Skip to Content
avatar image
Former Member

Wrong SHA256 signature for API Amazon MWS


This is the first time I'm asking a question, so please forgive me if I am doing something wrong. :-)

My problem is that I can't get the right signature string to authenticate a query to an Amazon MWS API (not Amazon AWS).

According to the Amazon site I have to create the query-string and then create a signature according to SHA256, but I don't get the same results as Amazon gives on its Scratchpad.

Can someone please tell me what I'm doing wrong?

Thanks in advance.

Below are parts of the relevant code I used:

Creating the query:

METHOD create_query_listorders.

  DATA: lv_timestamp_c TYPE string,
        lv_created_after_c TYPE string,
        lv_line_break TYPE string.

  lv_line_break = cl_abap_char_utilities=>newline. " '\n'.

  CONCATENATE sy-datum(4) '-' sy-datum+4(2) '-' sy-datum+6(2)
             'T' sy-uzeit(2) ':' sy-uzeit+2(2) ':' sy-uzeit+4(2) 'Z'
              INTO lv_timestamp_c.
  lv_timestamp_c = cl_http_utility=>if_http_utility~escape_url( lv_timestamp_c ).
  TRANSLATE lv_timestamp_c TO UPPER CASE.

  CONCATENATE "iv_from_date(4) '-' iv_from_date+4(2) '-' iv_from_date+6(2)
              'T22:00:00Z' INTO lv_created_after_c.
  lv_created_after_c = cl_http_utility=>if_http_utility~escape_url( lv_created_after_c ).
  TRANSLATE lv_created_after_c TO UPPER CASE.

* Now create the actual string according to Amazon specifications
  iv_method             lv_line_break     "POST
  iv_host               lv_line_break     "
  '/Orders/2013-09-01'  lv_line_break
  'AWSAccessKeyId=' iv_access_key_id
  '&CreatedAfter=' lv_created_after_c
  '&MWSAuthToken=' iv_mwsauthtoken
  '&MarketplaceId.Id.1=' iv_marketplace
  '&SellerId=' iv_seller_id
  '&Timestamp=' lv_timestamp_c
  INTO ev_query_string.

  CALL METHOD zcl_amazon_http=>create_signature
      cv_request_string = ev_query_string.


Creating the signature:

METHOD create_signature.

  DATA: lv_secret      TYPE string, 
        lv_secret_x    TYPE xstring,
        lv_static_text TYPE string VALUE '&Signature=',
        lv_algorithm   TYPE string VALUE 'SHA256',
        lv_signature_string TYPE string.

* Convert to Xstring
      lv_secret = iv_secret_key.
      lv_secret_x = cl_abap_hmac=>string_to_xstring( lv_secret ).
    CATCH cx_abap_message_digest .

* Create the signature with the key and the request string
             if_algorithm = lv_algorithm
             if_key       = lv_secret_x
             if_data      = cv_request_string
             ef_hmacstring    = lv_signature_string  "Just for checking
             ef_hmacb64string = ev_signature
    CATCH cx_abap_message_digest. "
      CLEAR ev_signature.

  ev_signature = cl_http_utility=>if_http_utility~escape_url( ev_signature ).

* Add the signature to the request string
    cv_request_string   "The original string
    lv_static_text      "plus the word "Signature="
    ev_signature        "plus the created signature
    INTO cv_request_string.

Add comment
10|10000 characters needed characters exceeded

  • Former Member

    Hi Leo,

    i want to consume API Google DFP and like you i needed a SHA256 for authentication, now it work, good.

    How do you consume your web service ? via proxy ? In this case, how do you authenticate with Amazon, how do you pass this certificate to him ?


  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Nov 02, 2016 at 01:23 PM

    I have already solved the problem.

    The program was correct, but there were unwanted characters in the query-string.

    Add comment
    10|10000 characters needed characters exceeded