Amazon Product API返回“SignatureDoesNotMatch”

时间:2011-06-04 06:52:06

标签: php xml web-services product

我想通过ISBN(用于慈善计划)编写应用程序以获取书籍封面。所以我决定使用亚马逊产品API。我有访问密钥和密钥。我得到了一个生成密钥的代码,我通过了URL但是返回了

<?xml version="1.0"?>
<ItemLookupErrorResponse xmlns="http://ecs.amazonaws.com/doc/2005-10-05/">
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated
does not match the signature you provided. 
Check your AWS Secret Access Key and signing method. 
Consult the service documentation for details.     
</Message></Error><RequestID>6c60b8b7-8b78-4f21-bb7c-3d5d3a26dc48</RequestID>
</ItemLookupErrorResponse>

那是代码

<?php
$AWSAccessKeyId = "*******ACCESS KEY***************";



    $signature = base64_encode(hash_hmac('sha256',$string_to_sign,"******SECRET KEY*******",true));
    // encode any plus (+), equal (=), or other reserved characters in $signature
    $signature = str_replace('%7E','~',rawurlencode($signature));

    $url = "http://ecs.amazonaws.com/onca/xml?AWSAccessKeyId=".$AWSAccessKeyId."&IdType=ASIN&ItemId=1933988355&Operation=ItemLookup&ResponseGroup=Medium%2COffers&Service=AWSECommerceService&Timestamp=".gmdate('Y-m-d\TH:i:s\Z')."&Signature=".$signature;

echo $url;
?>

代码有什么问题?

更新

我尝试使用相同的时间戳。仍然没有运气。这是示例代码。

$method = "GET";
$host = "ecs.amazonaws.".$region;
$uri = "/onca/xml";

// additional parameters
$params["Service"] = "AWSECommerceService";
$params["AWSAccessKeyId"] = $public_key;
// GMT timestamp
$params["Timestamp"] = gmdate("Y-m-d\TH:i:s\Z");
// API version
$params["Version"] = "2009-03-31";

// sort the parameters
ksort($params);

// create the canonicalized query
$canonicalized_query = array();
foreach ($params as $param=>$value)
{
    $param = str_replace("%7E", "~", rawurlencode($param));
    $value = str_replace("%7E", "~", rawurlencode($value));
    $canonicalized_query[] = $param."=".$value;
}
$canonicalized_query = implode("&", $canonicalized_query);

// create the string to sign
$string_to_sign = $method."\n".$host."\n".$uri."\n".$canonicalized_query;

// calculate HMAC with SHA256 and base64-encoding
$signature = base64_encode(hash_hmac("sha256", $string_to_sign, $private_key, True));

// encode the signature for the request
$signature = str_replace("%7E", "~", rawurlencode($signature));

2 个答案:

答案 0 :(得分:6)

从时间戳创建一个变量,在$ string_to_sign和url-parameter中使用它,否则可能会发生两个时间戳不同的情况。要提供更多帮助,您需要显示$ string_to_sign的创建。

此外:Timestamp-parameter也需要进行urlencoded编码。

也许这对您有用:http://mierendo.com/software/aws_signed_query/

答案 1 :(得分:2)

请求的“签名”包括请求“operation”参数和时间戳。这是一个应该用于创建签名的函数:

function createSignature($operation,$timestamp){
    $the_string=$operation.$timestamp;
    return base64_encode(hash_hmac("sha256",$the_string,$this->secret_key,true));
}

您在请求中发送的时间戳应与传递给createSignature函数的时间戳相同。换句话说,不要生成两次时间戳。将其保存到变量中,然后将其用于两者。

此外,这是我创建的一个PHP类,用于简化向API发出请求的过程: https://github.com/traviswimer/AmazonProductAPI_SOAPer/blob/master/AmazonApi.php

相关问题
最新问题