Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Keep getting Unauthorized using sample requests #1

Closed
kingkong404 opened this issue Nov 23, 2020 · 31 comments
Closed

Keep getting Unauthorized using sample requests #1

kingkong404 opened this issue Nov 23, 2020 · 31 comments

Comments

@kingkong404
Copy link

kingkong404 commented Nov 23, 2020

Keep getting Unauthorized error using sample requests in docs. Should these examples work?

I'm trying to work out if I'm not authenticating properly or whether the API endpoint is giving the error as I'm trying to request data that I don't have access to (as it's your data)

Using a brand new marketplace seller account / no products / data.

CustomError: Access to requested resource is denied.
    at SellingPartner.callAPI (/Users/steven/Documents/boilerplate/versiontwo/node_modules/amazon-sp-api/lib/SellingPartner.js:203:13)
    at processTicksAndRejections (node:internal/process/task_queues:93:5)
    at /Users/steven/Documents/boilerplate/versiontwo/packages/amazon/lib/SP-api.ts:19:19 {
  code: 'Unauthorized',
  details: '',
  type: 'error'
}
require("dotenv").config();
require("source-map-support").install();

import SellingPartnerAPI from "amazon-sp-api";

(async () => {
  try {
    const sellingPartner = new SellingPartnerAPI({
      region: "eu",
      refresh_token:
        "XXX",
      options: {
        auto_request_tokens: true,
        auto_request_throttled: true,
      },
    });

    let res = await sellingPartner.callAPI({
      operation: "createReport",
      body: {
        reportType: "GET_FLAT_FILE_OPEN_LISTINGS_DATA",
        marketplaceIds: ["A1PA6795UKMFR9"],
      },
    });

    console.log(res);
  } catch (e) {
    console.log(e);
  }
})();
@amz-tools
Copy link
Owner

Hi there,

yes, it works for us and it should work for you as well and return a reportId. Looks like your are not authorized, but error messages from Amazon are currently not very helpful for some calls.
Might be because you have no listings in the marketplace yet? Try the "getMarketplaceParticipations" operation, this should definetly work when credentials are correct:
await sellingPartner.callAPI({ operation:'getMarketplaceParticipations' });
If not, check if your access_token and role_credentials are fetched corretly by calling them manually and check their values:
await sellingPartner.refreshAccessToken(); console.log(sellingPartner.access_token); await sellingPartner.refreshRoleCredentials(); console.log(sellingPartner.role_credentials);

@kingkong404
Copy link
Author

kingkong404 commented Nov 23, 2020

Hey, thanks for the quick reply.

require("dotenv").config();
require("source-map-support").install();

import SellingPartnerAPI from "amazon-sp-api";

(async () => {
  try {
    const sellingPartner = new SellingPartnerAPI({
      region: "na",
      refresh_token:
        "Atzr|IXXXXXXX",
      options: {
        auto_request_tokens: true,
        auto_request_throttled: true,
      },
    });

    await sellingPartner.refreshAccessToken();
    console.log(sellingPartner.access_token);
    
    await sellingPartner.refreshRoleCredentials();
    console.log(sellingPartner.role_credentials);

    let res = await sellingPartner.callAPI({ operation: "getMarketplaceParticipations" });

    console.log(res);
  } catch (e) {
    console.log(e);
  }
})();

Does that mean I'm authed as a security_token was returned?

(base) ➜  ts-node packages/amazon/lib/SP-api.ts
Atza|XXXXX
{
  id: 'ASIAXXXXXXXXX',
  secret: '1Nomv5x7c/JXXXXXXXXXX',
  security_token: 'FwoXXXXXXXXXXE='
}
CustomError: Access to requested resource is denied.
    at SellingPartner.callAPI (/Users/steven/Documents/boilerplate/versiontwo/node_modules/amazon-sp-api/lib/SellingPartner.js:203:13)
    at processTicksAndRejections (node:internal/process/task_queues:93:5)
    at /Users/steven/Documents/boilerplate/versiontwo/packages/amazon/lib/SP-api.ts:23:19 {
  code: 'Unauthorized',
  details: '',
  type: 'error'
}

@amz-tools
Copy link
Owner

amz-tools commented Nov 23, 2020

Since you receive access_token and security_token the credentials seem to be correct, yes. Have you checked that you are using the correct IAM role and that it has access to the sellingpartner API? If yes, I'm afraid I'm running out of ideas. :-)

One more idea: Since you created a new seller account, have signed up to a professional selling plan? I know at least for the old MWS API it a a requirement to have a professional plan so I would guess its a requirement for access to the SP API as well.

@kingkong404
Copy link
Author

I believe everything has been set up correctly. I followed the guide linked to create a role/ user etc although I'm going to redo the whole process again.

Also yes, I believe I'm a pro seller and all it set up correctly

image

Will report back shortly.

@kingkong404
Copy link
Author

Same error as before :/

Are there any other basic requests I could try other than await sellingPartner.callAPI({ operation: "getMarketplaceParticipations" })?

@amz-tools
Copy link
Owner

You could try the catalog item calls, i.e.:

await sellingPartner.callAPI({
  operation:'getCatalogItem',
  path:{
    asin:'B084J4QQFT'
  },
  query:{
    MarketplaceId:'A1PA6795UKMFR9'
  }
});

await sellingPartner.callAPI({
  operation:'listCatalogItems',
  query:{
    MarketplaceId:'A1PA6795UKMFR9',
    Query:'alexa'
  }
});

@kingkong404
Copy link
Author

Unfortunately still getting Unauthorized. Is there any way of increasing logging level or further investigating?

@amz-tools
Copy link
Owner

We haven't built in any debugging possibility yet, but you could log the request and result objects in lib/request.js, maybe this might help you in resolving the issue.

@kingkong404
Copy link
Author

kingkong404 commented Nov 23, 2020

Did you follow steps 1 to 6 listed here? Did you do anything else to get it working?

I'm wondering if their docs are missing a step.

@amz-tools
Copy link
Owner

Yes, just followed the steps. Only information missing in the guide is how to add the security_token, but thats handled inside our client. For the IAM ARN of your app client in sellercentral, did you make sure you put the IAM role created in step 4?
This should correspond with the value in the envvar AWS_SELLING_PARTNER_ROLE. Whereas AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY need to include the credentials from the IAM user created in step 2.
And have you made sure you are using the right region?

@kingkong404
Copy link
Author

kingkong404 commented Nov 23, 2020

And have you made sure you are using the right region?

I believe I just created everything in my default AWS Region does that make a difference?

image

Or did you mean region: "na" inside of the library config as my Seller Account is currently registered in the US?

Will go over the other items again now.

UPDATE:
did you make sure you put the IAM role created in step 4? Yes the Role not user is listed in the IAM ARN during the App creation screen.

And yes Key + Secret are from User created in Step 2

@amz-tools
Copy link
Owner

Hm, I'm afraid I'm running out of ideas here. Might be something with the region, as we tested with the EU region and not the NA region, but only the API endpoint subdomains and the region for signing the requests are different and both is implemented and working. So probably the best chance is to log the response headers of a failing request, copy the Request-ID returned ("x-amzn-requestid"-Header), open up a case with the SP/MWS-Team at Amazon and send them the Request-ID.
Please let me know if you find a solution!

@tday
Copy link

tday commented Nov 30, 2020

FWIW, I can confirm I was able to use this package in NA using the instructions in the README.

@kingkong404
Copy link
Author

FWIW, I can confirm I was able to use this package in NA using the instructions in the README.

@tday Thanks for clarifying. Must be something up with my amazon account then.

@kingkong404
Copy link
Author

@amz-tools So just to be 100% certain here are my regions.

  1. I am registered as a UK company with Amazon.
  2. In my Seller portal I have access to North America / Mexico and Canada. (I'm not planning on selling, this was default)
  3. AWS is US East although I looked into creating an EU Role / User although those assets in AWS seem to be global / not specific to any region.

How should I be configuring the region settings / configurations.

@amz-tools
Copy link
Owner

@StevenJE The region setting depends on the marketplace you want to request data from, not the region you registered in. Since you have access to the North America selling region (US, Canada, Mexico) you can use "na" as region.
I think you are right on the role settings, they shouldn't be specific to any region and the STS (security token service) request inside our module is using the global endpoint (sts.amazonmws.com).
Also, as you successfully received role credentials and an access token at least your AWS configuration and the refresh token seem to be correct. If you are also sure that your SELLING_PARTNER_APP_CLIENT_ID and SELLING_PARTNER_APP_CLIENT_SECRET settings are correct you should receive data.

@tday
Copy link

tday commented Dec 1, 2020

@StevenJE it's worth reaching out to Amazon to see if they gave you access correctly if all things check out on your end.

Amazon had notified us on two separate occasions we had access, but we in fact did not. We had to escalate three times to Amazon before they gave us proper access.

@meteci
Copy link

meteci commented Dec 12, 2020

@StevenJE Can you please try below request?

let res = await sellingPartner.callAPI({
operation: "getOrder",
path: {
orderId: "ORDER-NUMBER-HERE",
},
});

I'm having the same unauthorized issue but I was able to use the API with the above request without any problem. Seems like it has an issue with your Developer Profile Auths.

@kingkong404
Copy link
Author

@StevenJE Can you please try below request?

let res = await sellingPartner.callAPI({
operation: "getOrder",
path: {
orderId: "ORDER-NUMBER-HERE",
},
});

I'm having the same unauthorized issue but I was able to use the API with the above request without any problem. Seems like it has an issue with your Developer Profile Auths.

Hey @metecicek unfortunately the account I have is purely for development so it has no products or orders, so I don't think I can do the request as it would be lacking an order number.

@callumb123
Copy link

let res = await sellingPartner.callAPI({
operation: "getOrder",
path: {
orderId: "ORDER-NUMBER-HERE",
},
});

Hey @metecicek, I have been getting the same 403 unauthorised error and can confirm that this getOrder API call also worked for me. I have an open case with amazon support but let me know if you ever get to the bottom of it as so far they have been pretty useless.

@kingkong404
Copy link
Author

@callumb123 how did you open a support request with them? When I tried to open a request in seller central everything seemed very focused around sellers. Is there a way to get dev support?

Also any responses in the interim on your end from amazon?

Would love to get this fixed.

@callumb123
Copy link

@StevenJE I'm based in the UK so I used this link: https://sellercentral.amazon.co.uk/gp/mws/contactus.html

My first case got picked up by someone who was no help at all and didn't understand the question so I have had to submit a new ticket.

I have had one response where they have told me the LWA details I have used in the request are wrong and to double check them. I'm fairly sure they aren't (since the getOrder endpoint works) so have asked for more information on which details they think are wrong. I will update here again if I get to the bottom of it as I am also pretty desperate to get this working.

@kingkong404
Copy link
Author

@metecicek any updates on your end?

@kingkong404
Copy link
Author

@callumb123 thanks! Yeah me too, I'm burning cash paying for access with nothing working. Will update also.

@kingkong404
Copy link
Author

kingkong404 commented Dec 16, 2020

Hey @callumb123 I just tried re-running my code and now everything has started working... guessing it was something amazons side that they have now fixed.

try running this.

    let res2 = await sellingPartner.callAPI({ operation: "getMarketplaceParticipations" });

    console.log(res2);

@callumb123
Copy link

@StevenJE Awesome! Just tested a few endpoints there and they all seem to be working. I would be really curious to find out what was wrong as Amazon's end to affect so many people. Thanks a lot for letting me know, much appreciated!

@Tanveer-LowCoder
Copy link

This is weird, as I just hit this issue with an app that was already working yesterday!.

Ah, the perks of being a dev. Works one day, and it mysteriously stops working the next. Have raised a ticket, let's see what they say.

@Tanveer-LowCoder
Copy link

So, on further testing, found the following:

  1. when running a test on my own store, where I get null object back for getOrders - its working.
  2. When I try to get the getOrder for a clients store, where we got the spapi_auth correctly, and generated the refresh_token successfully. Get the following error:

020-12-26T12:51:26.034Z fa99489f-358c-4d9e-a07d-ec94d104a2fe INFO CustomError: Access to requested resource is denied.
at SellingPartner.callAPI (/var/task/node_modules/amazon-sp-api/lib/SellingPartner.js:229:13)
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async Runtime.exports.handler (/var/task/index.js:22:15) {
code: 'Unauthorized',
details: '',
type: 'error'
}

@pavel-labbmiljo
Copy link

pavel-labbmiljo commented Jan 26, 2021

I got the same "Access to requested resource is denied" issue. Does it work for the vendor central account, also?

@amz-tools
Copy link
Owner

Hi @pavel-labbmiljo,

we haven't tested it, maybe somebody else is here who can confirm it works. It should work, but it seems that vendors have a subset of operations of the SP API available, found this blog post here, maybe that helps.

@uythoang
Copy link

@StevenJE Can you please try below request?

let res = await sellingPartner.callAPI({
operation: "getOrder",
path: {
orderId: "ORDER-NUMBER-HERE",
},
});

I'm having the same unauthorized issue but I was able to use the API with the above request without any problem. Seems like it has an issue with your Developer Profile Auths.

So this getOrder operation works for me, but getMarketplaceParticipations also gives me the "Access to requested resource is denied." error. I've opened a case with the MWS team, so we'll see...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

8 participants