API help please

I’m working on adding Pay By Amazon to a site but have run into a problem. I need to create a signature (http://amazonpayments.s3.amazonaws.com/documents/Inline_Checkout_API_Reference_Guide_UK.pdf page 10) but I’m really stuck in how to actually do that. I’ve read so many pdf’s on how to create a signature but none of them seem to be any help. So far I’ve tried pasting this into the browser

but all I got was **<UnknownOperationException/>**

I also tried Amazon scratchpad but it didn’t have any options for ‘payments’, ‘purchase contract’ or ‘SetPurchaseItems’

I’d be extremely grateful if anybody could help me with this please as I’m now at a lose at to how to do this.

If it helps the full code for sending the order to amazon is:

[code]


<?php foreach( $order_line as $key=>$value ) { ?> <?php if( count( $value['detail'] ) ) { ?> <?php if( is_array( $product_detail ) ) { foreach( $product_detail as $key2=>$value2 ) { if( isset( $value['detail'][$key2] ) ) { ?> <?php } } ?> " /> <?php } } } ?> [/code]

Well for starters you should use an up-to-date API document, because the one you’re using is giving you invalid operation names.

Integration
Off-Amazon Pay API Reference

I’ve had a look at that and am still lost, I’ve got this from following it a bit:

Action=SetPurchaseItem
SignatureMethod=HmacSHA256
PurchaseContractId=amzn1.contract.1.1.2.b9173045932801221f107a83429e5a69
AWSAccessKeyId=AWS_ACCESS_KEY_ID
SignatureSignature=SECRET_ACCESS_KEY
SignatureVersion=2
Version=2010-08-31
Timestamp=2010-08-31T11:45:50.582Z

Although I’m guessing I don’t need the SignatureSignature part of it?

Where in that API documentation did you find an action named SetPurchaseItem?

That was on page 14 of this: http://amazonpayments.s3.amazonaws.com/documents/Inline_Checkout_Implementation_Guide_UK.pdf which I got from the Seller Central when I was creating the address and wallet widgets

So… I told you that document is out of date.

I gave you the link to the new documentation.

I cannot help you if you continue to use out of date information.

I’m sorry I clicked on the wrong link and was still reading from the old document although are those new documents relevant to the UK? I can’t seem to see where it says the endpoint url for the UK

Sorry to be a pain but it’s Checkout by Amazon I’m using and in that documentation (http://docs.developer.amazonservices.com/en_US/off_amazon_payments/OffAmazonPayments_Overview.html) it says you can’t use it with that

So, here’s the website.

The references i can find via google say the signature of the cart is a HMAC hashing of the concatenated,urlencoded,querystringformatted contents of the cart with the SHA1 algorithm, base64 encoded.

So [FPHP]base64_encode[/FPHP] the string generated by [FPHP]hash_hmac[/FPHP] using the algorithm sha1 and your key.

I’m sorry but I still don’t quite understand how to do this. I’ve made a lot of progress but now keep getting a MalformedQueryString error. I’ve included the code for the ‘place order’ button as well as the error I’m getting.

[code]<form action=“https://payments-sandbox.amazon.co.uk/cba/api/purchasecontract/?AWSAccessKeyId=AWSKEYCODE&Action=SetPurchaseItems&PurchaseContractId=<?php echo $_GET['purchaseContractId']; ?>&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=<?php echo gmdate("Y-m-d\TH:i:s", time()); ?>&Version=2010-08-31&Signature=<?php echo base64_encode(hash_hmac('SHA256','SECRETKEYCODE','secret')); ?>” method=“post”>

<?php $counter = 1; foreach( $order_line as $key=>$value ) { ?> " /> <?php if( count( $value['detail'] ) ) { ?> <?php if( is_array( $product_detail ) ) { foreach( $product_detail as $key2=>$value2 ) { if( isset( $value['detail'][$key2] ) ) { ?> <?php } } ?> <?php } } $counter++; } ?> [/code]

Error:

[quote]SenderMalformedQueryStringAWSAccessKeyId= AWSKEYCODE&Action=SetPurchaseItems&PurchaseContractId=amzn1.contract.1.1.1.f8edab0979ddeca91a83eedecfaa4259&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2014-11-11T12:34:37&Version=2010-08-31&Signature=NWI5MWI1NWI0MzkzODAwMTlkOTFlOGI1ODAwMGYxYTk1MWZmZGQ3ZDA4M2IzMTI2Y2Y5YmU4ZmUxOGU2YTllYQ==&PurchaseItems.PurchaseItem.1.FulfillmentNetwork=MERCHANT&PurchaseItems.PurchaseItem.1.MerchantId=MERCHANTIDCODE&PurchaseItems.PurchaseItem.1.MerchantItemId=32&PurchaseItems.PurchaseItem.1.Title=LA+Whey+Gold+2.2kg&PurchaseItems.PurchaseItem.1.Quantity=1&PurchaseItems.PurchaseItem.1.UnitPrice.Amount=59.99&PurchaseItems.PurchaseItem.1.UnitPrice.CurrencyCode=GBP&PurchaseItems.PurchaseItem.1.Description=Option%3A+Banana&DeliveryMethod.ServiceLevel=None&DeliveryMethod.DisplayableShippingLabel=14.5%3D%3D20%3D%3D2&Shipping.Amount=14.50&Shipping.CurrencyCode=GBP is not valid; the value of a query string parameter may not contain a ‘=’ delimiter1e25fd55-699f-11e4-9d1b-55ab79da9df4
[/quote]

My instinct tells me your problem is here:
DeliveryMethod.DisplayableShippingLabel=14.5%3D%3D20%3D%3D2
%3D is the URLEncoding for the equals sign.

I removed that, but am still getting the same error. I think that the problem may be with the signature that’s generated. This is what’s generated Signature=NWI5MWI1NWI0MzkzODAwMTlkOTFlOGI1ODAwMGYxYTk1MWZmZGQ3ZDA4M2IzMTI2Y2Y5YmU4ZmUxOGU2YTllYQ==

I created that using this:

Signature=<?php echo base64_encode(hash_hmac('SHA256','SECERTKEYCODE','secret')); ?>

If I remove the base64 encoding then I get this error The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method although the signature doesn’t have the two ‘==’ in it this time

And when you remove the == at the end?

If I remove it then I get the same error as before SignatureDoesNotMatch saying The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method

I’m really stuck with this and don’t know who to move forward, everything else is working it’s just this

Just to make sure… you did put your ACTUAL secret key from the amazon site into your code where you’ve got “SECRETKEYCODE”, right?

Yep I did do that :slight_smile:

Try wrapping urlencode() around base64_encode() for Signature. The error is saying that = signs aren’t permitted in values. If those last two == are converted to %3D than that might be the fix.

Thanks, unfortunately that didn’t work. Just go the same ‘SignatureDoesNotMatch’ error :frowning:

Ok then what @StarLion mentioned before could be it. The Shipping Label has this value if you urldecode() it: 14.5==20==2. Try a value that wouldn’t have equal signs in it.