Changes to Amazon API
barrysampson - July 23, 2009 - 17:37
| Project: | Amazon associate tools |
| Version: | 5.x-1.6 |
| Component: | Code |
| Category: | task |
| Priority: | critical |
| Assigned: | Unassigned |
| Status: | reviewed & tested by the community |
Description
I received an email from Amazon today, explaining that they are changing the way their API works. The relevant part is this:
"We wanted to let you know that all Product Advertising API developers will be required to authenticate all calls to the Product Advertising API using request signatures by August 15, 2009. Calls to the Product Advertising API that are not signed will not be processed after August 15, 2009."
Is this something that is going to need to be updated in this module?
Thx
Barry
#1
I would like to know the answer to this as well. The documentation on Amazon is a little unclear on how to accomplish this. I'll look into it as best as I can....
#2
-deleted-
-ignore this patch file-
#3
-deleted-
#4
#5
Ok, now I appear to have it - even if it is a little bit of a hack.
I've attached two patch files - one for amazon.module and the other for amazon.php5.inc to get AWS authenticated requests working.
Two caveats (well 3, this is a little bit of a hack) - I've hardcoded the locale for the US as I didn't take the time to properly adjust for different locales, and this will only work for php 5, as I didn't clean up any of the php4 functions.
These are patched from a slightly hacked 1.5 version so YMMV with applying these, but all the code is there. I would guess the php5.inc would apply fine and the amazon.module should as well, but it may complain about some line differences....
Anyhow, apply these patches, then go to the module setup - add your aws public and secret keys and all should be well.
For this to be rolled into a release, it would need some error checking, the locale properly set, and perhaps some other mild cleaning, but it does work so far as my testing has shown. Should you have any problems, feel free to ask.
#6
Hi Chad,
thanks for the patch; it applies cleanly to my 5.x-1.6 installations.
> Two caveats (well 3, this is a little bit of a hack) - I've hardcoded the locale for the US as I didn't take the time to properly
> adjust for different locales [...]
I'm not sure, what this exactly means for non-US sites. Even if the module is configured to "DE" at ./admin/settings/amazon, it seems to no longer accept products with ASINs from amazon.de (e.g. for German books; error message: "Nicht im Katalog von Amazon: %asin existiert nicht"); generic ASINs (e.g. for hardware) seem to be accepted, however prices are outputted in USD, and the links are pointing to amazon.com (resulting in invalid referrals).
Basically the patch seems to break non-US installations of the "Amazontools" module completely: Neither new nodes can be created, nor can existing amazon nodes be edited. I've no idea yet if this affects existing products in the Drupal database (I hope it's not changing all link targets...)
Maybe you could give advice what we have to hack to get the correct locale back?
Thanks & greetings, -asb
#7
Having the same problem here with Amazon.de
Working with Drupal 5 and PHP 4.
Any advice welcomed. Will dig my self into the code, but looks complicated....
eric
#8
Yeah, I'm sorry I couldn't do a better job for all the countries. However, I believe all you have to change is the following $host line in the .inc file:
// Additional Parameters
+ $method = "GET";
+ $host = "ecs.amazonaws.com";
+ $uri = "/onca/xml";
$host would be whatever it needs to be for de - ecs.amazonaws.de?
#9
Thanks Chad,
it worked. Could it even appy to PHP4 version with the hash_mac-hack, found here.
http://www.a2sdeveloper.com/page-rest-authentication-for-php4.html
Thanks
ek
#10
Hi Chad,
thank you very much, changing the mentioned line manually makes "Amazontools" operable again; Amazon nodes can be created and edited again.
If someone is able to roll an enhanced patch we should make a 5.x-1.7 release since version 5.x-1.6 is as of August 15th completely useless...
Thanks to all helping out to keep this module alive!
Greetings, -asb
#11
I'll try to do this, as time permits. Most of the code would be fine, it's just where I hardcoded the host variable to avoid having to strip off the way it is set within the current module.
It would only be a line or two different.
#12
Thanks a lot for this patch.
It works fine for me with an installation for Amazon.fr.
I put
$host = "ecs.amazonaws.fr";instead of$host = "ecs.amazonaws.com";as advised and it's working perfectly.I still have a question. Do I need to do anything to the old links already existing on the website?
Cecile.
#13
No, the existing links should be fine.
#14
Hi,
Thanks this worked for me too!
#15
Sounds like we need it rolled... anyone willing to step up and be rhe person to take on the legacy?
#16
I'd be willing to try to roll a correct release, but I would need cvs access and all of that to do it properly. Not entirely sure where to begin with that as it appears the current maintainer is out of touch...
I'll write him and see if either he will be willing to write a patch or if he can add me as a co-maintainer and I'll do it.
#17
I've tried to contact the maintainer to no avail - so I've put in a request to take over the project - http://drupal.org/node/608868
Assuming they let me in, if anyone else wants to work on a new release or knows of any other patches that should make it in to a new release, please let me know....
#18
Thanks for stepping up!
#19
Sorry that it has taken me SO long to respond! I am getting married, and have been in a steady state of chaos for a few months. I have not had access to my computer, the website, or this email address for this period of time. But Now I am BACK!
I am sure I am going to have problems getting access to my devel account, so it may take some time. Chad_Dupuls, I just got your email, and yes you can take maintainer or co-maintainer of the project. I took over this project awhile ago, as to include and improve a bunch of things. I need to focus my attention on upgrading to D6, so I have little time to improve this module :(
I would love help to maintain it, however I will apply the patch. Is the country patch the better solution, or simply the last PATCH posted?
Thanks
Mike
#20
Congrats on getting married. The patch that is posted works but is a bit of a hack (as it only works for the US unless you modify the code). I'll try to clean it up in the next day or so and post it back so you can make a new release.... I don't really care about maintaining/co-maintaining unless you need the help, I was just trying to get this patch in... so feel free to do with that request as you please. If you want to add me as a maintainer, I'll try to roll a new release myself.....
#21
I can confirm with modifying the code it works in the UK.
#22
Ok, I've attached three patch files for amazon.module, amazon.php5.inc, and the README which could be used to make a new release. These are built off of 1.6 and they check for the locale and set the appropriate url without needing to edit the code. Someone (hopefully more than one), however, should check that these work as I no longer have a working d5 site to test with.
If they are good, feel free to roll a new release with them.
#23
Hi ek,
is this a question or do you have a solution for PHP4?
If so, would you share it?
Danke!
Martin
#24
I didn't do the php4 file - but you could build a similar patch for the php4.inc file using the instructions here - if you look at the patch file above for php5 inc and replace the encryption part with what is on the following amazone page
http://www.a2sdeveloper.com/page-rest-authentication-for-php4.html
it should work. If you cannot figure it out, let me know and I'll try - but not only do I not have a d5 site to test on, I don't have anything with php4 on it either, so it would be better for someone else to build the patch...
#25
I am currently out of the Drupal Development loop. I dont have a test site to apply these too, so I will have to wait a bit till I get my brains together and start back up in Drupal.
I am not going to support PHP4, and will not test for it. If someone disagrees with this decision, and they want to step up and help maintain this project, feel free.
I would love some help maintaining this project. Right now life is more important the Drupal, and I fear that I may not be able to apply this as fast as I would like. I would hate to see people not be able to upgrade!
Thanks
Mike
#26
Chad & Mike, thanks you for your work and for offering help!
I finaly managed it to get proper signed requests in PHP4, was a bit of pain in the ... ;)
The Developer site http://www.a2sdeveloper.com/page-rest-authentication-for-php4.html is not very well maintained, there are some major errors in the code. The function-calls are wrong, and the mentioned library sha256.in.php is not working as expected (maybe only on my system ...)
I found an excellent replacement for the library here:
http://code.google.com/p/redwidow-dna/downloads/list
So I added this code to amazon.php4.inc:
<?php
require_once('hash_sha256.php');
if (!function_exists('hmac'))
{
function hmac($key, $data)
{
$blocksize=64;
if (strlen($key) > $blocksize) $key=pack('H*', SHA256::hash($key));
$key=str_pad($key, $blocksize, chr(0x00));
$ipad=str_repeat(chr(0x36), $blocksize);
$opad=str_repeat(chr(0x5c), $blocksize);
$k_ipad = $key ^ $ipad;
$k_opad = $key ^ $opad;
$hmac = pack('H*', SHA256::hash(($key^$opad) . pack('H*', SHA256::hash(($key^$ipad) . $data))));
return $hmac;
}
}
?>
and extended the function amazon_get_XML():
<?php
function amazon_get_XML($Amazon_Params) {
global $_amazon_search_amazon_shop_URI;
$AmazonXML = '';
$url = amazon_search_RESTURI($Amazon_Params);
// This section handles signing the request.
// Add GMT timestamp - Required for Signing Request
$Amazon_Params["Timestamp"] = gmdate("Y-m-d\TH:i:s\Z");
// Additional Parameters
$method = "GET";
// Find Locale And Then Set Appropriate Host Variable - If Not Set Use US
$_amazon_locale_index = variable_get('amazon_locale','0');
$_amazon_locale_list = array_keys($_amazon_search_amazon_shop_URI);
$locale_amz_set = $_amazon_locale_list[$_amazon_locale_index];
if ($locale_amz_set=="US") $host = "ecs.amazonaws.com";
elseif ($locale_amz_set=="UK") $host = "ecs.amazonaws.co.uk";
elseif ($locale_amz_set=="DE") $host = "ecs.amazonaws.de";
elseif ($locale_amz_set=="JP") $host = "ecs.amazonaws.co.jp";
elseif ($locale_amz_set=="FR") $host = "ecs.amazonaws.fr";
elseif ($locale_amz_set=="CA") $host = "ecs.amazonaws.ca";
else $host = "ecs.amazonaws.com";
$uri = "/onca/xml";
// sort the parameters
ksort($Amazon_Params);
// create the canonicalized query
$canonicalized_query = array();
foreach ($Amazon_Params as $param=>$value) {
$param = str_replace("%7E", "~", rawurlencode($param));
$value = str_replace("%7E", "~", rawurlencode($value));
$canonicalized_query[] = $param."=".$value;
}
$canonicalized_query = implode("&", $canonicalized_query);
// create the string to sign
$string_to_sign = $method."\n".$host."\n".$uri."\n".$canonicalized_query;
// calculate HMAC with SHA256 and base64-encoding
$secret_access_key=variable_get('amazon_aws_secret_access_key',"");
$signature = base64_encode(hmac($secret_access_key, $string_to_sign));
// encode the signature for the request
$signature = str_replace("%7E", "~", rawurlencode($signature));
// create request
$url = "http://".$host.$uri."?".$canonicalized_query."&Signature=".$signature;
// Obviously this will be switched for an equivalent Drupal function
// Nope. drupal_http_request() strips the doctype tag at the start of the XML, making it useless
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HEADER, 0);
ob_start();
curl_exec($ch);
$AmazonXML = ob_get_clean();
curl_close($ch);
return $AmazonXML;
}
?>
@Chad: The localisation part in your amazon.php5.inc is wrong!
The new amazon.php4.inc is attached here, please feel free to use, enhance and improve it.
Martin