IncompleteSignatureException in every call I do to sellingpartnerapi-na.amazon.com/ endpoint


#1

https://sellingpartnerapi-na.amazon.com/listings/2021-08-01/items/AO8RMAROPG74T/8M-L2M9-QV90?marketplaceId=censored

Example API call is above. Where it returns 8M-L2M9-QV90 SKU in a marketplaceID, you can try it by yourself changing the sku and ID. I am using OAuth 2 library in GoLang, and I am creating the header tokens like this:

`AccessToken: tokens.AccessToken, RefreshToken: tokens.RefreshToken, TokenType: "Bearer", Expiry: expiration`

So I supply AccessToken,RefreshToken,TokenType along with the API call, Expiry is just something that package uses.
Then I setup client and GET request.

tokensource := oauth2.StaticTokenSource(&tokensource_raw)
	fmt.Println(tokensource.Token())
	oauthclient := oauth2.NewClient(oauth2.NoContext, tokensource)
	resp, err := oauthclient.Get(url)

Where tokensource_raw is the second string I mentioned above, that contains all tokens. TokenSource is created, and given to the http client. URL is the first string I gave as an example. So everything is settled down, assuring tokens are correct too.

When I do the call output is like this;
&{403 Forbidden 403 HTTP/2.0 2 0 map[Content-Length:[875] Content-Type:[application/json] Date:[Tue, 12 Jul 2022 13:12:46 GMT] X-Amz-Apigw-Id:[VJ70SE_loAMF59w=] X-Amzn-Errortype:[IncompleteSignatureException] X-Amzn-Requestid:[e601820e-f5b3-42d8-8bc5-ce558c1913b2]] {0xc000184480} 875 [] false false map[] 0xc0000d8100 0xc000158420}

It shoots Error 403, where RefreshToken and AccessToken is valid (Tested on PostMan seperately) with IncompleteSignatureException where I couldnt find any results on the internet.

I swear, this is the most rocket science authentication system I ever seen and need help.

Edit: Reason I am so sure tokens are right is:

form.Add(“grant_type”, “refresh_token”)
form.Add(“refresh_token”, refresh_tok)
form.Add(“client_id”, clientid)
form.Add(“client_secret”, clientsecret)

This is post form that I am using, and I am getting access token right from https://api.amazon.com/auth/o2/token with the post form above.


#2

Another comment as a bump because cant even edit the main thread,

req.Header.Add("User-Agent", "three-legged-workhorse/1.0 (Language=Go); Platform=Windows/10")

Added User-Agent too to the headers as it is described, now I supply User-Agent, refresh token, authentication token but I still get IncompleteSignatureException. Even the error codes wasnt needed to be some sort of rocket science.


#3

I’ve tested this and it works just fine. You may have an issue with your code. I would suggest you first try and make these calls via postman first to ensure you have to correct credentials. Then you will be able to better troubleshoot the issue.