For the record, I love Amazon.com. I order dozens of CDs and DVDs through them all the time.
On my site I wrote a function to use Amazon Web Services to download product data for actors. For example, you visit Dan Aykroyd’s page and all his DVDs appear at the bottom. Simple enough.
Then today I get this confusing email from Amazon:
In addition to the new name, signatures will be necessary to authenticate each call to the Product Advertising API. This requirement will be phased in starting May 11, 2009, and by August 15, 2009, all calls to the Product Advertising API must be authenticated or they will not be processed. For pointers on how you can easily authenticate requests to the Product Advertising API, please refer to the developer guide, available here.
Sounds fair enough to me, I figure I just have to add a line of code to my script or something.
So I read the documentation:
http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/rest-signature.html
TEN Extra Steps!!!
I’ve now spent an entire hour trying to update my code. It works fine without the Signature (and it will continue to do so until August), but as soon as I add the Signature it gives me a 400 Bad Request.
According to the documentation this is the crucial line:
base64_encode(hash_hmac('sha1', $sig, "1234567890", true))
Anyway I’ve had enough for now, I’m going to drink something.
Update: Well it turns out that the part of the documentation they don’t include is that I need to get a Secret Key, they didn’t mention that “1234567890″ is a fake number.
Now I have to see if using my Secret Key will fix it…
