?

Log in

Previous Entry | Next Entry

I've been working on a project lately that I'm excited about, but not quiiiiite ready to talk about just yet.

Unfortunately, this project has involved working with the Amazon API. I say "unfortunately" because the Amazon API is truly the Mos Eisley of the computer world: you will never find a more wretched hive of bugs and poor documentation.

Nearly all of the sample code in the Amazon developer index dealing with the Product Advertising API does not work, and has not worked since 2009, when Amazon made a change requiring cryptographic signing of all API requests. I am a PHP programmer, and the PHP sample code for dealing with the API does not work and has not worked for a very long time.

For example, the sample SimpleStore PHP script called "Amazon Associates Web Service Simple Store in PHP" in their code library was written in 2006 (ten years ago!), broke in 2009, but is still on their developer site.

You can imagine how rage-inducing this is. In science, we are all standing on the shoulders of giants. In computer science, we are all standing on each other's feet.

So I've spent the last few days eyebrow-deep in Amazon's technical documentation, trying to make decade-old sample code work so that I could do something--anything--with the API.

I've finally made the SampleStore PHP script work with the modern Amazon API, and fixed some bugs and closed some security holes along the way. I've decided to make the fixed script freely available to anyone who wants it. I've commented it extensively in the code.

If you're working with the Amazon API in PHP and you're tearing your hair out because nothing works and there is no sample code to show how to build cryptographically signed API requests, fear not! This code works. The interface is simple and ugly, but the PHP will get you up and running.



Please feel free to use, remix, copy, redistribute, or do whatever else you want. I sincerely hope that this code will help someone somewhere not have to tear their hair out the way I did.


Comments

( 13 comments — Leave a comment )
sweh
Apr. 7th, 2016 02:14 pm (UTC)
I had similar fun in perl a few years back (to avoid CPAN dependency hell). Trying to work out exactly what elements of the query formed part of the signature was the "fun" part.

  my $srvr="ecs.amazonaws.com/onca/xml";

  my $request =
    "AWSAccessKeyId=$accesskey" .
    "&AssociateTag=foo" .
    "&ItemId=$asin" .
    "&Operation=$operation" .
    "&ResponseGroup=$responsegroup" .
    "&Service=$service" .
    "&Timestamp=$timestamp" .
    "&Version=$version" ;

  # We need to sign this.  First, make the to-sign-string
  my $hd=$srvr;   $hd=~s/\//\n\//;  # WTF?
  my $tosign="GET\n$hd\n$request";
  my $sig=Digest::SHA::hmac_sha256_base64 ($tosign, $secretkey);
  $sig=~s/\+/%2B/g;
  $sig=~s/=/%3D/g;
  $request="$server?$request&Signature=$sig%3D";
tacit
Apr. 7th, 2016 07:44 pm (UTC)
Yanno, I used to write code in Perl, and Perl STILL looks like line noise to me.
sweh
Apr. 7th, 2016 07:46 pm (UTC)
+++ATH
edm
Apr. 8th, 2016 03:05 am (UTC)
wretched hive
you will never find a more wretched hive of bugs and poor documentation.

There's a lot of competition for that status!

For instance a sizeable portion of my week went into reverse engineering bits of the Microsoft Access ("JET Red", v4) database index metadata in its on-disk format. There are a few online, reverse engineered, references... but it turns out that all but one of them are subtly wrong in a way that matters, and AFAICT the only correct one is a Java library.

(Although I do have to admit that the vendor having a broken example on their own site is particularly frustrating. Even more so than the 404s that usually seem to happen to Big Corporate sites after a few months go past.)

Ewen



Edited at 2016-04-08 03:05 am (UTC)
tacit
Apr. 9th, 2016 04:04 am (UTC)
Re: wretched hive
True that.

I am of the opinion that Amazon might be at or near the top of the heap of bugs and villainy in part because their sample code was written in 2006, stopped working in 2009 when they changed their API requirements, but has never been updated--it is still the "official" sample code for accessing their API.

Edited at 2016-04-09 04:05 am (UTC)
(Anonymous)
Aug. 1st, 2016 11:00 am (UTC)
Cannot Download your Code Zip File
Your download link: https://www.xeromag.com/pub/SimpleStore.zip

is NOT working. I cannot download the code. Can you plz fix that.
tacit
Aug. 1st, 2016 08:30 pm (UTC)
Re: Cannot Download your Code Zip File
Huh. I just tested it and it is working for me. What problem are you having?
(Anonymous)
Aug. 3rd, 2016 08:41 am (UTC)
The download link is not working
Hello

The download link somehow blocked by my internet provider, take a look at this http://prntscr.com/c10cbv. Would you please kindly send the file via email to qbonszone[at].gmail .com? Really appreciate that. Thanks in advance.
tacit
Aug. 3rd, 2016 10:31 am (UTC)
Re: The download link is not working
Will do!
(Anonymous)
Dec. 1st, 2016 02:59 am (UTC)
You are a life saver!
I spent the last ten hours dealing with outdated code and bugs, and your program worked right away! Thanks for modernizing this! I first worked with their Amazon's feeds in 2003 and it will be a blast to use this tech again!
(Anonymous)
Mar. 9th, 2017 12:51 am (UTC)
hallelujah
Just wanted to say thank you. You saved me many hours of work - gratitude!
(Anonymous)
Jun. 2nd, 2017 08:50 pm (UTC)
You are a life saver!
I sincerely hope that this code will help someone somewhere not have to tear their hair out the way I did

you did, i'm very grateful. can't say how disappointed i was with amazon. Even their so called scratchpad is outdated (:.

Your "ugly" interface lit up my world thanks for sharing
(Anonymous)
Jun. 13th, 2017 12:49 pm (UTC)
Thanks for this
Thank you so much for this code.
( 13 comments — Leave a comment )