Amazon MWS signature issue


I am trying to implement Amazon MWS API. When I call particular URL then I get following error

The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method

I have tried all the possible Stackoverflow solutions and some other but I am unable to fix this issue. Here is my PHP code

$param = array(); $param['AWSAccessKeyId'] = 'AKIAJ76NICWXXXXXXXXX'; $param['Action'] = 'GetReportRequestList'; $param['SellerId'] = 'A4XLZYW8XXXXX'; $param['SignatureMethod'] = 'HmacSHA256'; $param['SignatureVersion'] = '2'; $param['Timestamp'] = gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()); $param['Version'] = '2011-10-01'; $param['MarketplaceId'] = 'A2EUQ1WTGCTBG2'; $url = array(); foreach ($param as $key => $val) { $key = str_replace("%7E", "~", rawurlencode($key)); $val = str_replace("%7E", "~", rawurlencode($val)); $url[] = "{$key}={$val}"; } uksort($url, 'strcmp'); $arr = implode('&', $url); $sign = 'POST' . "\n"; $sign .= 'mws.amazonservices.com' . "\n"; $sign .= $arr; $signature = hash_hmac("sha256", $sign, "+vWJ/hISrN2IyRMnaTHTaXXXXXXXX"); $link = "https://mws.amazonservices.com?"; $link .= $arr . "&Signature=" . urlencode(base64_encode($signature));


Not tested. I modified your code to do the sorting before encoding the parameters and replaced the str_replace/rawurlencode with http_build_query while specifying RFC3986 encoding. Hope this works for you

$param = array(); $param['AWSAccessKeyId'] = 'AKIAJ76NICWXXXXXXXXX'; $param['Action'] = 'GetReportRequestList'; $param['SellerId'] = 'A4XLZYW8XXXXX'; $param['SignatureMethod'] = 'HmacSHA256'; $param['SignatureVersion'] = '2'; $param['Timestamp'] = gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()); $param['Version'] = '2011-10-01'; $param['MarketplaceId'] = 'A2EUQ1WTGCTBG2'; uksort($param, 'strcmp'); $sign = "POST\nmws.amazonservices.com\n/\n" . http_build_query($param, '', '&', PHP_QUERY_RFC3986); $signature = base64_encode(hash_hmac("sha256", $sign, "+vWJ/hISrN2IyRMnaTHTaXXXXXXXX", true)); $param['Signature'] = $signature; $ctx = stream_context_create([ "http" => [ "method" => "POST", "header" => "Content-type: application/x-www-form-urlencoded\r\n\r\n", "content" => http_build_query($param) ] ]); $result = file_get_contents("https://mws.amazonservices.com/?", false, $ctx);

Edit: Here's a <a href="https://images-na.ssl-images-amazon.com/images/G/01/mwsportal/doc/en_US/bde/MWSDeveloperGuide._V384366295_.pdf" rel="nofollow">link</a> to Amazon MWS docs. Page 16 describes the process for signing and explains my modifications.


Here is solution.

$params = array( 'AWSAccessKeyId' => "AKIAJB4PTEUXXXXXX", 'Action' => "GetReportRequestList", 'SellerId' => "A4XLZXXXXXX", 'SignatureMethod' => "HmacSHA256", 'SignatureVersion' => "2", 'Timestamp' => gmdate("Y-m-d\TH:i:s.\\0\\0\\0\\Z", time()), 'Version' => "2009-01-01", 'MarketplaceId' => "ATVPDKIKX0DER", ); // Sort the URL parameters $url_parts = array(); foreach (array_keys($params) as $key) $url_parts[] = $key . "=" . str_replace('%7E', '~', rawurlencode($params[$key])); sort($url_parts); // Construct the string to sign $url_string = implode("&", $url_parts); $string_to_sign = "GET\nmws.amazonservices.com\n/\n" . $url_string; // Sign the request $signature = hash_hmac("sha256", $string_to_sign, "7D/QEUYXrJ/XQYyAAMPgiwTXXXXXX", TRUE); // Base64 encode the signature and make it URL safe $signature = urlencode(base64_encode($signature)); $url = "https://mws.amazonservices.com/" . '?' . $url_string . "&Signature=" . $signature; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 15); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); $response = curl_exec($ch); $parsed_xml = simplexml_load_string($response);


  • Css-grid: Bleed background outside container
  • How to store the name of user logged in?
  • Getting Exception
  • Why node_modules is empty after docker build?
  • Receive Image using socket programming in Python
  • Why is Azure giving me random 500 errors?
  • Simple Microservice framework [closed]
  • Combining isset and is_null fails when checking undefined object property
  • Find the Current Week from Datetime.Now and How to find given Date between current week dates?
  • get_permalink for json_decode not working
  • how to overlay one bitmap to another and save on sdcard
  • How to interact with the Windows applications with GUI?
  • MVC3 globalization issue
  • Cross-platform way of having non-blocking console input
  • Jenkins Composite baseline with ClearCase
  • search the database based on the value selected from database
  • 1and1 htaccess file not working
  • Storyboard iOS MBProgressHUD
  • Multiple custom authentication with spring security
  • How I can specify how rainbow color scheme should be converted to grayscale
  • Django non-rel createsuperuser fails due to non-ascii characters
  • Can't perform CORS request using Angularjs
  • VS2010: Ctrl-PgUp / -PgDown like in browsers
  • Calling a flash ExternalInterface in swiffyobject
  • jQuery Ajax call to WCF service returning “Method not allowed (405)”
  • Ruby regex for matching simpliest Ruby's regexes
  • JavaScript Regex to Match Boundaries of Words with diacritics
  • Android: Unable to detect vertical plane
  • matrix multiplication apache pig
  • Debug `Unexpected end of JSON input Error` on content script
  • Bitrate JWplayer
  • multiple button click in asp.net MVC 3
  • How to use FirstOrDefault inside Include
  • PHP Permalinks.. how to change?
  • media foundation H264 decoder not working properly
  • Running R's aov() mixed effects model from Python using rpy2
  • Access to a Matlab gui from the web