Product Advertising API
Developer Guide (API Version 2011-08-01)
AWS Documentation » Amazon Product Advertising API Docs » Developer Guide » Programming Guide » Requests » Request Authentication » Authenticating REST Requests » Example REST Requests
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Did this page help you?  Yes | No |  Tell us about it...

Example REST Requests

This section shows the steps to sign a request, using sample AWS access identifiers.

If you follow these steps using these identifiers, you will generate the same signature strings in the examples. Although this can help verify your request generation code, you cannot make actual requests with these example requests.

Tip

If you aren't familiar with REST requests, read Anatomy of a REST Request before continuing with this example.

The following is an example of an ItemLookup request:

http://webservices.amazon.com/onca/xml?Service=AWSECommerceServic
e&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Operation=ItemLookup&ItemId
=0679722769&ResponseGroup=ItemAttributes,Offers,Images,Reviews&Ve
rsion=2009-01-06

Steps to Sign the Example Request

  1. Enter the time stamp. For this example, we'll use the UTC time 2009-01-01T12:00:00Z

    http://webservices.amazon.com/onca/xml?Service=AWSECommerceServic
e&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Operation=ItemLookup&ItemId
=0679722769&ResponseGroup=ItemAttributes,Offers,Images,Reviews&Ve
rsion=2009-01-06&Timestamp=2009-01-01T12:00:00Z

  2. URL encode the request's comma (,) and colon (:) characters, so that they don't get misinterpreted. For more information about converting to RFC 3986 specifications, see documentation and code samples for your programming language. 

    http://webservices.amazon.com/onca/xml?Service=AWSECommerceServic
e&AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Operation=ItemLookup&ItemId
=0679722769&ResponseGroup=ItemAttributes%2COffers%2CImages%2CRevi
ews&Version=2009-01-06&Timestamp=2009-01-01T12%3A00%3A00Z

    Important

    Be sure that you do not double-escape any characters.

  3. Split the parameter/value pairs and delete the ampersand characters (&). The linebreaks used in the following example follow Unix convention (ASCII 0A, "line feed" character).

    Service=AWSECommerceService
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
Operation=ItemLookup
ItemId=0679722769
ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews
Version=2009-01-06
Timestamp=2009-01-01T12%3A00%3A00Z

  4. Sort your parameter/value pairs by byte value (not alphabetically, lowercase parameters will be listed after uppercase ones).

    AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
ItemId=0679722769
Operation=ItemLookup
ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews
Service=AWSECommerceService
Timestamp=2009-01-01T12%3A00%3A00Z
Version=2009-01-06

  5. Rejoin the sorted parameter/value list with ampersands. The result is the canonical string that we'll sign:

    AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=I
temLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReview
s&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&
Version=2009-01-06

  6. Prepend the following three lines (with line breaks) before the canonical string:

    GET
webservices.amazon.com
/onca/xml

  7. The string to sign:

    GET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&ItemId=0679722769&Operation=I
temLookup&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReview
s&Service=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&
Version=2009-01-06

  8. Calculate an RFC 2104-compliant HMAC with the SHA256 hash algorithm using the string above with our "dummy" Secret Access Key: 1234567890. For more information about this step, see documentation and code samples for your programming language. 

    M/y0+EAFFGaUAp4bWv/WEuXYah99pVsxvqtAuC8YN7I=

  9. URL encode the plus (+) and equal (=) characters in the signature:

    M%2Fy0%2BEAFFGaUAp4bWv%2FWEuXYah99pVsxvqtAuC8YN7I%3D

  10. Add the URL encoded signature to your request, and the result is a properly-formatted signed request:

    http://webservices.amazon.com/onca/xml?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&ItemId=0679722769&Operation=ItemLookup&ResponseGroup=It
emAttributes%2COffers%2CImages%2CReviews&Service=AWSECommerceServ
ice&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-06&Signatu
re=M%2Fy0%2BEAFFGaUAp4bWv%2FWEuXYah99pVsxvqtAuC8YN7I%3D

Examples of Other Signed Requests

The previous section went through a detailed process for signing an ItemLookup request. This section presents examples of unsigned requests, the string to sign generated from them, and the final signed request. These examples can make excellent test cases for your software. All examples use the "dummy" AWS access identifiers used earlier in the Steps to Sign the Example Request.

ItemSearch Examples

The following examples show the ItemSearch request without a signature, with the string to sign, and the signed request.

Original Unsigned Request

http://ecs.amazonaws.co.uk/onca/xml?Service=AWSECommerceService&A
WSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Operation=ItemSearch&Actor=Joh
nny%20Depp&ResponseGroup=ItemAttributes,Offers,Images,Reviews,Var
iations&Version=2009-01-01&SearchIndex=DVD&Sort=salesrank&Associa
teTag=mytag-20

String to Sign

GET
ecs.amazonaws.co.uk
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&Actor=Johnny%20Depp&Associate
Tag=mytag-20&Operation=ItemSearch&ResponseGroup=ItemAttributes%2C
Offers%2CImages%2CReviews%2CVariations&SearchIndex=DVD&Service=AW
SECommerceService&Sort=salesrank&Timestamp=2009-01-01T12%3A00%3A0
0Z&Version=2009-01-01

Signed Request

http://ecs.amazonaws.co.uk/onca/xml?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&Actor=Johnny%20Depp&AssociateTag=mytag-20&Operation=ItemSe
arch&ResponseGroup=ItemAttributes%2COffers%2CImages%2CReviews%2CV
ariations&SearchIndex=DVD&Service=AWSECommerceService&Signature=T
uM6E5L9u%2FuNqOX09ET03BXVmHLVFfJIna5cxXuHxiU%3D&Sort=salesrank&Ti
mestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-01

CartCreate Examples

The following examples show the CartCreate request without a signature, with the string to sign, and the signed request.

Original Unsigned Request

http://webservices.amazon.com/onca/xml?Service=AWSECommerceService&AWS
AccessKeyId=AKIAIOSFODNN7EXAMPLE&Operation=CartCreate&Version=200
9-01-01&Item.1.OfferListingId=j8ejq9wxDfSYWf2OCp6XQGDsVrWhl08GSQ9
m5j%2Be8MS449BN1XGUC3DfU5Zw4nt%2FFBt87cspLow1QXzfvZpvzg%3D%3D&Ite
m.1.Quantity=3&AssociateTag=mytag-20

String to Sign

GET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&AssociateTag=mytag-20&Item.1.
OfferListingId=j8ejq9wxDfSYWf2OCp6XQGDsVrWhl08GSQ9m5j%2Be8MS449BN
1XGUC3DfU5Zw4nt%2FFBt87cspLow1QXzfvZpvzg%3D%3D&Item.1.Quantity=3&
Operation=CartCreate&Service=AWSECommerceService&Timestamp=2009-0
1-01T12%3A00%3A00Z&Version=2009-01-01

Signed Request

http://webservices.amazon.com/onca/xml?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&AssociateTag=mytag-20&Item.1.OfferListingId=j8ejq9wxDfSYWf2O
Cp6XQGDsVrWhl08GSQ9m5j%2Be8MS449BN1XGUC3DfU5Zw4nt%2FFBt87cspLow1Q
XzfvZpvzg%3D%3D&Item.1.Quantity=3&Operation=CartCreate&Service=AW
SECommerceService&Signature=cF3UtjbJb1%2BxDh387C%2FEmS1BCtS%2FZ01
taykBCGemvUU%3D&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-0
1-01

BrowseNodeLookup Examples

The following examples show the BrowseNodeLookup request without a signature, with the string to sign, and the signed request.

Original Unsigned Request

http://webservices.amazon.com/onca/xml?Service=AWSECommerceService&AWS
AccessKeyId=AKIAIOSFODNN7EXAMPLE&Operation=BrowseNodeLookup&Versi
on=2009-01-01&BrowseNodeId=465600&AssociateTag=mytag-20&ResponseG
roup=BrowseNodeInfo,TopSellers,NewReleases,MostWishedFor,MostGift
ed

String to Sign

GET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE&AssociateTag=mytag-20&BrowseN
odeId=465600&Operation=BrowseNodeLookup&ResponseGroup=BrowseNodeI
nfo%2CTopSellers%2CNewReleases%2CMostWishedFor%2CMostGifted&Servi
ce=AWSECommerceService&Timestamp=2009-01-01T12%3A00%3A00Z&Version
=2009-01-01

Signed Request

http://webservices.amazon.com/onca/xml?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&AssociateTag=mytag-20&BrowseNodeId=465600&Operation=BrowseNo
deLookup&ResponseGroup=BrowseNodeInfo%2CTopSellers%2CNewReleases%
2CMostWishedFor%2CMostGifted&Service=AWSECommerceService&Signatur
e=kEXxAIqhh6eBhLhrVMz2gt3ocMaH%2FOBVPbjvc9TG8ao%3D&Timestamp=2009
-01-01T12%3A00%3A00Z&Version=2009-01-01

SimilarityLookup Examples

The following examples show the SimilarityLookup request without a signature, with the string to sign, and the signed request.

Original Unsigned Request

http://webservices.amazon.com/onca/xml?Service=AWSECommerceService&AWS
AccessKeyId=AKIAIOSFODNN7EXAMPLE&Operation=SimilarityLookup&ItemI
d=B0011ZK6PC,B000NK8EWI&Version=2009-01-01&AssociateTag=mytag-20&
ResponseGroup=Offers,ItemAttributes&SimilarityType=Intersection&C
ondition=New&Merchant=Amazon

String to Sign

GET
webservices.amazon.com
/onca/xml
AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE;&AssociateTag=mytag-20&Conditi
on=New&ItemId=B0011ZK6PC%2CB000NK8EWI&Merchant=Amazon&Operation=S
imilarityLookup&ResponseGroup=Offers%2CItemAttributes&Service=AWS
ECommerceService&SimilarityType=Intersection&Timestamp=2009-01-01
T12%3A00%3A00Z&Version=2009-01-01

Signed Request

http://webservices.amazon.com/onca/xml?AWSAccessKeyId=AKIAIOSFODNN7EXAMPLE
&AssociateTag=mytag-20&Condition=New&ItemId=B0011ZK6PC%2CB000
NK8EWI&Merchant=Amazon&Operation=SimilarityLookup&ResponseGroup=O
ffers%2CItemAttributes&Service=AWSECommerceService&Signature=I2pb
qxuS%2FmZK6Apwz0oLBxJn2wDL5n4kFQhgYWgLM7I%3D&SimilarityType=Inter
section&Timestamp=2009-01-01T12%3A00%3A00Z&Version=2009-01-01
Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...