Exclusive eBooks, Software Solutions, Quality Guaranteed
 
Web NukeBiz
Welcome to NukeBiz · Members
Bugger
 
of 6

 #91 » Product Advertising API
 Date Open: Jun 15, 2009 at 17:30:57    Last Update: Sep 14, 2009 at 02:10:13 Bugger Off: Sep 14, 2009 at 02:10:13 
 Description: Did you get this Email? Is it something I need to do or is it in the program?

Dear Product Advertising API Developer,
We wanted to remind you that all Product Advertising API developers will be required to authenticate all calls to the Product Advertising API by August 15, 2009. We noticed that requests with your AWS Access Key ID are not being signed and, while you have more than 60 days until the date on which authentication is required, we are, as a courtesy, sending you this email to remind you of the new authentication requirement. Please remember that calls to the Product Advertising API that are not signed will not be processed after August 15, 2009.


We’d also like to take this opportunity to point out the resources available to help you make this change to your applications:

The Developer Guide has details on what signed requests are and how to construct signed requests.
Sample Code for Signed Requests is available in Java, C# and Perl.
Our technical staff and other customers are available to answer questions on our Community Forums.
More resources can be found at the Product Advertising API home page.
 Request: Upgrade
 Application: Module
 Module: bizstore
 Solution: completed
 Bugger From: RickC
 Debugger: Phoenix
 Group Access: All Visitors
 DiscussIt Forum: BizStore
 DiscussIt Topic: Product Advertising API
 Status: Done
 Priority: High
 Topic Replies:
 Phoenix
 Jun 17, 2009
 01:04:49
I also have received the email - to my knowledge, there is no need to make a change.
AWS Request Authentication wrote:
There are two types of requests to AWS:
  • Anonymous requests. Requests to free services can be made anonymously. Though a valid Access Key ID must be included in all requests to AWS, no attempt is made to confirm that the request originated from the party responsible for the AWS account associated with the Access Key ID. In other words, no authentication is necessary for the request to succeed.

    Services to which anonymous requests can be made include: Amazon E-Commerce Service (ECS) 4.0 and Amazon Historical Pricing.

  • Authenticated requests. Services that want to track service usage, either for the purpose of calculating usage statistics or to bill for usage, must be able to verify that the identity of the sender of a request is the person or party responsible for the AWS account. The identity of the sender is verified by confirming that the Secret Access Key used in the request signature is the Secret Access Key associated with the Access Key ID included in the request.

    Services to which authenticated (signed) requests must be made include: Alexa Top Sites, Alexa Web Information Service (AWIS), Alexa Web Search Platform, Amazon Mechanical Turk, and Amazon Simple Queue Service (SQS).
To use a service that requires authenticated requests, a signature for each request must be calculated and included as the value of the Signature parameter in requests to those services.
Investigating further - their conflicting info doesn't help much.
 Phoenix
 Jun 21, 2009
 05:03:01
Okay, no problem - this site now meets the new requirements and operates with the Secret Key now required for "signed requests". If Amazon are doing this to eliminate abuse of their system, then it's a positive move. Given that it was only previously required for paid services, a suspicious person would see it as a pre-cursor to Amazon charging for use of its API in the future, a negative move.

I'll just let it run a while to see if there are any unexpected glitches - we have plenty of time before August 15th, so no rush.

I've also added capability for Canada and France, plus updated the descriptor and language values.

To ensure a clean break from past ID values I have started afresh by generating a new Access Key ID, which also provides the corresponding Secret Key - I recommend others do the same.
 Phoenix
 Jun 29, 2009
 09:32:00
Provision added for operating multi-locales from the same BizStore installation.
e.g. this site now provides access to US, Canada, UK, Germany, France and Japan simply by clicking on the flag icons, and you can provide your own associates ID for each one.

Signed requests now fully debugged and operational for all requests including cart functions.
 RickC
 Aug 17, 2009
 22:00:22
Are you releasing an update?
My BizStore is no longer returning any results.
 Phoenix
 Aug 18, 2009
 12:07:57
I am terribly sorry about the delay - I fixed it ages ago and just left it running to establish any bugs.

Well, there were no bugs and I completely forgot about the deadline.

http://nukebiz.com/Downloads/details/id=54/
 RickC
 Aug 18, 2009
 18:11:33
Thank you that did the trick.

Now if I can just find out why it dont work on 1and1 with PHP 5
150 buggers listed, 109 buggered off, 31 declined, 8 on hold.