AWS/PAA Error with REST Request Query Signer - Classic ASP
67 views
Skip to first unread message
cindy0117
Aug 18, 2009, 2:32:16 PM8/18/09
to SowaCS Consulting
Hi, I first want to thank you for providing the signature service and
your code. You are a lifesaver! I am using your signature service
for my Amazon requests, while I am getting my code up and running from
your ASP & Javascript example. The service worked without any issues.
I am having a problem with getting correct results with my ASP code.
I have copied my AWS Access Key Id and Secret Access Key directly from
my account on Amazon, so I'm sure it is correct. I'm getting the
following errors in my XML from AWS:
-
<ItemLookupResponse>
-
<OperationRequest>
-
<HTTPHeaders>
<Header Name="UserAgent" Value="Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR
3.5.30729)"/>
</HTTPHeaders>
<RequestId>012YSTSA77WJ3ZBKWXZG</RequestId>
-
<Arguments>
<Argument Name="MerchantId" Value="ATVPDKIKX0DER"/>
<Argument Name="ItemId" Value="097634081X"/>
<Argument Name="Service" Value="AWSECommerceService"/>
<Argument Name="Signature" Value="(calculated signature)"/>
<Argument Name="ResponseGroup" Value="Medium"/>
<Argument Name="Operation" Value="ItemLookup"/>
<Argument Name="IdType" Value="ASIN"/>
<Argument Name="AWSAccessKeyId" Value="(my access key)"/>
<Argument Name="Timestamp" Value="2009-08-18T18:02:53Z"/>
<Argument Name="EndpointUri" Value="webservices.amazon.com/onca/xml"/>
</Arguments>
-
<Errors>
-
<Error>
<Code>AWS.InvalidParameterValue</Code>
-
<Message>
(calculated signature) is not a valid value for Signature. Please
change this value and retry your request.
</Message>
</Error>
-
<Error>
<Code>AWS.InvalidSignature</Code>
-
<Message>
The request signature we calculated does not match the signature you
provided. Check your AWS Secret Access Key and signing method. Consult
the service documentation for details.
</Message>
</Error>
</Errors>
</OperationRequest>
</ItemLookupResponse>
I appreciate any help you can provide. Let me know what code you'd
like me to post.
Cindy
your code. You are a lifesaver! I am using your signature service
for my Amazon requests, while I am getting my code up and running from
your ASP & Javascript example. The service worked without any issues.
I am having a problem with getting correct results with my ASP code.
I have copied my AWS Access Key Id and Secret Access Key directly from
my account on Amazon, so I'm sure it is correct. I'm getting the
following errors in my XML from AWS:
-
<ItemLookupResponse>
-
<OperationRequest>
-
<HTTPHeaders>
<Header Name="UserAgent" Value="Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.9.0.13) Gecko/2009073022 Firefox/3.0.13 (.NET CLR
3.5.30729)"/>
</HTTPHeaders>
<RequestId>012YSTSA77WJ3ZBKWXZG</RequestId>
-
<Arguments>
<Argument Name="MerchantId" Value="ATVPDKIKX0DER"/>
<Argument Name="ItemId" Value="097634081X"/>
<Argument Name="Service" Value="AWSECommerceService"/>
<Argument Name="Signature" Value="(calculated signature)"/>
<Argument Name="ResponseGroup" Value="Medium"/>
<Argument Name="Operation" Value="ItemLookup"/>
<Argument Name="IdType" Value="ASIN"/>
<Argument Name="AWSAccessKeyId" Value="(my access key)"/>
<Argument Name="Timestamp" Value="2009-08-18T18:02:53Z"/>
<Argument Name="EndpointUri" Value="webservices.amazon.com/onca/xml"/>
</Arguments>
-
<Errors>
-
<Error>
<Code>AWS.InvalidParameterValue</Code>
-
<Message>
(calculated signature) is not a valid value for Signature. Please
change this value and retry your request.
</Message>
</Error>
-
<Error>
<Code>AWS.InvalidSignature</Code>
-
<Message>
The request signature we calculated does not match the signature you
provided. Check your AWS Secret Access Key and signing method. Consult
the service documentation for details.
</Message>
</Error>
</Errors>
</OperationRequest>
</ItemLookupResponse>
I appreciate any help you can provide. Let me know what code you'd
like me to post.
Cindy
C Sowa
Aug 18, 2009, 5:34:16 PM8/18/09
to SowaCS Consulting
To verify: the latest version of that download was posted 2009.06.25,
so if you don't have that one, you may want to grab it. Earlier code
should be fine for this type of request, but it helps to be on the
same page.
Just to make sure, I've tested that same request with the download
code (with my own Id, of course):
http://awsqs.no-ip.org/awsquerysigner_asp_test/AWSQuerySigner.asp?MerchantId=ATVPDKIKX0DER&ItemId=097634081X&Service=AWSECommerceService&ResponseGroup=Medium&Operation=ItemLookup&IdType=ASIN&AWSAccessKeyId=16GM21EYQRT6QQWW05G2&EndpointUri=webservices.amazon.com/onca/xml
This seems to work fine, so the original code and the request as noted
don't appear to have any inherent problems.
My guess is that the problem would be arising from either code
modifications that you have made, or perhaps copy / paste errors of
the secret key, or the key has been changed at Amazon (I know you've
emphaized that you've double checked, but that possibility still
remains).
What _does_ seem to be working is that it is finding your
AWSAccessKeyId ok, and the EndpointUri is ok.
And you have been able to process this particular request using the
AWSQS service, correct ?
Another possibility is the particular way the request is being sent to
AWS. Using Fiddler2 (http://fiddler2.com) to look at the HTTP headers
for both the original request, and the redirected request that AWS
receives, can help narrow things down as well.
So, some questions:
- What sort of code changes, if any, have you made ?
- Can you post the HTTP headers from your requests ? There will be
one to your service with an HTTP status of 302, which is your original
request, followed by one to AWS with a status of 200. You can grab the
whole requests, headers and all, from within Fiddler.
so if you don't have that one, you may want to grab it. Earlier code
should be fine for this type of request, but it helps to be on the
same page.
Just to make sure, I've tested that same request with the download
code (with my own Id, of course):
http://awsqs.no-ip.org/awsquerysigner_asp_test/AWSQuerySigner.asp?MerchantId=ATVPDKIKX0DER&ItemId=097634081X&Service=AWSECommerceService&ResponseGroup=Medium&Operation=ItemLookup&IdType=ASIN&AWSAccessKeyId=16GM21EYQRT6QQWW05G2&EndpointUri=webservices.amazon.com/onca/xml
This seems to work fine, so the original code and the request as noted
don't appear to have any inherent problems.
My guess is that the problem would be arising from either code
modifications that you have made, or perhaps copy / paste errors of
the secret key, or the key has been changed at Amazon (I know you've
emphaized that you've double checked, but that possibility still
remains).
What _does_ seem to be working is that it is finding your
AWSAccessKeyId ok, and the EndpointUri is ok.
And you have been able to process this particular request using the
AWSQS service, correct ?
Another possibility is the particular way the request is being sent to
AWS. Using Fiddler2 (http://fiddler2.com) to look at the HTTP headers
for both the original request, and the redirected request that AWS
receives, can help narrow things down as well.
So, some questions:
- What sort of code changes, if any, have you made ?
- Can you post the HTTP headers from your requests ? There will be
one to your service with an HTTP status of 302, which is your original
request, followed by one to AWS with a status of 200. You can grab the
whole requests, headers and all, from within Fiddler.
C Sowa
Aug 19, 2009, 8:00:00 PM8/19/09
to SowaCS Consulting
Follow up:
There was a bug introduced in the 2009.06.25 changes for POST handling
only. The Signature parameter was being URLEncoded when it shouldn't
have been, causing the POSTed Signature to be double encoded by the
time it arrived at AWS/PAA, and therefor rejected.
This impacted the JavaScript sample's AWSQuerySigner.js code, which is
also used by the ASP sample.
The updated downloads can be found at http://sowacs.appspot.com/AWS/Downloads/
.
Thanks are due to cindy0117 for uncovering this issue, and providing
excellent diagnostic material.
There was a bug introduced in the 2009.06.25 changes for POST handling
only. The Signature parameter was being URLEncoded when it shouldn't
have been, causing the POSTed Signature to be double encoded by the
time it arrived at AWS/PAA, and therefor rejected.
This impacted the JavaScript sample's AWSQuerySigner.js code, which is
also used by the ASP sample.
The updated downloads can be found at http://sowacs.appspot.com/AWS/Downloads/
.
Thanks are due to cindy0117 for uncovering this issue, and providing
excellent diagnostic material.
Reply all
Reply to author
Forward
0 new messages