1. 前提概要
1.1. 如果打算使用 SDK 的,可跳过这一章
1.2. 本章作了解就可以了。具体 demo 参考下一章【Reports 模块】
1.3. 每个 HTTP 请求都需要将 Authorization 放在 Headers 中
2. Authorization 介绍
官方文档
https://github.com/amzn/selling-partner-api-docs/blob/main/guides/en-US/developer-guide/SellingPartnerApiDeveloperGuide.md#step-4-create-and-sign-your-request
Python 版本完整案例
Examples of the complete Signature Version 4 signing process (Python).
你有两种方式可以添加 Authorization(具体内容查询官方文档)(仅针对SP-API而言)
Authorization header
Query string
3. 拼接 Authorization
下面部分是所有 AWS 的签名方式。
Task 1: Create a canonical request for Signature Version 4
将请求的内容(主机、操作、标头等)组织为标准(规范)格式。规范请求是用于创建待签字符串的输入之一。
demo
CanonicalRequest =
HTTPRequestMethod + '\n' +
CanonicalURI + '\n' +
CanonicalQueryString + '\n' +
CanonicalHeaders + '\n' +
SignedHeaders + '\n' +
HexEncode(Hash(RequestPayload))
Hash 表示生成消息摘要的函数,通常是 SHA-256。(在该过程稍后的阶段中,您将指定要使用的哈希算法。)
HexEncode 表示以小写字母形式返回摘要的 base-16 编码的函数。
Task 2: Create a string to sign for Signature Version 4
使用规范请求和额外信息(例如算法、请求日期、凭证范围和规范请求的摘要(哈希))创建待签字符串。
Credential
| Dimension | Description | Example |
|---|---|---|
| Date | An eight-digit string representing the year (YYYY), month (MM), and day (DD) of the request.日期相关格式问题:处理签名版本 4 中的日期 | 20190430 |
| AWS region | The region you are sending the request to. See Selling Partner API endpoints. | us-east-1 |
| Service | The service you are requesting. You can find this value in the endpoint. See Selling Partner API endpoints. | execute-api |
| Termination string | A special termination string. For AWS Signature Version 4, the value is aws4_request | aws4_request |
example
20201022/us-east-1/https://sellingpartnerapi-na.amazon.com/aws4_request
简而言之,这几个货都是小写的。
Task 3: Calculate the signature for AWS Signature Version 4
使用 AWS 秘密访问密钥作为初始哈希操作的密钥,对请求日期、区域和服务执行一系列加密哈希操作(HMAC 操作),从而派生签名密钥。在派生签名密钥后,通过对待签字符串执行加密哈希操作来计算签名。使用派生的签名密钥作为此操作的哈希密钥。
Signature
官方文档
https://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html
各版本的签名代码(Java, C#, Python, Ruby, and JavaScript)
Examples of how to derive a signing key for Signature Version 4.常见签名异常
https://docs.aws.amazon.com/general/latest/gr/signature-v4-troubleshooting.html
官方测试 demo
key = 'wJalrXUtnFEMI/K7MDENG+bPxRfiCYEXAMPLEKEY'
dateStamp = '20120215'
regionName = 'us-east-1'
serviceName = 'iam'您的程序将为 getSignatureKey 中的值生成以下值。请注意,这些值是二进制数据的十六进制编码表示形式;密钥本身和中间值应该是二进制格式。
kSecret = '41575334774a616c725855746e46454d492f4b374d44454e472b62507852666943594558414d504c454b4559'
kDate = '969fbb94feb542b71ede6f87fe4d5fa29c789342b0f407474670f0c2489e0a0d'
kRegion = '69daa0209cd9c5ff5c8ced464a696fd4252e981430b10e3d3fd8e2f197d7a70c'
kService = 'f72cfd46f26bc4643f06a11eabb6c0ba18780c19a8da0c31ace671265e3c87fa'
kSigning = 'f4780e2d9f65fa895f9c67b32ce1baf0b0d8a43505a000a1a9e090d414db404d'
Task 4: Add the signature to the HTTP request
| Component | Description |
|---|---|
| The algorithm used for signing | The hash algorithm used throughout the signing process. The Selling Partner API requires SHA-256. You specify this in Step 4. Create and sign your request. AWS4-HMAC-SHA256 |
| Credential | Your AWS access key ID plus the Credential scope. You get your AWS access key ID in Step 2. Create an IAM user. user access key ID + Credential |
| SignedHeaders | A list of all the HTTP headers that you included with the signed request. For an example, see Step 3. Add headers to the URI. |
| Signature | The signature calculated in Step 4. Create and sign your request. Signature |
example
Authorization: AWS4-HMAC-SHA256 Credential={USER_IAM}/{Credential}, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date, Signature={Signature}
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIHV6HIXXXXXXX/20201022/us-east-1/https://sellingpartnerapi-na.amazon.com/aws4_request, SignedHeaders=host;user-agent;x-amz-access-token;x-amz-date, Signature=5d672d79c15b13162d9279b0855cfba6789a8edb4c82c400e06b5924aEXAMPLE
完整 Authorization 代码
Examples: Signature Calculations in AWS Signature Version 4
总结
版权声明:本文为CSDN博主「XERXES SEVEN」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/Xerxes_Seven/article/details/116053028
