDate(date, 'UTC', 'HHmmss');

var dateForStringToSign = yearMonthDay +'T'+hourMinuteSec+'Z'; //20180501T204050Z

var datestamp = yearMonthDay; // 20180501

var access_key = "XXXXXXXXXXXXXXX";

var method = 'GET';
var service = 'mws'
var host = 'mws.amazonservices.co.uk';
var region = 'eu-west-2';
var endpoint = 'https://mws.amazonservices.co.uk/Orders/2013-09-01';


var canonical_uri = '/Orders/2013-09-01';
var canonical_headers = 'host:' + host + '\n';
var signed_headers = 'host';


//# Match the algorithm to the hashing algorithm you use, either SHA-1 or
//# SHA-256 (recommended)
var algorithm = 'AWS4-HMAC-SHA256';
var credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request';

Logger.log('credential_scope: '+credential_scope);

//# Step 4: Create the canonical query string. In this example, request
//# parameters are in the query string. Query string values must
//# be URL-encoded (space=%20). The parameters must be sorted by name

var canonical_querystring =  'AWSAccessKeyId='+encodeURIComponent('XXXXXXXXXXXXXX');
    canonical_querystring += '&Action='+encodeURIComponent('GetOrder');
    canonical_querystring += '&AmazonOrderId.Id.1='+encodeURIComponent('XXX-XXXXXX-XXXXXX');
    canonical_querystring += '&MWSAuthToken='+encodeURIComponent('xxx.xxx.xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx');
    canonical_querystring += '&MarketplaceId.Id.1='+encodeURIComponent('A1F83G8C2ARO7P');
    canonical_querystring += '&SellerId='+encodeURIComponent('XXXXXXXXXXX');
    canonical_querystring += '&SignatureMethod='+encodeURIComponent('HmacSHA256');
    canonical_querystring += '&SignatureVersion='+encodeURIComponent('2');
    canonical_querystring += '&Timestamp='+encodeURIComponent(amz_date);
    canonical_querystring += '&Version='+encodeURIComponent('2013-09-01');
    canonical_querystring += '&X-Amz-Algorithm='+encodeURIComponent('AWS4-HMAC-SHA256');
    canonical_querystring += '&X-Amz-Credential='+encodeURIComponent(access_key + '/' + credential_scope);
    canonical_querystring += '&X-Amz-Date='+encodeURIComponent(amz_date);
    canonical_querystring += '&X-Amz-Expires=2';
    canonical_querystring += '&X-Amz-SignedHeaders='+encodeURIComponent(signed_headers);


//singing key
var shaObj = new jsSHA("SHA-256", "TEXT");
shaObj.setHMACKey("41575334XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX456", "HEX"); // 
shaObj.update(datestamp);
var hmac = shaObj.getHMAC("HEX");

var shaObj2 = new jsSHA("SHA-256", "TEXT");
shaObj2.setHMACKey(hmac, "HEX");
shaObj2.update(region);
var hmac2 = shaObj2.getHMAC("HEX");


var shaObj3 = new jsSHA("SHA-256", "TEXT");
shaObj3.setHMACKey(hmac2, "HEX");
shaObj3.update(service);
var hmac3 = shaObj3.getHMAC("HEX");

var shaObj4 = new jsSHA("SHA-256", "TEXT");
shaObj4.setHMACKey(hmac3, "HEX");
shaObj4.update("aws4_request");
var signing_key = shaObj4.getHMAC("HEX");


//# Step 5: Create payload hash. For GET requests, the payload is an
//# empty string ("").
//Example hashed payload (empty string)
//e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
var shaObj1 = new jsSHA("SHA-256", "TEXT");
shaObj1.update('');
var payload_hash = shaObj1.getHash("HEX");

Logger.log('payload_hash: \n'+payload_hash);

//# Step 6: Combine elements to create canonical request
var canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' +payload_hash;

Logger.log('cannonical_request: \n'+canonical_request)

//Hashed canonical request
var shaObj7 = new jsSHA("SHA-256", "TEXT");
shaObj7.update(canonical_request);
var hashed_canonical_request = shaObj7.getHash("HEX");
Logger.log('hashed_canonical_request: \n'+hashed_canonical_request);


//stringTosign
var string_to_sign = algorithm + '\n' +  dateForStringToSign + '\n' +  credential_scope + '\n' + hashed_canonical_request; 
Logger.log('string_to_sign: \n'+string_to_sign);

//SIGNATURE
var shaObj5 = new jsSHA("SHA-256", "TEXT");
shaObj5.setHMACKey(signing_key, "HEX");
shaObj5.update(string_to_sign);
var signature = shaObj5.getHMAC("HEX");
Logger.log('signature: \n'+signature);

canonical_querystring += '&Signature=' + signature;

var request_url = endpoint + '?' + canonical_querystring;

Logger.log('request_url: '+request_url+'\n')


 var options = {

      'method' : 'get',
      'muteHttpExceptions':true,
      'host': host,

 }

UrlFetchApp.fetch(request_url, options);



}

结果:

credential_scope: 

20180501/eu-west-2/mws/aws4_request

cannonical_request: 

GET
/Orders/2013-09-01
AWSAccessKeyId=XXXXXXXXXXXX&Action=GetOrder&AmazonOrderId.Id.1=XXX-XXXXXX-XXXXXX&MWSAuthToken=xxxx.xxxx.xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx&MarketplaceId.Id.1=A1F83G8C2ARO7P&SellerId=XXXXXXXXX&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2018-05-01T12%3A02%3A18.889Z&Version=2013-09-01&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=XXXXXXXX%2F20180501%2Feu-west-2%2Fmws%2Faws4_request&X-Amz-Expires=2&X-Amz-Date=2018-05-01T12%3A02%3A18.889Z&X-Amz-SignedHeaders=host
host:mws.amazonservices.co.uk

host
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

string_to_sign: 

AWS4-HMAC-SHA256
20180501T205153Z
20180501/eu-west-2/mws/aws4_request
XXX436XXXXXXXX3d5beXXXdec39XXXXXXXXXXXXXXXX1d57fb33XXXXXc

request_url:

https://mws.amazonservices.co.uk/Orders/2013-09-01?AWSAccessKeyId=XXXXXXXXXXXXXX&Action=GetOrder&AmazonOrderId.Id.1=xxx-xxxxxx-xxxxxxx&MWSAuthToken=xxxx.xxx.xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx&MarketplaceId.Id.1=A1F83G8C2ARO7P&SellerId=XXXXXXXXXXXXXXXX&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2018-05-01T12%3A02%3A18.889Z&Version=2013-09-01&X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=XXXXXXXXXXX%2F20180501%2Feu-west-2%2Fmws%2Faws4_request&X-Amz-Expires=2&X-Amz-Date=2018-05-01T12%3A02%3A18.889Z&X-Amz-SignedHeaders=host&Signature=a29XXXXXXXXXXXXXXXXX863b0ade00881XXXXXXXXXXXX1ae1216XXXX

1 个答案:

答案 0 :(得分:0)

大约2年前,我发布了这个问题,最近,该帖子上有一些活动,因此我想分享一个技巧,这有助于我成功进行API请求。亚马逊具有用于测试API请求的特殊在线工具,该工具称为:Amazon Scratchpad。如果通过此页面获得的响应没有任何错误,那么您可以比较代码中的输入数据并轻松查找错误。

每个市场的便笺本网址都不同,即:对于DE,https://mws.amazonservices.de/scratchpad/index.html,对于英国https://mws.amazonservices.co.uk/scratchpad/index.html等。

enter image description here

相关问题
最新问题