Signature does not match with Amazon MWS script

I’m writing a classic ASP script to send a HTTP Post request to the Amazon MWS. After running the script, I’m receiving the below SignatureDoesNotMatch error message.

I’ve constructed a query string for the request with the query parameters being URL Encoded. The query string is signed with the Secret Key. The result is converted to base64.
The signature is URL Encoded and then added to the end of the query string.

SignatureDoesNotMatch
The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details

Query String

POST
mws.amazonservices.com
/Feeds/2009-01-01
AWSAccessKeyId=##AccessKey##&Action=GetFeedSubmissionResult&FeedSubmissionId=73646017602&MWSAuthToken=##AuthToken##&Marketplace=A1F83G8C2ARO7P&SignatureMethod=HmacSHA256&SignatureVersion=2&&Timestamp=2018-03-14T16%3A21%3A19Z&&Version=2009-01-01

Signed query string

AWSAccessKeyId=##AccessKey##&Action=GetFeedSubmissionResult&FeedSubmissionId=73646017602&MWSAuthToken=##AuthToken##&Marketplace=A1F83G8C2ARO7P&SignatureMethod=HmacSHA256&SignatureVersion=2&&Timestamp=2018-03-14T16%3A21%3A19Z&&Version=2009-01-01&Signature=##SIGNATURE##

CLASSIC ASP SCRIPT

dim query, objHttp, sQuerystring
dim date1, time1, TimeStamp, UnsignedString
dim StringToSign, signature, secretkey

’ Setup HmacSHA256
’ ### be sure to have sha256.wsc in the same folder as this script

dim sha256
set sha256 = GetObject( “script:” & Server.MapPath(“sha256.wsc”) )
sha256.hexcase = 0

’ Get date

date1 = year(now) & “-” & right(“00” & month(now),2) & “-” & right(“00” & day(now),2)
time1 = right(“00” & hour(time),2) & “:” & right(“00” & minute(time),2) & “:” & right(“00” & second(time),2)
TimeStamp = date1 & “T” & time1 & “Z” ’ yyyy-MM-ddTHH:mm:ss.sssZ (for UTC)
TimeStamp = replace(TimeStamp,“:”,“%3A”) ’ encodes the colons

’ Prepares query for the sign

UnsignedString = UnsignedString & “AWSAccessKeyId=##AccessKey##” & “&” ’ sort by lexicographic byte order
UnsignedString = UnsignedString & “Action=GetFeedSubmissionResult” & “&”
UnsignedString = UnsignedString & “FeedSubmissionId=73646017602” & “&”
UnsignedString = UnsignedString & “MWSAuthToken=##AuthToken##” & “&”
UnsignedString = UnsignedString & “Marketplace=A1F83G8C2ARO7P” & “&”
UnsignedString = UnsignedString & “SignatureMethod=HmacSHA256” & “&”
UnsignedString = UnsignedString & “SignatureVersion=2” & “&”
UnsignedString = UnsignedString & “&Timestamp=” & TimeStamp & “&”
UnsignedString = UnsignedString & “&Version=2009-01-01” ’ The version of the API

UnsignedString = replace(UnsignedString,“/”,“%2F”) ’ Only url encode the parameter name and values but not the & and = in the query string

’ Prepares the header for the sign

StringToSign = “POST” & vbCrLf ’ do not url encode the header
StringToSign = StringToSign & “mws.amazonservices.com ” & vbCrLf
StringToSign = StringToSign & “/Feeds/2009-01-01” & vbCrLf
StringToSign = StringToSign & UnsignedString

’ Signs the signature

secretkey = ##SECRETKEY##
signature = sha256.b64_hmac_sha256(secretkey,StringToSign) ’ converts to HmacSHA256 and then converts to base64

’ URL Encode signature after converting to base64

signature = replace(signature,“=”,“%3D”) ’ Equal sign is %3D
signature = replace(signature,“+”,“%2B”) ’ Plus sign is %2B
signature = replace(signature,“/”,“%2F”) ’ Plus sign is %2B

’ Send the HTTP Post request

query = UnsignedString & “&Signature=” & signature ’ The query must not be byte sorted when adding signature to the end

set objHttp = Server.CreateObject(“Msxml2.ServerXMLHTTP”)
objHttp.open “POST”, “https://mws.amazonservices.com/Feeds/2009-01-01” , false
objHttp.setrequestHeader “Host”, “https://mws.amazonservices.com
objHttp.setrequestHeader “x-amazon-user-agent”, “Amazon MWS API (Language=VB Script)”
objHttp.setrequestHeader “Content-type”, “application/x-www-form-urlencoded; charset=utf-8”
objHttp.Send query

sQuerystring = objHttp.responseText
response.write(sQuerystring)

f.close
set f=nothing
set fs=nothing

Function Base64Encode(sText)
Dim oXML, oNode

Set oXML = CreateObject("Msxml2.DOMDocument.3.0")
Set oNode = oXML.CreateElement("base64")
oNode.dataType = "bin.base64"
oNode.nodeTypedValue =Stream_StringToBinary(sText)
Base64Encode = oNode.text
Set oNode = Nothing
Set oXML = Nothing

End Function

'Stream_StringToBinary Function
'2003 Antonin Foller, http://www.motobit.com
'Text - string parameter To convert To binary data
Function Stream_StringToBinary(Text)
Const adTypeText = 2
Const adTypeBinary = 1

'Create Stream object
Dim BinaryStream 'As New Stream
Set BinaryStream = CreateObject("ADODB.Stream")

'Specify stream type - we want To save text/string data.
BinaryStream.Type = adTypeText

'Specify charset For the source text (unicode) data.
BinaryStream.CharSet = "us-ascii"

'Open the stream And write text/string data To the object
BinaryStream.Open
BinaryStream.WriteText Text

'Change stream type To binary
BinaryStream.Position = 0
BinaryStream.Type = adTypeBinary

'Ignore first two bytes - sign of
BinaryStream.Position = 0

'Open the stream And get binary data from the object
Stream_StringToBinary = BinaryStream.Read

Set BinaryStream = Nothing

End Function

Hello,

The “SignatureDoesNotMatch” error typically occurs when the signature calculated in your script does not match the signature provided in the request. Here are a few suggestions to help you troubleshoot and resolve the issue:

  1. Ensure that the Secret Access Key used in your script is correct. Double-check that there are no extra spaces or special characters that might be affecting the key.
  2. Verify that the signing method used in your script matches the one expected by the Amazon MWS API. In your case, the signature method should be “HmacSHA256” according to the provided script.
  3. Make sure that the query parameters used in the construction of the UnsignedString match the parameters required by the API and are in the correct order. Any discrepancy in the parameters or their order can result in a mismatched signature.
  4. Check that the Timestamp in the query string is accurate and formatted correctly. The timestamp should be in the UTC format (yyyy-MM-ddTHH:mm:ss.sssZ) and URL encoded. It’s essential to use the correct timestamp to avoid signature errors.
  5. Verify that the URL encoding is consistent throughout your script. Ensure that all reserved characters, such as colons, slashes, and equals signs, are properly encoded (%3A for colons, %2F for slashes, %3D for equals signs, etc.).
  6. Confirm that the endpoint URL used in the script (https://mws.amazonservices.com/Feeds/2009-01-01) is correct for the API operation you are trying to perform. Make sure there are no additional spaces or special characters in the URL.

By carefully reviewing and validating these points, you should be able to identify and resolve the SignatureDoesNotMatch error. Remember to consult the official Amazon MWS documentation for more specific guidance on constructing the request and generating the signature.

If you continue to encounter issues or have further questions, please don’t hesitate to ask.

1 Like