目录

1. 前提概要

2. Authorization 介绍

Python 版本完整案例

3. 拼接 Authorization

Task 1: Create a canonical request for Signature Version 4

Task 2: Create a string to sign for Signature Version 4

Task 3: Calculate the signature for AWS Signature Version 4

各版本的签名代码(Java, C#, Python, Ruby, and JavaScript)

常见签名异常

Task 4: Add the signature to the HTTP request

完整 Authorization 代码

Examples: Signature Calculations in AWS Signature Version 4

总结

对接亚马逊 SP-API(Selling Partner API) 第五章:Reports 模块 


1. 前提概要

1.1. 如果打算使用 SDK 的,可跳过这一章

1.2. 本章作了解就可以了。具体 demo 参考下一章【Reports 模块】

1.3. 每个 HTTP 请求都需要将 Authorization 放在 Headers 中

2. Authorization 介绍

官方文档

https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#step-4-create-and-sign-your-request

Python 版本完整案例

Examples of the complete Signature Version 4 signing process (Python).

你有两种方式可以添加 Authorization(具体内容查询官方文档)(仅针对SP-API而言

Authorization header

Query string

3. 拼接 Authorization

下面部分是所有 AWS 的签名方式。

Task 1: Create a canonical request for Signature Version 4

将请求的内容(主机、操作、标头等)组织为标准(规范)格式。规范请求是用于创建待签字符串的输入之一。

demo

CanonicalRequest =
  HTTPRequestMethod + '\n' +
  CanonicalURI + '\n' +
  CanonicalQueryString + '\n' +
  CanonicalHeaders + '\n' +
  SignedHeaders + '\n' +
  HexEncode(Hash(RequestPayload))

Hash 表示生成消息摘要的函数,通常是 SHA-256。(在该过程稍后的阶段中,您将指定要使用的哈希算法。)

HexEncode 表示以小写字母形式返回摘要的 base-16 编码的函数。

Task 2: Create a string to sign for Signature Version 4

使用规范请求和额外信息(例如算法、请求日期、凭证范围和规范请求的摘要(哈希))创建待签字符串。

Credential

DimensionDescriptionExample
DateAn eight-digit string representing the year (YYYY), month (MM), and day (DD) of the request.日期相关格式问题:处理签名版本 4 中的日期20190430
AWS regionThe region you are sending the request to. See Selling Partner API endpoints.us-east-1
ServiceThe service you are requesting. You can find this value in the endpoint. See Selling Partner API endpoints.execute-api
Termination stringA special termination string. For AWS Signature Version 4, the value is aws4_requestaws4_request

example

20201022/us-east-1/https://sellingpartnerapi-na.amazon.com/aws4_request

简而言之,这几个货都是小写的。

Task 3: Calculate the signature for AWS Signature Version 4

使用 AWS 秘密访问密钥作为初始哈希操作的密钥,对请求日期、区域和服务执行一系列加密哈希操作(HMAC 操作),从而派生签名密钥。在派生签名密钥后,通过对待签字符串执行加密哈希操作来计算签名。使用派生的签名密钥作为此操作的哈希密钥。

Signature

官方文档

https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html

各版本的签名代码(Java, C#, Python, Ruby, and JavaScript)

Examples of how to derive a signing key for Signature Version 4.

常见签名异常

https://docs.aws.amazon.com/general/latest/gr/signature-v4-troubleshooting.html

官方测试 demo

key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'

您的程序将为 getSignatureKey 中的值生成以下值。请注意,这些值是二进制数据的十六进制编码表示形式;密钥本身和中间值应该是二进制格式。

kSecret = '41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559'
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'

Task 4: Add the signature to the HTTP request

ComponentDescription
The algorithm used for signingThe hash algorithm used throughout the signing process. The Selling Partner API requires SHA-256. You specify this in Step 4. Create and sign your request. AWS4-HMAC-SHA256
CredentialYour AWS access key ID plus the Credential scope. You get your AWS access key ID in Step 2. Create an IAM user. user access key ID + Credential
SignedHeadersA list of all the HTTP headers that you included with the signed request. For an example, see Step 3. Add headers to the URI.
SignatureThe signature calculated in Step 4. Create and sign your request. Signature

 example

Authorization: AWS4-HMAC-SHA256 Credential={USER_IAM}/{Credential}, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date, Signature={Signature}

Authorization: AWS4-HMAC-SHA256 Credential=AKIAIHV6HIXXXXXXX/20201022/us-east-1/https://sellingpartnerapi-na.amazon.com/aws4_request, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date, Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924aEXAMPLE

完整 Authorization 代码

对接亚马逊 SP-API(Selling Partner API) 第五章:Reports 模块

Examples: Signature Calculations in AWS Signature Version 4

总结

对接亚马逊 SP-API(Amazon Selling Partner API) 第五章:Reports 模块 

Logo

亚马逊云科技开发者 Build On 是由亚马逊团队策划、开发者社区联合打造的动手实操系列活动。

更多推荐