亚马逊产品API返回“ SignatureDoesNotMatch”

编程问答 2022-04-26

问题描述

| 我想编写用于通过ISBN(适用于慈善计划)获取图书封面的应用。因此,我决定使用Amazon产品API。我有访问密钥和秘密密钥。我有一个用于生成我通过URL的生成密钥的代码,但返回的却是这样 
<?xml version=\"1.0\"?>
<ItemLookupErrorResponse xmlns=\"http://ecs.amazonaws.com/doc/2005-10-05/\">
<Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated
does not match the signature you provided. 
Check your AWS Secret Access Key and signing method. 
Consult the service documentation for details.     
</Message></Error><RequestID>6c60b8b7-8b78-4f21-bb7c-3d5d3a26dc48</RequestID>
</ItemLookupErrorResponse>
那是代码 
<?PHP
$AWSAccessKeyId = \"*******ACCESS KEY***************\";



    $signature = base64_encode(hash_hmac(\'sha256\',$string_to_sign,\"******SECRET KEY*******\",true));
    // encode any plus (+),equal (=),or other reserved characters in $signature
    $signature = str_replace(\'%7E\',\'~\',rawurlencode($signature));

    $url = \"http://ecs.amazonaws.com/onca/xml?AWSAccessKeyId=\".$AWSAccessKeyId.\"&IdType=ASIN&ItemId=1933988355&Operation=ItemLookup&ResponseGroup=Medium%2COffers&Service=AWSECommerceService&Timestamp=\".gmdate(\'Y-m-d\\TH:i:s\\Z\').\"&Signature=\".$signature;

echo $url;
?>
代码有什么问题? 更新: 我尝试使用相同的时间戳。仍然没有运气。那是示例代码
$method = \"GET\";
$host = \"ecs.amazonaws.\".$region;
$uri = \"/onca/xml\";

// additional parameters
$params[\"Service\"] = \"AWSECommerceService\";
$params[\"AWSAccessKeyId\"] = $public_key;
// GMT timestamp
$params[\"Timestamp\"] = gmdate(\"Y-m-d\\TH:i:s\\Z\");
// API version
$params[\"Version\"] = \"2009-03-31\";

// sort the parameters
ksort($params);

// create the canonicalized query
$canonicalized_query = array();
foreach ($params as $param=>$value)
{
    $param = str_replace(\"%7E\",\"~\",rawurlencode($param));
    $value = str_replace(\"%7E\",rawurlencode($value));
    $canonicalized_query[] = $param.\"=\".$value;
}
$canonicalized_query = implode(\"&\",$canonicalized_query);

// create the string to sign
$string_to_sign = $method.\"\\n\".$host.\"\\n\".$uri.\"\\n\".$canonicalized_query;

// calculate HMAC with SHA256 and base64-encoding
$signature = base64_encode(hash_hmac(\"sha256\",$private_key,True));

// encode the signature for the request
$signature = str_replace(\"%7E\",rawurlencode($signature));
    

解决方法

        从时间戳创建一个变量以在$ string_to_sign和url-parameter中使用它,否则可能会发生两个时间戳不同的情况。要提供更多帮助,您需要显示$ string_to_sign的创建。 此外:Timestamp参数也需要使用Urlencoded。 也许这对您有用:http://mierendo.com/software/aws_signed_query/     ,        请求的“签名”包括请求的“操作”参数和时间戳。这是一个可以创建签名的函数: 
function createSignature($operation,$timestamp){
    $the_string=$operation.$timestamp;
    return base64_encode(hash_hmac(\"sha256\",$the_string,$this->secret_key,true));
}
您在请求中发送的时间戳应该与传递给createSignature函数的时间戳相同。换句话说,不要两次生成时间戳。将其保存到变量,然后将其用于两个变量。 另外,这是我创建的一个PHP类,以简化向API发出请求的过程: https://github.com/traviswimer/AmazonProductAPI_SOAPer/blob/master/AmazonApi.php     
apiapisignaturedoesnotmatch亚马逊亚马逊产品产品产品返回返回返回