How to fix issue calling Amazon SP-API, which always returns Unauthorized, even with valid Token and Signature

Question

How to fix issue calling Amazon SP-API, which always returns Unauthorized, even with valid Token and Signature

Dav*_*vid 5 c# api integration amazon amazon-mws

I went through the guide of for getting setup to call the new SP-API (https://github.com/amzn/selling-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md), and during the process checked off all of the api areas to grant access to (i.e. Orders, Inventory, etc). I am using the C# library provided by Amazon (https://github.com/amzn/selling-partner-api-models/tree/main/clients/sellingpartner-api-aa-csharp). I successfully get an access token and successfully sign the request, but always get the following error: Access to requested resource is denied. / Unauthorized, with no details. I am trying to perform a simple get to the /orders/v0/orders endpoint. Any ideas what I'm doing wrong? Any help would be greatly appreciated!

Below is my code:

private const string MARKETPLACE_ID = "ATVPDKIKX0DER";

var resource = $"/orders/v0/orders";

var client = new RestClient("https://sellingpartnerapi-na.amazon.com");

IRestRequest restRequest = new RestRequest(resource, Method.GET);

restRequest.AddParameter("MarketPlaceIds", MARKETPLACE_ID, ParameterType.QueryString);

restRequest.AddParameter("CreatedAfter", DateTime.UtcNow.AddDays(-5), ParameterType.QueryString);



var lwaAuthorizationCredentials = new LWAAuthorizationCredentials

{

    ClientId = AMAZON_LWA_CLIENT_ID,

    ClientSecret = AMAZON_LWA_CLIENT_SECRET,

    RefreshToken = AMAZON_LWA_REFRESH_TOKEN,

    Endpoint = new Uri("https://api.amazon.com/auth/o2/token")

};



restRequest = new LWAAuthorizationSigner(lwaAuthorizationCredentials).Sign(restRequest);



var awsAuthenticationCredentials = new AWSAuthenticationCredentials

{

    AccessKeyId = AMAZON_ACCESS_KEY_ID,

    SecretKey = AMAZON_ACCESS_SECRET,

    Region = "us-east-1"

};



restRequest = new AWSSigV4Signer(awsAuthenticationCredentials).Sign(restRequest, client.BaseUrl.Host);

var response = client.Execute(restRequest);

Run Code Online (Sandbox Code Playgroud)

Answer 1

Dav*_*vid 0

在我们的情况下，我们必须向我们定义为进行 API 调用的用户显式添加 IAM 策略。请参阅下面的链接并确认您调用 API 的用户已分配给他们的策略：

https://github.com/amzn/ sell-partner-api-docs/blob/main/guides/developer-guide/SellingPartnerApiDeveloperGuide.md#step-3-create-an-iam-policy

不知何故，我们进行了两次分步设置，并且错过了添加此显式策略。最初我认为它是按照指示“内联”添加的，但这似乎不起作用。

归档时间：	5 年，1 月前
查看次数：	3847 次
最近记录：	4 年，7 月前